Oval Definition:	oval:org.opensuse.security:def:55873
Revision Date: 2021-03-24 Version: 1 Title: Security update for nghttp2 (Important) Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Family: unix Class: patch Status: Reference(s): 1009434 1011377 1011390 1011395 1011398 1011404 1011406 1011411 1011417 1027575 1038564 1042892 1046191 1050751 1068032 1076017 1082276 1082318 1083488 1085114 1085447 1086730 1088639 1090338 1092548 1092885 1096740 1112438 1125689 1134616 1146182 1146184 1181358 808355 835827 836937 852368 887580 906831 907016 935158 941500 943216 946744 956365 961642 961645 962189 962914 964140 966514 981252 988028 991344 992038 992606 999701 CVE-2013-0200 CVE-2013-1762 CVE-2013-4325 CVE-2013-6402 CVE-2014-0016 CVE-2014-2484 CVE-2014-2494 CVE-2014-4207 CVE-2014-4214 CVE-2014-4233 CVE-2014-4238 CVE-2014-4240 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-8962 CVE-2014-9028 CVE-2015-1335 CVE-2015-3644 CVE-2015-3813 CVE-2015-4652 CVE-2015-5219 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2015-8704 CVE-2016-0777 CVE-2016-0778 CVE-2016-1544 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 CVE-2017-13166 CVE-2017-2636 CVE-2017-5715 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 CVE-2018-1000004 CVE-2018-1000140 CVE-2018-1000168 CVE-2018-1068 CVE-2018-3639 CVE-2018-3665 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-7566 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 SUSE-SU-2015:1177-1 SUSE-SU-2015:1676-2 SUSE-SU-2015:1829-1 SUSE-SU-2016:0118-1 SUSE-SU-2016:0200-1 SUSE-SU-2016:2434-1 SUSE-SU-2016:3195-1 SUSE-SU-2017:2049-1 SUSE-SU-2018:0828-1 SUSE-SU-2018:1014-1 SUSE-SU-2018:1334-1 SUSE-SU-2018:1363-1 SUSE-SU-2018:2088-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gnome-keyring-3.20.1-lp150.2 is installed OR gnome-keyring-lang-3.20.1-lp150.2 is installed OR gnome-keyring-pam-3.20.1-lp150.2 is installed OR libgck-modules-gnome-keyring-3.20.1-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information curl-7.60.0-lp151.5.3 is installed OR curl-mini-7.60.0-lp151.5.3 is installed OR libcurl-devel-7.60.0-lp151.5.3 is installed OR libcurl-devel-32bit-7.60.0-lp151.5.3 is installed OR libcurl-mini-devel-7.60.0-lp151.5.3 is installed OR libcurl4-7.60.0-lp151.5.3 is installed OR libcurl4-32bit-7.60.0-lp151.5.3 is installed OR libcurl4-mini-7.60.0-lp151.5.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information hplip-3.11.10-0.6.11 is installed OR hplip-hpijs-3.11.10-0.6.11 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information bind-9.9.6P1-0.22 is installed OR bind-libs-9.9.6P1-0.22 is installed OR bind-libs-32bit-9.9.6P1-0.22 is installed OR bind-utils-9.9.6P1-0.22 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND lxc-0.8.0-0.25 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information ntp-4.2.8p9-55 is installed OR ntp-doc-4.2.8p9-55 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND stunnel-5.00-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_69-60_64_29-default-6-2 is installed OR kgraft-patch-3_12_69-60_64_29-xen-6-2 is installed OR kgraft-patch-SLE12-SP1_Update_12-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information dovecot22-2.2.13-2 is installed OR dovecot22-backend-mysql-2.2.13-2 is installed OR dovecot22-backend-pgsql-2.2.13-2 is installed OR dovecot22-backend-sqlite-2.2.13-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information cups-filters-1.0.58-15.2 is installed OR cups-filters-cups-browsed-1.0.58-15.2 is installed OR cups-filters-foomatic-rip-1.0.58-15.2 is installed OR cups-filters-ghostscript-1.0.58-15.2 is installed OR libqpdf18-7.1.1-3.3 is installed OR qpdf-7.1.1-3.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND libnghttp2-14-1.39.2-3.5.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_80-default-2-2 is installed OR kgraft-patch-SLE12-SP2_Update_22-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libMagickCore-6_Q16-1-6.8.8.1-70 is installed OR libMagickWand-6_Q16-1-6.8.8.1-70 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND mailman-2.1.17-3.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information MozillaFirefox-68.3.0-109.98 is installed OR MozillaFirefox-translations-common-68.3.0-109.98 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information res-signingkeys-3.0.37-52.23 is installed OR smt-3.0.37-52.23 is installed OR smt-support-3.0.37-52.23 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND autofs-5.0.9-28.3 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information librelp-1.2.7-3.3 is installed OR librelp0-1.2.7-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information openstack-nova-14.0.10~dev13-4.11 is installed OR openstack-nova-api-14.0.10~dev13-4.11 is installed OR openstack-nova-cells-14.0.10~dev13-4.11 is installed OR openstack-nova-cert-14.0.10~dev13-4.11 is installed OR openstack-nova-compute-14.0.10~dev13-4.11 is installed OR openstack-nova-conductor-14.0.10~dev13-4.11 is installed OR openstack-nova-console-14.0.10~dev13-4.11 is installed OR openstack-nova-consoleauth-14.0.10~dev13-4.11 is installed OR openstack-nova-doc-14.0.10~dev13-4.11 is installed OR openstack-nova-novncproxy-14.0.10~dev13-4.11 is installed OR openstack-nova-placement-api-14.0.10~dev13-4.11 is installed OR openstack-nova-scheduler-14.0.10~dev13-4.11 is installed OR openstack-nova-serialproxy-14.0.10~dev13-4.11 is installed OR openstack-nova-vncproxy-14.0.10~dev13-4.11 is installed OR python-nova-14.0.10~dev13-4.11 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information icu-52.1-8.10 is installed OR libicu-doc-52.1-8.10 is installed OR libicu52_1-52.1-8.10 is installed OR libicu52_1-32bit-52.1-8.10 is installed OR libicu52_1-data-52.1-8.10 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND squid-3.5.21-26.17 is installed
BACK