Oval Definition:	oval:org.opensuse.security:def:52030
Revision Date: 2021-03-24 Version: 1 Title: Security update for nghttp2 (Important) Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Family: unix Class: patch Status: Reference(s): 1079730 1082318 1088639 1098403 1111025 1112438 1117665 1119991 1125689 1130165 1134616 1143794 1144087 1145379 1145427 1145436 1145774 1146182 1146184 1146873 1149811 1152506 1154661 1160398 1169511 1169512 1171352 1173157 1173274 1174117 1174121 1174139 1174955 1175465 1176430 1177155 1177409 1177412 1177413 1177414 1181358 962914 964140 966514 CVE-2010-0624 CVE-2011-0460 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0037 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0547 CVE-2012-1682 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 CVE-2012-3136 CVE-2012-3174 CVE-2012-3216 CVE-2012-4416 CVE-2012-4681 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 CVE-2013-0169 CVE-2013-0401 CVE-2013-0422 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0450 CVE-2013-0809 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1488 CVE-2013-1493 CVE-2013-1500 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1569 CVE-2013-1571 CVE-2013-2383 CVE-2013-2384 CVE-2013-2407 CVE-2013-2412 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2013-6393 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2483 CVE-2014-2490 CVE-2014-2525 CVE-2014-3566 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2014-9112 CVE-2014-9130 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2016-1544 CVE-2016-2037 CVE-2016-2851 CVE-2016-6354 CVE-2017-7853 CVE-2017-8422 CVE-2018-1000168 CVE-2018-12207 CVE-2018-20126 CVE-2019-11135 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-18218 CVE-2019-9511 CVE-2019-9513 CVE-2019-9755 CVE-2020-11080 CVE-2020-13934 CVE-2020-13935 CVE-2020-14422 CVE-2020-15708 CVE-2020-25637 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 SUSE-SU-2019:1001-1 SUSE-SU-2019:2955-1 SUSE-SU-2020:1294-1 SUSE-SU-2020:1569-1 SUSE-SU-2020:1920-1 SUSE-SU-2020:2047-1 SUSE-SU-2020:2970-1 SUSE-SU-2021:0932-1 Platform(s): openSUSE Leap 15.0 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Web Scripting 15 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND libHX28-3.22-lp150.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-31.5.3esr-0.8 is installed OR MozillaFirefox-translations-31.5.3esr-0.8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information flash-player-11.2.202.559-0.32 is installed OR flash-player-gnome-11.2.202.559-0.32 is installed OR flash-player-kde4-11.2.202.559-0.32 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information libraptor2-0-2.0.10-3 is installed OR raptor-2.0.10-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information java-1_7_0-openjdk-1.7.0.91-21 is installed OR java-1_7_0-openjdk-headless-1.7.0.91-21 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND kbd-1.15.5-8.7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information cpio-2.11-35 is installed OR cpio-lang-2.11-35 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information accountsservice-0.6.42-16.3 is installed OR accountsservice-lang-0.6.42-16.3 is installed OR libaccountsservice0-0.6.42-16.3 is installed OR typelib-1_0-AccountsService-1_0-0.6.42-16.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information qemu-3.1.1.1-9.6 is installed OR qemu-arm-3.1.1.1-9.6 is installed OR qemu-audio-alsa-3.1.1.1-9.6 is installed OR qemu-audio-oss-3.1.1.1-9.6 is installed OR qemu-audio-pa-3.1.1.1-9.6 is installed OR qemu-block-dmg-3.1.1.1-9.6 is installed OR qemu-extra-3.1.1.1-9.6 is installed OR qemu-linux-user-3.1.1.1-9.6 is installed OR qemu-ppc-3.1.1.1-9.6 is installed OR qemu-s390-3.1.1.1-9.6 is installed OR qemu-seabios-1.12.0-9.6 is installed OR qemu-sgabios-8-9.6 is installed OR qemu-ui-curses-3.1.1.1-9.6 is installed OR qemu-ui-gtk-3.1.1.1-9.6 is installed OR qemu-x86-3.1.1.1-9.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed AND Package Information libvirt-6.0.0-13.8 is installed OR libvirt-admin-6.0.0-13.8 is installed OR libvirt-bash-completion-6.0.0-13.8 is installed OR libvirt-client-6.0.0-13.8 is installed OR libvirt-daemon-6.0.0-13.8 is installed OR libvirt-daemon-config-network-6.0.0-13.8 is installed OR libvirt-daemon-config-nwfilter-6.0.0-13.8 is installed OR libvirt-daemon-driver-interface-6.0.0-13.8 is installed OR libvirt-daemon-driver-libxl-6.0.0-13.8 is installed OR libvirt-daemon-driver-lxc-6.0.0-13.8 is installed OR libvirt-daemon-driver-network-6.0.0-13.8 is installed OR libvirt-daemon-driver-nodedev-6.0.0-13.8 is installed OR libvirt-daemon-driver-nwfilter-6.0.0-13.8 is installed OR libvirt-daemon-driver-qemu-6.0.0-13.8 is installed OR libvirt-daemon-driver-secret-6.0.0-13.8 is installed OR libvirt-daemon-driver-storage-6.0.0-13.8 is installed OR libvirt-daemon-driver-storage-core-6.0.0-13.8 is installed OR libvirt-daemon-driver-storage-disk-6.0.0-13.8 is installed OR libvirt-daemon-driver-storage-iscsi-6.0.0-13.8 is installed OR libvirt-daemon-driver-storage-logical-6.0.0-13.8 is installed OR libvirt-daemon-driver-storage-mpath-6.0.0-13.8 is installed OR libvirt-daemon-driver-storage-rbd-6.0.0-13.8 is installed OR libvirt-daemon-driver-storage-scsi-6.0.0-13.8 is installed OR libvirt-daemon-hooks-6.0.0-13.8 is installed OR libvirt-daemon-lxc-6.0.0-13.8 is installed OR libvirt-daemon-qemu-6.0.0-13.8 is installed OR libvirt-daemon-xen-6.0.0-13.8 is installed OR libvirt-devel-6.0.0-13.8 is installed OR libvirt-doc-6.0.0-13.8 is installed OR libvirt-lock-sanlock-6.0.0-13.8 is installed OR libvirt-nss-6.0.0-13.8 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed AND Package Information tomcat-9.0.36-3.6 is installed OR tomcat-admin-webapps-9.0.36-3.6 is installed OR tomcat-el-3_0-api-9.0.36-3.6 is installed OR tomcat-jsp-2_3-api-9.0.36-3.6 is installed OR tomcat-lib-9.0.36-3.6 is installed OR tomcat-servlet-4_0-api-9.0.36-3.6 is installed OR tomcat-webapps-9.0.36-3.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND python-requests-2.3.0-6.5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information apache2-2.4.16-20.24 is installed OR apache2-doc-2.4.16-20.24 is installed OR apache2-example-pages-2.4.16-20.24 is installed OR apache2-prefork-2.4.16-20.24 is installed OR apache2-utils-2.4.16-20.24 is installed OR apache2-worker-2.4.16-20.24 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information curl-7.37.0-31 is installed OR libcurl4-7.37.0-31 is installed OR libcurl4-32bit-7.37.0-31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libvirt-2.0.0-27.45 is installed OR libvirt-client-2.0.0-27.45 is installed OR libvirt-daemon-2.0.0-27.45 is installed OR libvirt-daemon-config-network-2.0.0-27.45 is installed OR libvirt-daemon-config-nwfilter-2.0.0-27.45 is installed OR libvirt-daemon-driver-interface-2.0.0-27.45 is installed OR libvirt-daemon-driver-libxl-2.0.0-27.45 is installed OR libvirt-daemon-driver-lxc-2.0.0-27.45 is installed OR libvirt-daemon-driver-network-2.0.0-27.45 is installed OR libvirt-daemon-driver-nodedev-2.0.0-27.45 is installed OR libvirt-daemon-driver-nwfilter-2.0.0-27.45 is installed OR libvirt-daemon-driver-qemu-2.0.0-27.45 is installed OR libvirt-daemon-driver-secret-2.0.0-27.45 is installed OR libvirt-daemon-driver-storage-2.0.0-27.45 is installed OR libvirt-daemon-hooks-2.0.0-27.45 is installed OR libvirt-daemon-lxc-2.0.0-27.45 is installed OR libvirt-daemon-qemu-2.0.0-27.45 is installed OR libvirt-daemon-xen-2.0.0-27.45 is installed OR libvirt-doc-2.0.0-27.45 is installed OR libvirt-lock-sanlock-2.0.0-27.45 is installed OR libvirt-nss-2.0.0-27.45 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_80-default-8-2 is installed OR kgraft-patch-SLE12-SP2_Update_22-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information xen-4.7.5_04-43.33 is installed OR xen-doc-html-4.7.5_04-43.33 is installed OR xen-libs-4.7.5_04-43.33 is installed OR xen-libs-32bit-4.7.5_04-43.33 is installed OR xen-tools-4.7.5_04-43.33 is installed OR xen-tools-domU-4.7.5_04-43.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND ant-1.9.4-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information ghostscript-9.27-23.31 is installed OR ghostscript-x11-9.27-23.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_156-94_64-default-8-2 is installed OR kgraft-patch-SLE12-SP3_Update_20-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND squid-3.5.21-26.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libecpg6-10.6-1.6 is installed OR libpq5-10.6-1.6 is installed OR libpq5-32bit-10.6-1.6 is installed OR postgresql10-10.6-1.6 is installed OR postgresql10-contrib-10.6-1.6 is installed OR postgresql10-docs-10.6-1.6 is installed OR postgresql10-libs-10.6-1.6 is installed OR postgresql10-server-10.6-1.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information glib2-lang-2.48.2-10 is installed OR glib2-tools-2.48.2-10 is installed OR libgio-2_0-0-2.48.2-10 is installed OR libgio-2_0-0-32bit-2.48.2-10 is installed OR libglib-2_0-0-2.48.2-10 is installed OR libglib-2_0-0-32bit-2.48.2-10 is installed OR libgmodule-2_0-0-2.48.2-10 is installed OR libgmodule-2_0-0-32bit-2.48.2-10 is installed OR libgobject-2_0-0-2.48.2-10 is installed OR libgobject-2_0-0-32bit-2.48.2-10 is installed OR libgthread-2_0-0-2.48.2-10 is installed OR libgthread-2_0-0-32bit-2.48.2-10 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information java-1_8_0-openjdk-1.8.0.252-3.35 is installed OR java-1_8_0-openjdk-demo-1.8.0.252-3.35 is installed OR java-1_8_0-openjdk-devel-1.8.0.252-3.35 is installed OR java-1_8_0-openjdk-headless-1.8.0.252-3.35 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND Package Information libnghttp2-14-1.39.2-3.5.1 is installed OR libnghttp2-14-32bit-1.39.2-3.5.1 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND python-ipaddress-1.0.18-3.3 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information libntfs-3g87-2016.2.22-3.3 is installed OR ntfs-3g-2016.2.22-3.3 is installed OR ntfs-3g_ntfsprogs-2016.2.22-3.3 is installed OR ntfsprogs-2016.2.22-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information bind-9.9.9P1-62 is installed OR bind-chrootenv-9.9.9P1-62 is installed OR bind-devel-9.9.9P1-62 is installed OR bind-doc-9.9.9P1-62 is installed OR bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information MozillaFirefox-60.7.0-109.72 is installed OR MozillaFirefox-devel-60.7.0-109.72 is installed OR MozillaFirefox-translations-common-60.7.0-109.72 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information mariadb-10.2.22-4.11 is installed OR mariadb-client-10.2.22-4.11 is installed OR mariadb-errormessages-10.2.22-4.11 is installed OR mariadb-galera-10.2.22-4.11 is installed OR mariadb-tools-10.2.22-4.11 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND Package Information mariadb-10.2.25-3.19 is installed OR mariadb-galera-10.2.25-3.19 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information cups-1.7.5-20.26 is installed OR cups-client-1.7.5-20.26 is installed OR cups-libs-1.7.5-20.26 is installed OR cups-libs-32bit-1.7.5-20.26 is installed
BACK