Oval Definition:oval:org.opensuse.security:def:53237
Revision Date:2020-12-01Version:1
Title:Security update for nginx (Important)
Description:

This update for nginx to version 1.14.2 fixes the following issues:

Security vulnerabilities addressed:

- CVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage (bsc#1115025 bsc#1115022). - CVE-2018-16845: Fixed an issue which might result in worker process memory disclosure whne processing of a specially crafted mp4 file with the ngx_http_mp4_module (bsc#1115015).

Other bug fixes and changes made:

- Fixed an issue with handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. - The logging level of the 'http request', 'https proxy request', 'unsupported protocol', 'version too low', 'no suitable key share', and 'no suitable signature algorithm' SSL errors has been lowered from 'crit' to 'info'. - Fixed an issue with using OpenSSL 1.1.0 or newer it was not possible to switch off 'ssl_prefer_server_ciphers' in a virtual server if it was switched on in the default server. - Fixed an issue with TLS 1.3 always being enabled when built with OpenSSL 1.1.0 and used with 1.1.1 - Fixed an issue with sending a disk-buffered request body to a gRPC backend - Fixed an issue with connections of some gRPC backends might not be cached when using the 'keepalive' directive. - Fixed a segmentation fault, which might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. - Fixed an issue, whereby working with gRPC backends might result in excessive memory consumption.
Family:unixClass:patch
Status:Reference(s):1009318
1011130
1011136
1013376
1014159
1018870
1024724
1027053
1027057
1045340
1115015
1115022
1115025
1171550
901924
903204
903216
903638
905260
911363
976340
980670
CVE-2008-2109
CVE-2010-1205
CVE-2011-2501
CVE-2011-2690
CVE-2011-2691
CVE-2011-2692
CVE-2011-3026
CVE-2011-3048
CVE-2011-3328
CVE-2011-3464
CVE-2011-3602
CVE-2012-0862
CVE-2012-2451
CVE-2012-3386
CVE-2012-4433
CVE-2013-4342
CVE-2013-6954
CVE-2014-0333
CVE-2014-3707
CVE-2014-8150
CVE-2014-8354
CVE-2014-8355
CVE-2014-8562
CVE-2014-8716
CVE-2014-9495
CVE-2014-9848
CVE-2015-0973
CVE-2015-8126
CVE-2015-8540
CVE-2016-0686
CVE-2016-0687
CVE-2016-0695
CVE-2016-10087
CVE-2016-1602
CVE-2016-3425
CVE-2016-3427
CVE-2016-8707
CVE-2016-8866
CVE-2016-9556
CVE-2016-9559
CVE-2016-9773
CVE-2017-1000364
CVE-2017-5953
CVE-2017-6349
CVE-2017-6350
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845
CVE-2020-13249
SUSE-SU-2016:1250-1
SUSE-SU-2016:1507-1
SUSE-SU-2016:3258-1
SUSE-SU-2017:1707-1
SUSE-SU-2017:1712-1
SUSE-SU-2019:0334-1
SUSE-SU-2020:1423-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • emacs-25.3-lp150.1 is installed
  • OR emacs-info-25.3-lp150.1 is installed
  • OR emacs-nox-25.3-lp150.1 is installed
  • OR etags-25.3-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • bluez-5.48-lp151.8.3 is installed
  • OR bluez-auto-enable-devices-5.48-lp151.8.3 is installed
  • OR bluez-cups-5.48-lp151.8.3 is installed
  • OR bluez-devel-5.48-lp151.8.3 is installed
  • OR bluez-devel-32bit-5.48-lp151.8.3 is installed
  • OR bluez-test-5.48-lp151.8.3 is installed
  • OR libbluetooth3-5.48-lp151.8.3 is installed
  • OR libbluetooth3-32bit-5.48-lp151.8.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • bytefx-data-mysql-2.6.7-0.9 is installed
  • OR ibm-data-db2-2.6.7-0.9 is installed
  • OR mono-core-2.6.7-0.9 is installed
  • OR mono-data-2.6.7-0.9 is installed
  • OR mono-data-firebird-2.6.7-0.9 is installed
  • OR mono-data-oracle-2.6.7-0.9 is installed
  • OR mono-data-postgresql-2.6.7-0.9 is installed
  • OR mono-data-sqlite-2.6.7-0.9 is installed
  • OR mono-data-sybase-2.6.7-0.9 is installed
  • OR mono-devel-2.6.7-0.9 is installed
  • OR mono-extras-2.6.7-0.9 is installed
  • OR mono-jscript-2.6.7-0.9 is installed
  • OR mono-locale-extras-2.6.7-0.9 is installed
  • OR mono-nunit-2.6.7-0.9 is installed
  • OR mono-wcf-2.6.7-0.9 is installed
  • OR mono-web-2.6.7-0.9 is installed
  • OR mono-winforms-2.6.7-0.9 is installed
  • OR monodoc-core-2.6.7-0.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • curl-7.19.7-1.40 is installed
  • OR libcurl4-7.19.7-1.40 is installed
  • OR libcurl4-32bit-7.19.7-1.40 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • bind-9.9.6P1-0.25 is installed
  • OR bind-libs-9.9.6P1-0.25 is installed
  • OR bind-libs-32bit-9.9.6P1-0.25 is installed
  • OR bind-utils-9.9.6P1-0.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-8 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-8 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-8 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-8 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND supportutils-3.0-82 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libpng16-16-1.6.8-11 is installed
  • OR libpng16-16-32bit-1.6.8-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • gegl-0_2-0.2.0-14 is installed
  • OR gegl-0_2-lang-0.2.0-14 is installed
  • OR libgegl-0_2-0-0.2.0-14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND libpng15-15-1.5.22-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND nginx-1.14.2-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • libmariadb-devel-3.1.8-3.18 is installed
  • OR libmariadb_plugins-3.1.8-3.18 is installed
  • OR mariadb-connector-c-3.1.8-3.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • fetchmail-6.3.26-5 is installed
  • OR fetchmailconf-6.3.26-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_69-default-4-2 is installed
  • OR kgraft-patch-3_12_74-60_64_69-xen-4-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_24-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND libXfont1-1.5.1-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • kernel-default-4.4.121-92.114 is installed
  • OR kernel-default-base-4.4.121-92.114 is installed
  • OR kernel-default-devel-4.4.121-92.114 is installed
  • OR kernel-devel-4.4.121-92.114 is installed
  • OR kernel-macros-4.4.121-92.114 is installed
  • OR kernel-source-4.4.121-92.114 is installed
  • OR kernel-syms-4.4.121-92.114 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND shadow-4.2.1-27.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_114-92_67-default-9-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_19-9-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND cifs-utils-6.5-8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • MozillaFirefox-60.8.0-109.83 is installed
  • OR MozillaFirefox-translations-common-60.8.0-109.83 is installed
  • OR libfreebl3-3.44.1-58.28 is installed
  • OR libfreebl3-32bit-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-3.44.1-58.28 is installed
  • OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-3.44.1-58.28 is installed
  • OR libsoftokn3-32bit-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-3.44.1-58.28 is installed
  • OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-3.44.1-58.28 is installed
  • OR mozilla-nss-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-3.44.1-58.28 is installed
  • OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-3.44.1-58.28 is installed
  • OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed
  • OR mozilla-nss-tools-3.44.1-58.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • glib2-2.48.2-12.15 is installed
  • OR glib2-lang-2.48.2-12.15 is installed
  • OR glib2-tools-2.48.2-12.15 is installed
  • OR libgio-2_0-0-2.48.2-12.15 is installed
  • OR libgio-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libglib-2_0-0-2.48.2-12.15 is installed
  • OR libglib-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgmodule-2_0-0-2.48.2-12.15 is installed
  • OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgobject-2_0-0-2.48.2-12.15 is installed
  • OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgthread-2_0-0-2.48.2-12.15 is installed
  • OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_162-94_72-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_22-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • ceph-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librados2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librbd1-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librgw2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rados-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND apache2-mod_jk-1.2.40-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • emacs-24.3-25.3 is installed
  • OR emacs-el-24.3-25.3 is installed
  • OR emacs-info-24.3-25.3 is installed
  • OR emacs-nox-24.3-25.3 is installed
  • OR emacs-x11-24.3-25.3 is installed
  • OR etags-24.3-25.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • libvirt-2.0.0-27.42 is installed
  • OR libvirt-client-2.0.0-27.42 is installed
  • OR libvirt-daemon-2.0.0-27.42 is installed
  • OR libvirt-daemon-config-network-2.0.0-27.42 is installed
  • OR libvirt-daemon-config-nwfilter-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-interface-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-libxl-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-lxc-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-network-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-nodedev-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-nwfilter-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-qemu-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-secret-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-storage-2.0.0-27.42 is installed
  • OR libvirt-daemon-hooks-2.0.0-27.42 is installed
  • OR libvirt-daemon-lxc-2.0.0-27.42 is installed
  • OR libvirt-daemon-qemu-2.0.0-27.42 is installed
  • OR libvirt-daemon-xen-2.0.0-27.42 is installed
  • OR libvirt-doc-2.0.0-27.42 is installed
  • OR libvirt-lock-sanlock-2.0.0-27.42 is installed
  • OR libvirt-nss-2.0.0-27.42 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND cobbler-2.6.6-49.9 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libecpg6-10.9-1.12 is installed
  • OR libpq5-10.9-1.12 is installed
  • OR libpq5-32bit-10.9-1.12 is installed
  • OR postgresql10-10.9-1.12 is installed
  • OR postgresql10-contrib-10.9-1.12 is installed
  • OR postgresql10-docs-10.9-1.12 is installed
  • OR postgresql10-libs-10.9-1.12 is installed
  • OR postgresql10-plperl-10.9-1.12 is installed
  • OR postgresql10-plpython-10.9-1.12 is installed
  • OR postgresql10-pltcl-10.9-1.12 is installed
  • OR postgresql10-server-10.9-1.12 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.20-3.6 is installed
    • BACK