SUSE: 2021:84-1 suse/sles12sp5 Security Update
Summary
Advisory ID: SUSE-RU-2021:796-1 Released: Tue Mar 16 10:28:14 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:932-1 Released: Wed Mar 24 12:13:01 2021 Summary: Security update for nghttp2 Type: security Severity: important
References
References : 1082318 1088639 1112438 1125689 1134616 1146182 1146184 1176201
1181358 962914 964140 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511
CVE-2019-9513 CVE-2020-11080
1176201
This update for zlib fixes the following issues:
- Fixed hw compression on z15 (bsc#1176201)
1082318,1088639,1112438,1125689,1134616,1146182,1146184,1181358,962914,964140,966514,CVE-2016-1544,CVE-2018-1000168,CVE-2019-9511,CVE-2019-9513,CVE-2020-11080
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).
- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).
- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318)
- Typo in description of libnghttp2_asio1 (bsc#962914)
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Fixed build issue with GCC 6 (bsc#964140)
- Feature: Add W&S module (FATE#326776, bsc#1112438)