Oval Definition:oval:org.opensuse.security:def:58106
Revision Date:2021-03-24Version:1
Title:Security update for nghttp2 (Important)
Description:

This update for nghttp2 fixes the following issues:

Security issues fixed:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).

Bug fixes and enhancements:

- Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438)
Family:unixClass:patch
Status:Reference(s):1008845
1051684
1051685
1052916
1053259
1075812
1082318
1086036
1088268
1088639
1090036
1096723
1100097
1102682
1105323
1106191
1111789
1112438
1120644
1122191
1123022
1123053
1125689
1126088
1126428
1129729
1130116
1132666
1134616
1135824
1136035
1143215
1146182
1146184
1152916
1154162
1155089
1159646
1160968
1162972
1173948
1174157
1174538
1174910
1174913
1181358
951166
962914
964140
966514
983582
984751
985177
985348
989523
991069
CVE-2016-0772
CVE-2016-1000110
CVE-2016-1544
CVE-2016-5636
CVE-2016-5699
CVE-2016-9189
CVE-2017-0861
CVE-2017-1002201
CVE-2017-2885
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
CVE-2018-1000026
CVE-2018-1000168
CVE-2018-1000199
CVE-2018-10902
CVE-2018-10938
CVE-2018-12910
CVE-2018-20406
CVE-2018-5390
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-11694
CVE-2019-11698
CVE-2019-17571
CVE-2019-2614
CVE-2019-2627
CVE-2019-2628
CVE-2019-2974
CVE-2019-3814
CVE-2019-4732
CVE-2019-5010
CVE-2019-7317
CVE-2019-7524
CVE-2019-9511
CVE-2019-9513
CVE-2019-9800
CVE-2019-9815
CVE-2019-9816
CVE-2019-9817
CVE-2019-9818
CVE-2019-9819
CVE-2019-9820
CVE-2020-11080
CVE-2020-14361
CVE-2020-14362
CVE-2020-14577
CVE-2020-14578
CVE-2020-14579
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-15652
CVE-2020-15653
CVE-2020-15654
CVE-2020-15655
CVE-2020-15656
CVE-2020-15657
CVE-2020-15658
CVE-2020-15659
CVE-2020-2583
CVE-2020-2593
CVE-2020-2604
CVE-2020-2659
CVE-2020-6463
CVE-2020-6514
SUSE-SU-2016:2859-1
SUSE-SU-2017:2355-1
SUSE-SU-2018:1272-1
SUSE-SU-2018:2204-2
SUSE-SU-2019:0243-1
SUSE-SU-2019:0900-1
SUSE-SU-2019:1388-1
SUSE-SU-2019:1772-1
SUSE-SU-2019:3270-1
SUSE-SU-2020:0050-1
SUSE-SU-2020:0054-1
SUSE-SU-2020:0528-1
SUSE-SU-2020:2100-1
SUSE-SU-2020:2401-1
SUSE-SU-2020:2861-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
openSUSE Leap 15.1 NonFree
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libpango-1_0-0-1.40.14-lp150.1 is installed
  • OR typelib-1_0-Pango-1_0-1.40.14-lp150.1 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libmunge2-0.5.13-lp151.4.3 is installed
  • OR libmunge2-32bit-0.5.13-lp151.4.3 is installed
  • OR munge-0.5.13-lp151.4.3 is installed
  • OR munge-devel-0.5.13-lp151.4.3 is installed
  • OR munge-devel-32bit-0.5.13-lp151.4.3 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 NonFree is installed
  • AND opera-67.0.3575.97-lp151.2.12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • libmysqlclient-devel-10.0.40.2-29.35 is installed
  • OR libmysqlclient18-10.0.40.2-29.35 is installed
  • OR libmysqlclient18-32bit-10.0.40.2-29.35 is installed
  • OR libmysqlclient_r18-10.0.40.2-29.35 is installed
  • OR libmysqld-devel-10.0.40.2-29.35 is installed
  • OR libmysqld18-10.0.40.2-29.35 is installed
  • OR mariadb-10.0.40.2-29.35 is installed
  • OR mariadb-client-10.0.40.2-29.35 is installed
  • OR mariadb-errormessages-10.0.40.2-29.35 is installed
  • OR mariadb-tools-10.0.40.2-29.35 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libpython3_4m1_0-3.4.5-19 is installed
  • OR python3-3.4.5-19 is installed
  • OR python3-base-3.4.5-19 is installed
  • OR python3-curses-3.4.5-19 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libpython3_4m1_0-3.4.6-25.21 is installed
  • OR python3-3.4.6-25.21 is installed
  • OR python3-base-3.4.6-25.21 is installed
  • OR python3-curses-3.4.6-25.21 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libpython2_7-1_0-2.7.13-28.26 is installed
  • OR libpython2_7-1_0-32bit-2.7.13-28.26 is installed
  • OR python-2.7.13-28.26 is installed
  • OR python-32bit-2.7.13-28.26 is installed
  • OR python-base-2.7.13-28.26 is installed
  • OR python-base-32bit-2.7.13-28.26 is installed
  • OR python-curses-2.7.13-28.26 is installed
  • OR python-demo-2.7.13-28.26 is installed
  • OR python-devel-2.7.13-28.26 is installed
  • OR python-doc-2.7.13-28.26 is installed
  • OR python-doc-pdf-2.7.13-28.26 is installed
  • OR python-gdbm-2.7.13-28.26 is installed
  • OR python-idle-2.7.13-28.26 is installed
  • OR python-tk-2.7.13-28.26 is installed
  • OR python-xml-2.7.13-28.26 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_74-92_38-default-12-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_13-12-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • cups-1.7.5-19 is installed
  • OR cups-client-1.7.5-19 is installed
  • OR cups-libs-1.7.5-19 is installed
  • OR cups-libs-32bit-1.7.5-19 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • grub2-2.02-4.61 is installed
  • OR grub2-i386-pc-2.02-4.61 is installed
  • OR grub2-snapper-plugin-2.02-4.61 is installed
  • OR grub2-systemd-sleep-plugin-2.02-4.61 is installed
  • OR grub2-x86_64-efi-2.02-4.61 is installed
  • OR grub2-x86_64-xen-2.02-4.61 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND libnghttp2-14-1.39.2-3.5.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_107-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_29-5-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libpolkit0-0.113-5.15 is installed
  • OR polkit-0.113-5.15 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • tar-1.27.1-15.3 is installed
  • OR tar-lang-1.27.1-15.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • MozillaFirefox-60.7.0-109.72 is installed
  • OR MozillaFirefox-devel-60.7.0-109.72 is installed
  • OR MozillaFirefox-translations-common-60.7.0-109.72 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • kernel-default-4.4.180-94.103 is installed
  • OR kernel-default-base-4.4.180-94.103 is installed
  • OR kernel-default-devel-4.4.180-94.103 is installed
  • OR kernel-devel-4.4.180-94.103 is installed
  • OR kernel-macros-4.4.180-94.103 is installed
  • OR kernel-source-4.4.180-94.103 is installed
  • OR kernel-syms-4.4.180-94.103 is installed
  • OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
  • BACK