Oval Definition:oval:org.opensuse.security:def:55312
Revision Date:2021-03-24Version:1
Title:Security update for nghttp2 (Important)
Description:

This update for nghttp2 fixes the following issues:

Security issues fixed:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).

Bug fixes and enhancements:

- Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438)
Family:unixClass:patch
Status:Reference(s):1000048
1001419
1002165
1004418
1013882
1042419
1058565
1058622
1058624
1077445
1082063
1082210
1082318
1083417
1083420
1083422
1083424
1083426
1088639
1111858
1111859
1112368
1112377
1112384
1112386
1112391
1112397
1112404
1112415
1112417
1112421
1112432
1112438
1114837
1116686
1118754
1120041
1120374
1122983
1125689
1126768
1129180
1131863
1134156
1134616
1140359
1146182
1146184
1146882
1146884
1181358
885069
897031
900941
901276
902709
904970
905056
905528
907150
920615
920633
930408
962914
964140
966514
967012
967013
982017
982018
982019
982222
982223
982285
982959
983961
983982
991080
991466
994157
994760
994771
994774
996441
997858
997859
CVE-2013-3571
CVE-2014-0019
CVE-2014-1574
CVE-2014-1575
CVE-2014-1576
CVE-2014-1577
CVE-2014-1578
CVE-2014-1581
CVE-2014-1583
CVE-2014-1585
CVE-2014-1586
CVE-2014-4877
CVE-2014-6051
CVE-2014-6052
CVE-2014-6053
CVE-2014-6054
CVE-2014-6055
CVE-2014-9654
CVE-2015-4000
CVE-2016-1544
CVE-2016-1549
CVE-2016-2391
CVE-2016-2392
CVE-2016-4453
CVE-2016-4454
CVE-2016-5105
CVE-2016-5106
CVE-2016-5107
CVE-2016-5126
CVE-2016-5195
CVE-2016-5238
CVE-2016-5337
CVE-2016-5338
CVE-2016-5403
CVE-2016-6313
CVE-2016-6490
CVE-2016-6833
CVE-2016-6836
CVE-2016-6888
CVE-2016-7116
CVE-2016-7155
CVE-2016-7156
CVE-2016-9843
CVE-2017-12150
CVE-2017-12151
CVE-2017-12163
CVE-2017-14226
CVE-2018-1000168
CVE-2018-16850
CVE-2018-18500
CVE-2018-18501
CVE-2018-18505
CVE-2018-3143
CVE-2018-3156
CVE-2018-3162
CVE-2018-3173
CVE-2018-3174
CVE-2018-3185
CVE-2018-3200
CVE-2018-3251
CVE-2018-3277
CVE-2018-3282
CVE-2018-3284
CVE-2018-7170
CVE-2018-7182
CVE-2018-7183
CVE-2018-7184
CVE-2018-7185
CVE-2019-12973
CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817
CVE-2019-3835
CVE-2019-3839
CVE-2019-8375
CVE-2019-9511
CVE-2019-9513
CVE-2020-11080
SUSE-SU-2015:2110-1
SUSE-SU-2016:2345-1
SUSE-SU-2016:2589-1
SUSE-SU-2016:2592-1
SUSE-SU-2017:2726-1
SUSE-SU-2018:0956-1
SUSE-SU-2018:3770-1
SUSE-SU-2019:0119-1
SUSE-SU-2019:0336-1
SUSE-SU-2019:1030-1
SUSE-SU-2019:2478-1
SUSE-SU-2021:0932-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • guestfs-data-1.38.0-lp150.2 is installed
  • OR libguestfs0-1.38.0-lp150.2 is installed
  • OR virt-v2v-1.38.0-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libpolkit0-0.114-lp151.5.3 is installed
  • OR libpolkit0-32bit-0.114-lp151.5.3 is installed
  • OR polkit-0.114-lp151.5.3 is installed
  • OR polkit-devel-0.114-lp151.5.3 is installed
  • OR polkit-doc-0.114-lp151.5.3 is installed
  • OR typelib-1_0-Polkit-1_0-0.114-lp151.5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-31.2.0esr-0.16 is installed
  • OR MozillaFirefox-branding-SLED-31.0-0.10 is installed
  • OR MozillaFirefox-translations-31.2.0esr-0.16 is installed
  • OR libfreebl3-3.17.2-0.8 is installed
  • OR libfreebl3-32bit-3.17.2-0.8 is installed
  • OR libsoftokn3-3.17.2-0.8 is installed
  • OR libsoftokn3-32bit-3.17.2-0.8 is installed
  • OR mozilla-nspr-4.10.7-0.3 is installed
  • OR mozilla-nspr-32bit-4.10.7-0.3 is installed
  • OR mozilla-nss-3.17.2-0.8 is installed
  • OR mozilla-nss-32bit-3.17.2-0.8 is installed
  • OR mozilla-nss-tools-3.17.2-0.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND LibVNCServer-0.9.1-156 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libecpg6-10.6-1.6 is installed
  • OR libpq5-10.6-1.6 is installed
  • OR libpq5-32bit-10.6-1.6 is installed
  • OR postgresql10-10.6-1.6 is installed
  • OR postgresql10-libs-10.6-1.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND libwpd-0_10-10-0.10.2-2.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libicu-doc-52.1-7 is installed
  • OR libicu52_1-52.1-7 is installed
  • OR libicu52_1-32bit-52.1-7 is installed
  • OR libicu52_1-data-52.1-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_69-60_64_29-default-5-3 is installed
  • OR kgraft-patch-3_12_69-60_64_29-xen-5-3 is installed
  • OR kgraft-patch-SLE12-SP1_Update_12-5-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • cracklib-2.9.0-7 is installed
  • OR libcrack2-2.9.0-7 is installed
  • OR libcrack2-32bit-2.9.0-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND libnghttp2-14-1.39.2-3.5.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • xen-4.7.6_06-43.48 is installed
  • OR xen-doc-html-4.7.6_06-43.48 is installed
  • OR xen-libs-4.7.6_06-43.48 is installed
  • OR xen-libs-32bit-4.7.6_06-43.48 is installed
  • OR xen-tools-4.7.6_06-43.48 is installed
  • OR xen-tools-domU-4.7.6_06-43.48 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_90-92_50-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_15-7-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND apache2-mod_jk-1.2.40-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND ipmitool-1.8.18-5.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • MozillaFirefox-60.9.0-109.86 is installed
  • OR MozillaFirefox-translations-common-60.9.0-109.86 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • tomcat-8.0.53-29.13 is installed
  • OR tomcat-admin-webapps-8.0.53-29.13 is installed
  • OR tomcat-docs-webapp-8.0.53-29.13 is installed
  • OR tomcat-el-3_0-api-8.0.53-29.13 is installed
  • OR tomcat-javadoc-8.0.53-29.13 is installed
  • OR tomcat-jsp-2_3-api-8.0.53-29.13 is installed
  • OR tomcat-lib-8.0.53-29.13 is installed
  • OR tomcat-servlet-3_1-api-8.0.53-29.13 is installed
  • OR tomcat-webapps-8.0.53-29.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • avahi-0.6.32-30 is installed
  • OR avahi-lang-0.6.32-30 is installed
  • OR avahi-utils-0.6.32-30 is installed
  • OR libavahi-client3-0.6.32-30 is installed
  • OR libavahi-client3-32bit-0.6.32-30 is installed
  • OR libavahi-common3-0.6.32-30 is installed
  • OR libavahi-common3-32bit-0.6.32-30 is installed
  • OR libavahi-core7-0.6.32-30 is installed
  • OR libdns_sd-0.6.32-30 is installed
  • OR libdns_sd-32bit-0.6.32-30 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • libdcerpc-binding0-4.2.4-28.19 is installed
  • OR libdcerpc-binding0-32bit-4.2.4-28.19 is installed
  • OR libdcerpc0-4.2.4-28.19 is installed
  • OR libdcerpc0-32bit-4.2.4-28.19 is installed
  • OR libgensec0-4.2.4-28.19 is installed
  • OR libgensec0-32bit-4.2.4-28.19 is installed
  • OR libndr-krb5pac0-4.2.4-28.19 is installed
  • OR libndr-krb5pac0-32bit-4.2.4-28.19 is installed
  • OR libndr-nbt0-4.2.4-28.19 is installed
  • OR libndr-nbt0-32bit-4.2.4-28.19 is installed
  • OR libndr-standard0-4.2.4-28.19 is installed
  • OR libndr-standard0-32bit-4.2.4-28.19 is installed
  • OR libndr0-4.2.4-28.19 is installed
  • OR libndr0-32bit-4.2.4-28.19 is installed
  • OR libnetapi0-4.2.4-28.19 is installed
  • OR libnetapi0-32bit-4.2.4-28.19 is installed
  • OR libregistry0-4.2.4-28.19 is installed
  • OR libsamba-credentials0-4.2.4-28.19 is installed
  • OR libsamba-credentials0-32bit-4.2.4-28.19 is installed
  • OR libsamba-hostconfig0-4.2.4-28.19 is installed
  • OR libsamba-hostconfig0-32bit-4.2.4-28.19 is installed
  • OR libsamba-passdb0-4.2.4-28.19 is installed
  • OR libsamba-passdb0-32bit-4.2.4-28.19 is installed
  • OR libsamba-util0-4.2.4-28.19 is installed
  • OR libsamba-util0-32bit-4.2.4-28.19 is installed
  • OR libsamdb0-4.2.4-28.19 is installed
  • OR libsamdb0-32bit-4.2.4-28.19 is installed
  • OR libsmbclient-raw0-4.2.4-28.19 is installed
  • OR libsmbclient-raw0-32bit-4.2.4-28.19 is installed
  • OR libsmbclient0-4.2.4-28.19 is installed
  • OR libsmbclient0-32bit-4.2.4-28.19 is installed
  • OR libsmbconf0-4.2.4-28.19 is installed
  • OR libsmbconf0-32bit-4.2.4-28.19 is installed
  • OR libsmbldap0-4.2.4-28.19 is installed
  • OR libsmbldap0-32bit-4.2.4-28.19 is installed
  • OR libtevent-util0-4.2.4-28.19 is installed
  • OR libtevent-util0-32bit-4.2.4-28.19 is installed
  • OR libwbclient0-4.2.4-28.19 is installed
  • OR libwbclient0-32bit-4.2.4-28.19 is installed
  • OR samba-4.2.4-28.19 is installed
  • OR samba-32bit-4.2.4-28.19 is installed
  • OR samba-client-4.2.4-28.19 is installed
  • OR samba-client-32bit-4.2.4-28.19 is installed
  • OR samba-doc-4.2.4-28.19 is installed
  • OR samba-libs-4.2.4-28.19 is installed
  • OR samba-libs-32bit-4.2.4-28.19 is installed
  • OR samba-winbind-4.2.4-28.19 is installed
  • OR samba-winbind-32bit-4.2.4-28.19 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND mailman-2.1.17-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND Package Information
  • mariadb-10.2.31-3.25 is installed
  • OR mariadb-galera-10.2.31-3.25 is installed
    • BACK