Oval Definition:	oval:org.opensuse.security:def:59610
Revision Date: 2021-03-24 Version: 1 Title: Security update for nghttp2 (Important) Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Family: unix Class: patch Status: Reference(s): 1029638 1029639 1029706 1029707 1029751 1040662 1049423 1052448 1052449 1052466 1077732 1082318 1085449 1088639 1093311 1097356 1102682 1105434 1106914 1112438 1112758 1114828 1116600 1120943 1125689 1131886 1134616 1146182 1146184 1153165 1154217 1155419 1160471 1160770 1169511 1170441 1172277 1176496 1176764 1181358 962914 964140 966514 CVE-2012-5643 CVE-2013-2062 CVE-2013-7490 CVE-2014-7141 CVE-2014-7142 CVE-2014-9749 CVE-2015-5400 CVE-2016-10002 CVE-2016-10003 CVE-2016-1544 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2018-1000168 CVE-2018-1000222 CVE-2018-1417 CVE-2018-16471 CVE-2018-16839 CVE-2018-20030 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-5390 CVE-2018-5848 CVE-2019-14853 CVE-2019-14859 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 CVE-2019-20919 CVE-2019-9278 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 SUSE-SU-2017:2201-1 SUSE-SU-2018:0255-1 SUSE-SU-2018:2835-1 SUSE-SU-2018:2837-1 SUSE-SU-2019:1440-1 SUSE-SU-2019:3024-1 SUSE-SU-2020:0457-1 SUSE-SU-2020:1165-1 SUSE-SU-2020:1683-1 SUSE-SU-2020:2856-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND libusbmuxd4-1.0.10-lp150.3 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information gvfs-1.34.2.1-lp151.6.3 is installed OR gvfs-32bit-1.34.2.1-lp151.6.3 is installed OR gvfs-backend-afc-1.34.2.1-lp151.6.3 is installed OR gvfs-backend-samba-1.34.2.1-lp151.6.3 is installed OR gvfs-backends-1.34.2.1-lp151.6.3 is installed OR gvfs-devel-1.34.2.1-lp151.6.3 is installed OR gvfs-fuse-1.34.2.1-lp151.6.3 is installed OR gvfs-lang-1.34.2.1-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information LibVNCServer-0.9.9-17.19 is installed OR libvncclient0-0.9.9-17.19 is installed OR libvncserver0-0.9.9-17.19 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libXp6-1.0.2-3 is installed OR libXp6-32bit-1.0.2-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information bzip2-1.0.6-30.8 is installed OR bzip2-doc-1.0.6-30.8 is installed OR libbz2-1-1.0.6-30.8 is installed OR libbz2-1-32bit-1.0.6-30.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information evince-3.20.2-6.27 is installed OR evince-browser-plugin-3.20.2-6.27 is installed OR evince-lang-3.20.2-6.27 is installed OR evince-plugin-djvudocument-3.20.2-6.27 is installed OR evince-plugin-dvidocument-3.20.2-6.27 is installed OR evince-plugin-pdfdocument-3.20.2-6.27 is installed OR evince-plugin-psdocument-3.20.2-6.27 is installed OR evince-plugin-tiffdocument-3.20.2-6.27 is installed OR evince-plugin-xpsdocument-3.20.2-6.27 is installed OR libevdocument3-4-3.20.2-6.27 is installed OR libevview3-3-3.20.2-6.27 is installed OR nautilus-evince-3.20.2-6.27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kernel-default-4.4.180-94.103 is installed OR kernel-default-base-4.4.180-94.103 is installed OR kernel-default-devel-4.4.180-94.103 is installed OR kernel-default-man-4.4.180-94.103 is installed OR kernel-devel-4.4.180-94.103 is installed OR kernel-macros-4.4.180-94.103 is installed OR kernel-source-4.4.180-94.103 is installed OR kernel-syms-4.4.180-94.103 is installed OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information openslp-2.0.0-18.15 is installed OR openslp-32bit-2.0.0-18.15 is installed OR openslp-server-2.0.0-18.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dpdk-17.11.4-3 is installed OR dpdk-kmp-default-17.11.4_k4.12.14_94.41-3 is installed OR dpdk-thunderx-17.11.4-3 is installed OR dpdk-thunderx-kmp-default-17.11.4_k4.12.14_94.41-3 is installed OR dpdk-tools-17.11.4-3 is installed OR libdpdk-17_11-17.11.4-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information libnghttp2-14-1.39.2-3.5.1 is installed OR libnghttp2-14-32bit-1.39.2-3.5.1 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND python-ecdsa-0.13.3-5.10 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby2.1-rubygem-rack-1.6.11-3.3 is installed OR rubygem-rack-1.6.11-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND mailman-2.1.17-3.23 is installed
BACK