SUSE-SU-2021:0932-1 -- SLES nghttp2, libnghttp2-14ID: oval:org.secpod.oval:def:89044083 | Date: (C)2021-04-02 (M)2024-05-22 |
Class: PATCH | Family: unix |
This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS . - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service . - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service . - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service . - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields . Bug fixes and enhancements: - Packages must not mark license files as %doc - Typo in description of libnghttp2_asio1 - Fixed mistake in spec file - Fixed build issue with boost 1.70.0 - Fixed build issue with GCC 6 - Feature: Add WS module
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |
Product: |
nghttp2 |
libnghttp2-14 |