Oval Definition:oval:org.opensuse.security:def:52497
Revision Date:2020-12-01Version:1
Title:Security update for python-waitress (Moderate)
Description:

This update for python-waitress to 1.4.3 fixes the following security issues:

- CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670).
Family:unixClass:patch
Status:Reference(s):1046540
1050319
1050536
1050540
1051510
1055120
1065600
1066674
1067126
1067906
1076830
1079524
1083647
1084760
1084831
1086283
1086288
1094825
1095805
1099125
1100132
1102881
1103308
1103543
1104731
1105025
1105536
1106105
1106110
1106237
1106240
1106838
1107685
1108241
1108377
1108468
1108828
1108841
1108870
1109151
1109158
1109217
1109330
1109739
1109784
1109806
1109818
1109907
1109911
1109915
1109919
1109951
1110006
1110096
1110538
1110561
1110921
1111028
1111076
1111506
1111806
1111819
1111830
1111834
1111841
1111870
1111901
1111904
1111928
1111983
1112170
1112173
1112208
1112219
1112221
1112246
1112372
1112514
1112554
1112708
1112710
1112711
1112712
1112713
1112731
1112732
1112733
1112734
1112735
1112736
1112738
1112739
1112740
1112741
1112743
1112745
1112746
1112894
1112899
1112902
1112903
1112905
1112906
1112907
1113257
1113284
1160790
1161088
1161089
1161670
1168630
1168874
CVE-2008-4936
CVE-2009-0758
CVE-2010-2244
CVE-2011-1002
CVE-2011-1145
CVE-2011-1145
CVE-2011-1761
CVE-2011-3602
CVE-2013-1983
CVE-2013-1987
CVE-2013-4233
CVE-2013-4234
CVE-2013-6487
CVE-2014-2653
CVE-2014-3775
CVE-2015-5352
CVE-2015-5600
CVE-2015-6563
CVE-2015-6564
CVE-2015-8325
CVE-2016-0777
CVE-2016-0778
CVE-2016-10009
CVE-2016-10010
CVE-2016-10011
CVE-2016-10012
CVE-2016-1908
CVE-2016-3115
CVE-2016-6210
CVE-2016-6515
CVE-2016-8858
CVE-2016-9634
CVE-2016-9635
CVE-2016-9636
CVE-2016-9807
CVE-2016-9808
CVE-2016-9810
CVE-2017-16533
CVE-2017-18224
CVE-2018-0739
CVE-2018-10860
CVE-2018-18386
CVE-2018-18445
CVE-2019-16785
CVE-2019-16786
CVE-2019-16789
CVE-2019-16792
CVE-2020-6819
CVE-2020-6820
CVE-2020-6821
CVE-2020-6822
CVE-2020-6825
SUSE-SU-2018:3589-1
SUSE-SU-2020:1027-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • file-5.32-lp150.5 is installed
  • OR file-magic-5.32-lp150.5 is installed
  • OR libmagic1-5.32-lp150.5 is installed
  • OR libmagic1-32bit-5.32-lp150.5 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • fish3-3.0.0-lp151.2 is installed
  • OR fish3-devel-3.0.0-lp151.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • xorg-x11-devel-7.4-8.26.40 is installed
  • OR xorg-x11-libs-7.4-8.26.40 is installed
  • OR xorg-x11-libs-32bit-7.4-8.26.40 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • lcms2-2.5-0.7 is installed
  • OR liblcms2-2-2.5-0.7 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • avahi-0.6.31-20 is installed
  • OR avahi-lang-0.6.31-20 is installed
  • OR libavahi-client3-0.6.31-20 is installed
  • OR libavahi-client3-32bit-0.6.31-20 is installed
  • OR libavahi-common3-0.6.31-20 is installed
  • OR libavahi-common3-32bit-0.6.31-20 is installed
  • OR libavahi-core7-0.6.31-20 is installed
  • OR libdns_sd-0.6.31-20 is installed
  • OR libdns_sd-32bit-0.6.31-20 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libXfixes3-5.0.1-3 is installed
  • OR libXfixes3-32bit-5.0.1-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libXrender1-0.9.8-3 is installed
  • OR libXrender1-32bit-0.9.8-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • gstreamer-0_10-plugins-good-0.10.31-16 is installed
  • OR gstreamer-0_10-plugins-good-lang-0.10.31-16 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND libgadu3-1.11.4-1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.25 is installed
  • OR reiserfs-kmp-default-4.12.14-25.25 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • python-waitress-1.4.3-3.3 is installed
  • OR python2-waitress-1.4.3-3.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND libmspack0-0.4-10 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_45-default-3-2 is installed
  • OR kgraft-patch-3_12_74-60_64_45-xen-3-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_16-3-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • gstreamer-plugins-base-1.8.3-12 is installed
  • OR gstreamer-plugins-base-lang-1.8.3-12 is installed
  • OR libgstallocators-1_0-0-1.8.3-12 is installed
  • OR libgstapp-1_0-0-1.8.3-12 is installed
  • OR libgstapp-1_0-0-32bit-1.8.3-12 is installed
  • OR libgstaudio-1_0-0-1.8.3-12 is installed
  • OR libgstaudio-1_0-0-32bit-1.8.3-12 is installed
  • OR libgstfft-1_0-0-1.8.3-12 is installed
  • OR libgstpbutils-1_0-0-1.8.3-12 is installed
  • OR libgstpbutils-1_0-0-32bit-1.8.3-12 is installed
  • OR libgstriff-1_0-0-1.8.3-12 is installed
  • OR libgstrtp-1_0-0-1.8.3-12 is installed
  • OR libgstrtsp-1_0-0-1.8.3-12 is installed
  • OR libgstsdp-1_0-0-1.8.3-12 is installed
  • OR libgsttag-1_0-0-1.8.3-12 is installed
  • OR libgsttag-1_0-0-32bit-1.8.3-12 is installed
  • OR libgstvideo-1_0-0-1.8.3-12 is installed
  • OR libgstvideo-1_0-0-32bit-1.8.3-12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • kernel-firmware-20170530-21.22 is installed
  • OR ucode-amd-20170530-21.22 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libdcerpc-atsvc0-4.2.4-28.29 is installed
  • OR samba-4.2.4-28.29 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND ucode-intel-20180425-13.20 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • grub2-2.02-2 is installed
  • OR grub2-arm64-efi-2.02-2 is installed
  • OR grub2-i386-pc-2.02-2 is installed
  • OR grub2-powerpc-ieee1275-2.02-2 is installed
  • OR grub2-s390x-emu-2.02-2 is installed
  • OR grub2-snapper-plugin-2.02-2 is installed
  • OR grub2-systemd-sleep-plugin-2.02-2 is installed
  • OR grub2-x86_64-efi-2.02-2 is installed
  • OR grub2-x86_64-xen-2.02-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • kernel-default-4.4.180-94.113 is installed
  • OR kernel-default-base-4.4.180-94.113 is installed
  • OR kernel-default-devel-4.4.180-94.113 is installed
  • OR kernel-devel-4.4.180-94.113 is installed
  • OR kernel-macros-4.4.180-94.113 is installed
  • OR kernel-source-4.4.180-94.113 is installed
  • OR kernel-syms-4.4.180-94.113 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND squid-3.5.21-26.17 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • MozillaFirefox-60.9.0-109.86 is installed
  • OR MozillaFirefox-translations-common-60.9.0-109.86 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • pam_pkcs11-0.6.8-7.5 is installed
  • OR pam_pkcs11-32bit-0.6.8-7.5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND apache2-mod_jk-1.2.40-5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • MozillaThunderbird-68.7.0-3.77 is installed
  • OR MozillaThunderbird-translations-common-68.7.0-3.77 is installed
  • OR MozillaThunderbird-translations-other-68.7.0-3.77 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • MozillaFirefox-52.5.0esr-109.9 is installed
  • OR MozillaFirefox-devel-52.5.0esr-109.9 is installed
  • OR MozillaFirefox-translations-52.5.0esr-109.9 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • libsystemd0-228-150.53 is installed
  • OR libsystemd0-32bit-228-150.53 is installed
  • OR libudev1-228-150.53 is installed
  • OR libudev1-32bit-228-150.53 is installed
  • OR systemd-228-150.53 is installed
  • OR systemd-32bit-228-150.53 is installed
  • OR systemd-bash-completion-228-150.53 is installed
  • OR systemd-sysvinit-228-150.53 is installed
  • OR udev-228-150.53 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libmysqlclient18-10.0.38-29.27 is installed
  • OR mariadb-10.0.38-29.27 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-Twisted-15.2.1-9.5 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ghostscript-9.27-23.28 is installed
  • OR ghostscript-x11-9.27-23.28 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • crowbar-core-6.0+git.1566321308.1de18b9a4-3.7 is installed
  • OR crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.7 is installed
  • OR crowbar-ha-6.0+git.1566406179.7549de2-3.7 is installed
  • OR crowbar-openstack-6.0+git.1566404979.41279a88e-3.7 is installed
  • OR crowbar-ui-1.3.0+git.1563181545.65360af5-8 is installed
  • OR openstack-ceilometer-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-agent-central-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-agent-compute-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-agent-notification-11.0.2~dev14-3.7 is installed
  • OR openstack-ceilometer-polling-11.0.2~dev14-3.7 is installed
  • OR openstack-cinder-13.0.7~dev3-3.7 is installed
  • OR openstack-cinder-api-13.0.7~dev3-3.7 is installed
  • OR openstack-cinder-backup-13.0.7~dev3-3.7 is installed
  • OR openstack-cinder-scheduler-13.0.7~dev3-3.7 is installed
  • OR openstack-cinder-volume-13.0.7~dev3-3.7 is installed
  • OR openstack-designate-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-agent-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-api-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-central-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-producer-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-sink-7.0.1~dev21-3.7 is installed
  • OR openstack-designate-worker-7.0.1~dev21-3.7 is installed
  • OR openstack-heat-11.0.3~dev19-3.7 is installed
  • OR openstack-heat-api-11.0.3~dev19-3.7 is installed
  • OR openstack-heat-api-cfn-11.0.3~dev19-3.7 is installed
  • OR openstack-heat-engine-11.0.3~dev19-3.7 is installed
  • OR openstack-heat-plugin-heat_docker-11.0.3~dev19-3.7 is installed
  • OR openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8 is installed
  • OR openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8 is installed
  • OR openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8 is installed
  • OR openstack-ironic-11.1.4~dev9-3.7 is installed
  • OR openstack-ironic-api-11.1.4~dev9-3.7 is installed
  • OR openstack-ironic-conductor-11.1.4~dev9-3.7 is installed
  • OR openstack-ironic-python-agent-3.3.3~dev4-3.7 is installed
  • OR openstack-keystone-14.1.1~dev8-3.7 is installed
  • OR openstack-magnum-7.1.1~dev28-3.7 is installed
  • OR openstack-magnum-api-7.1.1~dev28-3.7 is installed
  • OR openstack-magnum-conductor-7.1.1~dev28-3.7 is installed
  • OR openstack-manila-7.3.1~dev3-4.7 is installed
  • OR openstack-manila-api-7.3.1~dev3-4.7 is installed
  • OR openstack-manila-data-7.3.1~dev3-4.7 is installed
  • OR openstack-manila-scheduler-7.3.1~dev3-4.7 is installed
  • OR openstack-manila-share-7.3.1~dev3-4.7 is installed
  • OR openstack-monasca-notification-1.14.2~dev1-6.7 is installed
  • OR openstack-monasca-persister-1.12.1~dev9-9 is installed
  • OR openstack-monasca-persister-java-1.12.1~dev9-9 is installed
  • OR openstack-neutron-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-dhcp-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-gbp-5.0.1~dev459-3.7 is installed
  • OR openstack-neutron-ha-tool-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-l3-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-lbaas-13.0.1~dev14-3.7 is installed
  • OR openstack-neutron-lbaas-agent-13.0.1~dev14-3.7 is installed
  • OR openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-macvtap-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-metadata-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-metering-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-openvswitch-agent-13.0.5~dev22-3.7 is installed
  • OR openstack-neutron-server-13.0.5~dev22-3.7 is installed
  • OR openstack-nova-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-api-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-cells-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-compute-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-conductor-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-console-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-novncproxy-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-placement-api-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-scheduler-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-serialproxy-18.2.2~dev9-3.7 is installed
  • OR openstack-nova-vncproxy-18.2.2~dev9-3.7 is installed
  • OR openstack-octavia-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-amphora-agent-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-api-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-health-manager-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-housekeeping-3.1.2~dev8-3.7 is installed
  • OR openstack-octavia-worker-3.1.2~dev8-3.7 is installed
  • OR openstack-tempest-19.0.0-12 is installed
  • OR openstack-tempest-test-19.0.0-12 is installed
  • OR python-ceilometer-11.0.2~dev14-3.7 is installed
  • OR python-cinder-13.0.7~dev3-3.7 is installed
  • OR python-cinder-tempest-plugin-0.1.0-8 is installed
  • OR python-designate-7.0.1~dev21-3.7 is installed
  • OR python-heat-11.0.3~dev19-3.7 is installed
  • OR python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8 is installed
  • OR python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8 is installed
  • OR python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8 is installed
  • OR python-ironic-11.1.4~dev9-3.7 is installed
  • OR python-ironicclient-2.5.3-4.7 is installed
  • OR python-ironicclient-doc-2.5.3-4.7 is installed
  • OR python-keystone-14.1.1~dev8-3.7 is installed
  • OR python-keystonemiddleware-5.2.0-8 is installed
  • OR python-magnum-7.1.1~dev28-3.7 is installed
  • OR python-manila-7.3.1~dev3-4.7 is installed
  • OR python-monasca-notification-1.14.2~dev1-6.7 is installed
  • OR python-monasca-persister-1.12.1~dev9-9 is installed
  • OR python-monasca-tempest-plugin-0.3.0-8 is installed
  • OR python-neutron-13.0.5~dev22-3.7 is installed
  • OR python-neutron-gbp-5.0.1~dev459-3.7 is installed
  • OR python-neutron-lbaas-13.0.1~dev14-3.7 is installed
  • OR python-nova-18.2.2~dev9-3.7 is installed
  • OR python-octavia-3.1.2~dev8-3.7 is installed
  • OR python-openstackclient-3.16.2-8 is installed
  • OR python-openstacksdk-0.17.3-8 is installed
  • OR python-proliantutils-2.8.4-8 is installed
  • OR python-tempest-19.0.0-12 is installed
  • OR python-vmware-nsx-13.0.1~dev146-9 is installed
  • OR python-vmware-nsxlib-13.0.1~dev24-8 is installed
  • OR yast2-crowbar-3.4.2-8 is installed
  • BACK