Oval Definition:oval:org.opensuse.security:def:59868
Revision Date:2021-03-24Version:1
Title:Security update for nghttp2 (Important)
Description:

This update for nghttp2 fixes the following issues:

Security issues fixed:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).

Bug fixes and enhancements:

- Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438)
Family:unixClass:patch
Status:Reference(s):1048278
1048339
1048352
1048387
1048790
1052577
1054017
1082318
1088639
1099257
1106119
1112438
1113094
1113672
1120767
1122292
1122299
1124937
1125689
1128481
1131060
1133375
1134616
1135170
1136570
1136976
1140738
1141329
1141332
1141780
1141782
1141783
1141785
1141787
1141789
1146182
1146184
1147021
1156402
1160968
1162610
1162972
1167373
1173304
1181358
962914
964140
966514
CVE-2016-1544
CVE-2016-9445
CVE-2016-9446
CVE-2016-9809
CVE-2016-9812
CVE-2016-9813
CVE-2017-11103
CVE-2017-5843
CVE-2017-5848
CVE-2018-1000168
CVE-2018-1000872
CVE-2018-11212
CVE-2018-12900
CVE-2018-18557
CVE-2018-18661
CVE-2019-11771
CVE-2019-11772
CVE-2019-11775
CVE-2019-12525
CVE-2019-12529
CVE-2019-13345
CVE-2019-18860
CVE-2019-2201
CVE-2019-2449
CVE-2019-2762
CVE-2019-2766
CVE-2019-2769
CVE-2019-2786
CVE-2019-2816
CVE-2019-3860
CVE-2019-3880
CVE-2019-4473
CVE-2019-5436
CVE-2019-6212
CVE-2019-6215
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6227
CVE-2019-6229
CVE-2019-6233
CVE-2019-6234
CVE-2019-7317
CVE-2019-8457
CVE-2019-9511
CVE-2019-9513
CVE-2019-9928
CVE-2020-11080
CVE-2020-14059
CVE-2020-2583
CVE-2020-2593
CVE-2020-2604
CVE-2020-2659
CVE-2020-8597
SUSE-SU-2017:2237-1
SUSE-SU-2018:3911-1
SUSE-SU-2019:0391-1
SUSE-SU-2019:1363-1
SUSE-SU-2019:1601-1
SUSE-SU-2019:1606-2
SUSE-SU-2019:2089-1
SUSE-SU-2020:0490-1
SUSE-SU-2021:0932-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND libXRes1-1.2.0-lp150.1 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • kernel-debug-4.12.14-lp151.28.7 is installed
  • OR kernel-debug-base-4.12.14-lp151.28.7 is installed
  • OR kernel-debug-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-default-4.12.14-lp151.28.7 is installed
  • OR kernel-default-base-4.12.14-lp151.28.7 is installed
  • OR kernel-default-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-docs-4.12.14-lp151.28.7 is installed
  • OR kernel-docs-html-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-base-4.12.14-lp151.28.7 is installed
  • OR kernel-kvmsmall-devel-4.12.14-lp151.28.7 is installed
  • OR kernel-macros-4.12.14-lp151.28.7 is installed
  • OR kernel-obs-build-4.12.14-lp151.28.7 is installed
  • OR kernel-obs-qa-4.12.14-lp151.28.7 is installed
  • OR kernel-source-4.12.14-lp151.28.7 is installed
  • OR kernel-source-vanilla-4.12.14-lp151.28.7 is installed
  • OR kernel-syms-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-base-4.12.14-lp151.28.7 is installed
  • OR kernel-vanilla-devel-4.12.14-lp151.28.7 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libdcerpc-atsvc0-4.2.4-28.32 is installed
  • OR samba-4.2.4-28.32 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND
  • libssh2-1-1.4.3-20.9 is installed
  • OR libssh2-1-32bit-1.4.3-20.9 is installed
  • OR libssh2_org-1.4.3-20.9 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gstreamer-plugins-bad-1.8.3-17 is installed
  • OR gstreamer-plugins-bad-lang-1.8.3-17 is installed
  • OR libgstadaptivedemux-1_0-0-1.8.3-17 is installed
  • OR libgstbadaudio-1_0-0-1.8.3-17 is installed
  • OR libgstbadbase-1_0-0-1.8.3-17 is installed
  • OR libgstbadvideo-1_0-0-1.8.3-17 is installed
  • OR libgstbasecamerabinsrc-1_0-0-1.8.3-17 is installed
  • OR libgstcodecparsers-1_0-0-1.8.3-17 is installed
  • OR libgstgl-1_0-0-1.8.3-17 is installed
  • OR libgstmpegts-1_0-0-1.8.3-17 is installed
  • OR libgstphotography-1_0-0-1.8.3-17 is installed
  • OR libgsturidownloader-1_0-0-1.8.3-17 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libecpg6-10.9-1.12 is installed
  • OR libpq5-10.9-1.12 is installed
  • OR libpq5-32bit-10.9-1.12 is installed
  • OR postgresql10-10.9-1.12 is installed
  • OR postgresql10-contrib-10.9-1.12 is installed
  • OR postgresql10-docs-10.9-1.12 is installed
  • OR postgresql10-libs-10.9-1.12 is installed
  • OR postgresql10-plperl-10.9-1.12 is installed
  • OR postgresql10-plpython-10.9-1.12 is installed
  • OR postgresql10-pltcl-10.9-1.12 is installed
  • OR postgresql10-server-10.9-1.12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • cups-1.7.5-20.29 is installed
  • OR cups-client-1.7.5-20.29 is installed
  • OR cups-libs-1.7.5-20.29 is installed
  • OR cups-libs-32bit-1.7.5-20.29 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libspice-server1-0.12.8-6 is installed
  • OR spice-0.12.8-6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • ceph-common-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librados2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librbd1-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR librgw2-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rados-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rbd-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • OR python-rgw-12.2.8+git.1536505967.080f2248ff-2.15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • libnghttp2-14-1.39.2-3.5.1 is installed
  • OR libnghttp2-14-32bit-1.39.2-3.5.1 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND squid-3.5.21-26.17 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-Werkzeug-0.14.1-3.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-PyKMIP-0.6.0-3.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • kernel-default-4.12.14-95.57 is installed
  • OR kernel-default-base-4.12.14-95.57 is installed
  • OR kernel-default-devel-4.12.14-95.57 is installed
  • OR kernel-devel-4.12.14-95.57 is installed
  • OR kernel-macros-4.12.14-95.57 is installed
  • OR kernel-source-4.12.14-95.57 is installed
  • OR kernel-syms-4.12.14-95.57 is installed
  • BACK