OVAL Reference oval:org.opensuse.security:def:58924

Oval Definition:

oval:org.opensuse.security:def:58924

Revision Date:	2021-03-24	Version:	1
Title:	Security update for nghttp2 (Important)
Description:	This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438)
Family:	unix	Class:	patch
Status:		Reference(s):	1057662 1076366 1081725 1082318 1083926 1083927 1088639 1092540 1092548 1095218 1095219 1102840 1109105 1111479 1111480 1112229 1112438 1117022 1117274 1117313 1117327 1117331 1125689 1129180 1131390 1131863 1134156 1134616 1138954 1139083 1140359 1144327 1144379 1146182 1146184 1146882 1146884 1150584 1152711 1153108 1153471 1155789 1155952 1156321 1156331 1157770 1157860 1160039 1162610 1170601 1171863 1171864 1171866 1173160 1173580 1174120 1181358 962914 964140 966514 985657 CVE-2013-6370 CVE-2013-6371 CVE-2015-0840 CVE-2016-1544 CVE-2016-3189 CVE-2017-6967 CVE-2018-1000168 CVE-2018-1046 CVE-2018-11233 CVE-2018-11235 CVE-2018-14734 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-20856 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5729 CVE-2018-5730 CVE-2019-10220 CVE-2019-12900 CVE-2019-12973 CVE-2019-13272 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 CVE-2019-9511 CVE-2019-9513 CVE-2020-10543 CVE-2020-10745 CVE-2020-10878 CVE-2020-11080 CVE-2020-12723 CVE-2020-4044 CVE-2020-8597 SUSE-SU-2018:0663-1 SUSE-SU-2018:0846-1 SUSE-SU-2018:1334-1 SUSE-SU-2018:1566-1 SUSE-SU-2018:1660-1 SUSE-SU-2019:1422-1 SUSE-SU-2019:1955-1 SUSE-SU-2019:3261-1 SUSE-SU-2020:0490-1 SUSE-SU-2020:1662-1 SUSE-SU-2020:1943-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information libxml2-2-2.9.7-lp150.1 is installed OR libxml2-2-32bit-2.9.7-lp150.1 is installed OR libxml2-tools-2.9.7-lp150.1 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.1-lp151.2.15 is installed OR libjavascriptcoregtk-4_0-18-32bit-2.28.1-lp151.2.15 is installed OR libwebkit2gtk-4_0-37-2.28.1-lp151.2.15 is installed OR libwebkit2gtk-4_0-37-32bit-2.28.1-lp151.2.15 is installed OR libwebkit2gtk3-lang-2.28.1-lp151.2.15 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.1-lp151.2.15 is installed OR typelib-1_0-WebKit2-4_0-2.28.1-lp151.2.15 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.28.1-lp151.2.15 is installed OR webkit-jsc-4-2.28.1-lp151.2.15 is installed OR webkit2gtk-4_0-injected-bundles-2.28.1-lp151.2.15 is installed OR webkit2gtk3-2.28.1-lp151.2.15 is installed OR webkit2gtk3-devel-2.28.1-lp151.2.15 is installed OR webkit2gtk3-minibrowser-2.28.1-lp151.2.15 is installed
Definition Synopsis
openSUSE Leap 15.1 NonFree is installed AND opera-68.0.3618.104-lp151.2.18 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information java-1_8_0-openjdk-1.8.0.161-27.13 is installed OR java-1_8_0-openjdk-demo-1.8.0.161-27.13 is installed OR java-1_8_0-openjdk-devel-1.8.0.161-27.13 is installed OR java-1_8_0-openjdk-headless-1.8.0.161-27.13 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND xrdp-0.9.0~git.1456906198.f422461-16.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information ghostscript-9.26-23.16 is installed OR ghostscript-x11-9.26-23.16 is installed OR libspectre-0.2.7-12.4 is installed OR libspectre1-0.2.7-12.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information MozillaFirefox-52.8.0esr-109.31 is installed OR MozillaFirefox-devel-52.8.0esr-109.31 is installed OR MozillaFirefox-translations-52.8.0esr-109.31 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libjson-c2-0.11-2 is installed OR libjson-c2-32bit-0.11-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_175-94_79-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_23-6-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information evince-3.20.2-6.27 is installed OR evince-browser-plugin-3.20.2-6.27 is installed OR evince-lang-3.20.2-6.27 is installed OR evince-plugin-djvudocument-3.20.2-6.27 is installed OR evince-plugin-dvidocument-3.20.2-6.27 is installed OR evince-plugin-pdfdocument-3.20.2-6.27 is installed OR evince-plugin-psdocument-3.20.2-6.27 is installed OR evince-plugin-tiffdocument-3.20.2-6.27 is installed OR evince-plugin-xpsdocument-3.20.2-6.27 is installed OR libevdocument3-4-3.20.2-6.27 is installed OR libevview3-3-3.20.2-6.27 is installed OR nautilus-evince-3.20.2-6.27 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND libnghttp2-14-1.39.2-3.5.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information e2fsprogs-1.43.8-1 is installed OR libcom_err2-1.43.8-1 is installed OR libcom_err2-32bit-1.43.8-1 is installed OR libext2fs2-1.43.8-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND git-2.12.3-27.14 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed

BACK