Oval Definition:oval:org.opensuse.security:def:74904
Revision Date:2020-12-01Version:1
Title:Security update for axel (Moderate)
Description:

This update for axel fixes the following issues:

axel was updated to 2.17.8:

CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)

Replaced progressbar line clearing with terminal control sequence * Fixed parsing of Content-Disposition HTTP header * Fixed User-Agent HTTP header never being included

Update to version 2.17.7:

- Buildsystem fixes - Fixed release date for man-pages on BSD - Explicitly close TCP sockets on SSL connections too - Fixed HTTP basic auth header generation - Changed the default progress report to 'alternate output mode' - Improved English in README.md

Update to version 2.17.6:

- Fixed handling of non-recoverable HTTP errors - Cleanup of connection setup code - Fixed manpage reproducibility issue - Use tracker instead of PTS from Debian

Update to version 2.17.5:

- Fixed progress indicator misalignment - Cleaned up the wget-like progress output code - Improved progress output flushing

Update to version 2.17.4:

- Fixed build with bionic libc (Android) - TCP Fast Open support on Linux - TCP code cleanup - Removed dependency on libm - Data types and format strings cleanup - String handling cleanup - Format string checking GCC attributes added - Buildsystem fixes and improvements - Updates to the documentation - Updated all translations - Fixed Footnotes in documentation - Fixed a typo in README.md

Update to version 2.17.3:

- Builds now use canonical host triplet instead of `uname -s` - Fixed build on Darwin / Mac OS X - Fixed download loops caused by last byte pointer being off by one - Fixed linking issues (i18n and posix threads) - Updated build instructions - Code cleanup - Added autoconf-archive to building instructions

Update to version 2.17.2:

- Fixed HTTP request-ranges to be zero-based - Fixed typo 'too may' -> 'too many' - Replaced malloc + memset calls with calloc - Sanitize progress bar buffer len passed to memset

Update to version 2.17.1:

- Fixed comparison error in axel_divide - Make sure maxconns is at least 1

Update to version 2.17:

- Fixed composition of URLs in redirections - Fixed request range calculation - Updated all translations - Updated build documentation - Major code cleanup - Cleanup of alternate progress output - Removed global string buffers - Fixed min and max macros - Moved User-Agent header to conf->add_header - Use integers for speed ratio and delay calculation - Added support for parsing IPv6 literal hostname - Fixed filename extraction from URL - Fixed request-target message to proxy - Handle secure protocol's schema even with SSL disabled - Fixed Content-Disposition filename value decoding - Strip leading hyphens in extracted filenames
Family:unixClass:patch
Status:Reference(s):1172159
1174922
1174923
CVE-2020-12673
CVE-2020-12674
CVE-2020-13614
openSUSE-SU-2020:0778-1
openSUSE-SU-2020:1262-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND axel-2.17.8-lp151.3.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • dovecot23-2.3.10-lp152.2.3 is installed
  • OR dovecot23-backend-mysql-2.3.10-lp152.2.3 is installed
  • OR dovecot23-backend-pgsql-2.3.10-lp152.2.3 is installed
  • OR dovecot23-backend-sqlite-2.3.10-lp152.2.3 is installed
  • OR dovecot23-devel-2.3.10-lp152.2.3 is installed
  • OR dovecot23-fts-2.3.10-lp152.2.3 is installed
  • OR dovecot23-fts-lucene-2.3.10-lp152.2.3 is installed
  • OR dovecot23-fts-solr-2.3.10-lp152.2.3 is installed
  • OR dovecot23-fts-squat-2.3.10-lp152.2.3 is installed
    • BACK