Oval Definition:	oval:org.opensuse.security:def:60484
Revision Date: 2021-03-24 Version: 1 Title: Security update for nghttp2 (Important) Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Family: unix Class: patch Status: Reference(s): 1065237 1076957 1082318 1084521 1084524 1084532 1088639 1090671 1112438 1119183 1121816 1121821 1124211 1125689 1129180 1131709 1131863 1134156 1134616 1139959 1140122 1140359 1141493 1146182 1146184 1146882 1146884 1149792 1152856 1154212 1168422 1168930 1169605 1169740 1169786 1169936 1170302 1170603 1170741 1170939 1171186 1171355 1172651 1172906 1172935 1173197 1173334 1181358 962914 964140 966514 CVE-2009-1494 CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 CVE-2011-4971 CVE-2013-0179 CVE-2013-7239 CVE-2013-7290 CVE-2013-7291 CVE-2016-10708 CVE-2016-1544 CVE-2016-7545 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 CVE-2017-12652 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000168 CVE-2018-8956 CVE-2019-12973 CVE-2019-13012 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-3835 CVE-2019-3839 CVE-2019-6109 CVE-2019-6111 CVE-2019-7317 CVE-2019-9511 CVE-2019-9513 CVE-2020-11008 CVE-2020-11080 CVE-2020-11868 CVE-2020-12268 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-13817 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-15025 CVE-2020-3898 CVE-2020-5260 CVE-2020-6831 SUSE-SU-2018:0769-1 SUSE-SU-2018:1989-1 SUSE-SU-2019:1524-1 SUSE-SU-2019:1830-1 SUSE-SU-2019:2478-1 SUSE-SU-2019:3060-2 SUSE-SU-2020:1045-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:1794-1 SUSE-SU-2020:1805-1 SUSE-SU-2021:0932-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information go1.12-1.12.12-lp150.11 is installed OR go1.12-doc-1.12.12-lp150.11 is installed OR go1.12-race-1.12.12-lp150.11 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information gvim-8.0.1568-lp151.5.3 is installed OR vim-8.0.1568-lp151.5.3 is installed OR vim-data-8.0.1568-lp151.5.3 is installed OR vim-data-common-8.0.1568-lp151.5.3 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information kernel-debug-5.3.18-lp152.33 is installed OR kernel-debug-devel-5.3.18-lp152.33 is installed OR kernel-default-5.3.18-lp152.33 is installed OR kernel-default-base-5.3.18-lp152.33.1.lp152.8.4 is installed OR kernel-default-base-rebuild-5.3.18-lp152.33.1.lp152.8.4 is installed OR kernel-default-devel-5.3.18-lp152.33 is installed OR kernel-devel-5.3.18-lp152.33 is installed OR kernel-docs-5.3.18-lp152.33 is installed OR kernel-docs-html-5.3.18-lp152.33 is installed OR kernel-kvmsmall-5.3.18-lp152.33 is installed OR kernel-kvmsmall-devel-5.3.18-lp152.33 is installed OR kernel-macros-5.3.18-lp152.33 is installed OR kernel-obs-build-5.3.18-lp152.33 is installed OR kernel-obs-qa-5.3.18-lp152.33 is installed OR kernel-preempt-5.3.18-lp152.33 is installed OR kernel-preempt-devel-5.3.18-lp152.33 is installed OR kernel-source-5.3.18-lp152.33 is installed OR kernel-source-vanilla-5.3.18-lp152.33 is installed OR kernel-syms-5.3.18-lp152.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND memcached-1.4.33-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND mutt-1.10.1-55.11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information java-1_7_0-openjdk-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information git-2.26.2-27.36 is installed OR git-core-2.26.2-27.36 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND perl-Archive-Zip-1.34-3.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information g3utils-1.1.36-58.3 is installed OR mgetty-1.1.36-58.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.70-38.56 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56 is installed OR java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP5 is installed AND libnghttp2-14-1.39.2-3.5.1 is installed OR libnghttp2-14-32bit-1.39.2-3.5.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND libnghttp2-14-1.39.2-3.5.1 is installed OR libnghttp2-14-32bit-1.39.2-3.5.1 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information glib2-2.48.2-12.15 is installed OR glib2-lang-2.48.2-12.15 is installed OR glib2-tools-2.48.2-12.15 is installed OR libgio-2_0-0-2.48.2-12.15 is installed OR libgio-2_0-0-32bit-2.48.2-12.15 is installed OR libglib-2_0-0-2.48.2-12.15 is installed OR libglib-2_0-0-32bit-2.48.2-12.15 is installed OR libgmodule-2_0-0-2.48.2-12.15 is installed OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed OR libgobject-2_0-0-2.48.2-12.15 is installed OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed OR libgthread-2_0-0-2.48.2-12.15 is installed OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND Package Information tomcat-9.0.36-3.42 is installed OR tomcat-admin-webapps-9.0.36-3.42 is installed OR tomcat-docs-webapp-9.0.36-3.42 is installed OR tomcat-el-3_0-api-9.0.36-3.42 is installed OR tomcat-javadoc-9.0.36-3.42 is installed OR tomcat-jsp-2_3-api-9.0.36-3.42 is installed OR tomcat-lib-9.0.36-3.42 is installed OR tomcat-servlet-4_0-api-9.0.36-3.42 is installed OR tomcat-webapps-9.0.36-3.42 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information cups-1.7.5-20.29 is installed OR cups-client-1.7.5-20.29 is installed OR cups-libs-1.7.5-20.29 is installed OR cups-libs-32bit-1.7.5-20.29 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information mariadb-10.2.25-3.19 is installed OR mariadb-galera-10.2.25-3.19 is installed
BACK