Oval Definition:oval:org.opensuse.security:def:57190
Revision Date:2021-03-24Version:1
Title:Security update for nghttp2 (Important)
Description:

This update for nghttp2 fixes the following issues:

Security issues fixed:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).

Bug fixes and enhancements:

- Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438)
Family:unixClass:patch
Status:Reference(s):1039348
1042292
1068101
1069708
1071471
1082318
1083424
1087066
1088268
1088639
1090023
1090024
1090025
1090026
1090027
1090028
1090029
1090030
1090032
1090033
1090036
1090338
1096740
1098531
1111853
1112438
1116574
1125689
1133925
1134616
1140277
1146182
1146184
1150003
1150011
1150247
1150250
1158809
1171252
1171254
1176262
1181358
807449
962914
964140
966514
967970
975500
CVE-2011-3172
CVE-2013-1769
CVE-2016-1544
CVE-2016-2533
CVE-2016-4009
CVE-2017-0861
CVE-2017-1000364
CVE-2017-15868
CVE-2017-16939
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
CVE-2018-1000168
CVE-2018-1000199
CVE-2018-12327
CVE-2018-13785
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-2815
CVE-2018-3136
CVE-2018-3139
CVE-2018-3149
CVE-2018-3169
CVE-2018-3180
CVE-2018-3183
CVE-2018-3214
CVE-2018-3665
CVE-2018-7170
CVE-2019-14822
CVE-2019-1547
CVE-2019-1549
CVE-2019-1551
CVE-2019-1563
CVE-2019-20916
CVE-2019-9511
CVE-2019-9513
CVE-2020-11080
CVE-2020-12653
CVE-2020-12654
SUSE-SU-2017:1615-1
SUSE-SU-2017:3213-1
SUSE-SU-2018:0275-1
SUSE-SU-2018:1255-1
SUSE-SU-2018:1690-1
SUSE-SU-2018:1948-1
SUSE-SU-2018:1949-1
SUSE-SU-2018:3342-1
SUSE-SU-2018:4064-1
SUSE-SU-2019:2334-1
SUSE-SU-2019:2388-1
SUSE-SU-2020:0099-1
SUSE-SU-2020:2698-1
SUSE-SU-2021:0932-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • flatpak-0.10.4-lp150.2 is installed
  • OR libflatpak0-0.10.4-lp150.2 is installed
  • OR typelib-1_0-Flatpak-1_0-0.10.4-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • kernel-debug-4.12.14-lp151.28.7 is installed
  • OR kernel-debug-base-4.12.14-lp151.28.7 is installed
  • OR kernel-debug-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-default-4.12.14-lp151.28.7 is installed
  • OR kernel-default-base-4.12.14-lp151.28.7 is installed
  • OR kernel-default-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-docs-4.12.14-lp151.28.7 is installed
  • OR kernel-docs-html-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-base-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-macros-4.12.14-lp151.28.7 is installed
  • OR kernel-obs-build-4.12.14-lp151.28.7 is installed
  • OR kernel-obs-qa-4.12.14-lp151.28.7 is installed
  • OR kernel-source-4.12.14-lp151.28.7 is installed
  • OR kernel-source-vanilla-4.12.14-lp151.28.7 is installed
  • OR kernel-syms-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-base-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-devel-4.12.14-lp151.28.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND telepathy-gabble-0.7.10-2.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libopenssl1_1-1.1.1d-2.20 is installed
  • OR libopenssl1_1-32bit-1.1.1d-2.20 is installed
  • OR openssl-1_1-1.1.1d-2.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kernel-default-3.12.74-60.64.45 is installed
  • OR kernel-default-base-3.12.74-60.64.45 is installed
  • OR kernel-default-devel-3.12.74-60.64.45 is installed
  • OR kernel-default-man-3.12.74-60.64.45 is installed
  • OR kernel-devel-3.12.74-60.64.45 is installed
  • OR kernel-macros-3.12.74-60.64.45 is installed
  • OR kernel-source-3.12.74-60.64.45 is installed
  • OR kernel-syms-3.12.74-60.64.45 is installed
  • OR kernel-xen-3.12.74-60.64.45 is installed
  • OR kernel-xen-base-3.12.74-60.64.45 is installed
  • OR kernel-xen-devel-3.12.74-60.64.45 is installed
  • OR kgraft-patch-3_12_74-60_64_45-default-1-4 is installed
  • OR kgraft-patch-3_12_74-60_64_45-xen-1-4 is installed
  • OR kgraft-patch-SLE12-SP1_Update_16-1-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • pam-modules-12.1-23 is installed
  • OR pam-modules-32bit-12.1-23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • openssh-7.2p2-74.42 is installed
  • OR openssh-askpass-gnome-7.2p2-74.42 is installed
  • OR openssh-fips-7.2p2-74.42 is installed
  • OR openssh-helpers-7.2p2-74.42 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kernel-default-4.4.121-92.85 is installed
  • OR kernel-default-base-4.4.121-92.85 is installed
  • OR kernel-default-devel-4.4.121-92.85 is installed
  • OR kernel-devel-4.4.121-92.85 is installed
  • OR kernel-macros-4.4.121-92.85 is installed
  • OR kernel-source-4.4.121-92.85 is installed
  • OR kernel-syms-4.4.121-92.85 is installed
  • OR kgraft-patch-4_4_121-92_85-default-1-3.5 is installed
  • OR kgraft-patch-SLE12-SP2_Update_23-1-3.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • emacs-24.3-19 is installed
  • OR emacs-el-24.3-19 is installed
  • OR emacs-info-24.3-19 is installed
  • OR emacs-nox-24.3-19 is installed
  • OR emacs-x11-24.3-19 is installed
  • OR etags-24.3-19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_107-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_29-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND libnghttp2-14-1.39.2-3.5.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND binutils-2.31-9.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • perl-5.18.2-12.20 is installed
  • OR perl-32bit-5.18.2-12.20 is installed
  • OR perl-base-5.18.2-12.20 is installed
  • OR perl-doc-5.18.2-12.20 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.25-30.39 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libX11-1.6.2-12.12 is installed
  • OR libX11-6-1.6.2-12.12 is installed
  • OR libX11-6-32bit-1.6.2-12.12 is installed
  • OR libX11-data-1.6.2-12.12 is installed
  • OR libX11-xcb1-1.6.2-12.12 is installed
  • OR libX11-xcb1-32bit-1.6.2-12.12 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed
  • OR openssl-1.0.2j-60.55 is installed
  • OR openssl-doc-1.0.2j-60.55 is installed
    • BACK