| Revision Date: | 2021-03-24 | Version: | 1 |
| Title: | Security update for nghttp2 (Important) |
| Description: |
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1082318
1088639
1112438
1125689
1134616
1146182
1146184
1181358
962914
964140
966514
CVE-2016-1544
CVE-2018-1000168
CVE-2019-9511
CVE-2019-9513
CVE-2020-11080
SUSE-SU-2021:0932-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP3-LTSS
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND libnghttp2-14-1.39.2-3.5.1 is installed
|