SUSE-CU-2021:84-1: Security update of suse/sles12sp5
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Mar 30 06:05:43 UTC 2021
SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:84-1
Container Tags : suse/sles12sp5:6.5.151 , suse/sles12sp5:latest
Container Release : 6.5.151
Severity : important
Type : security
References : 1082318 1088639 1112438 1125689 1134616 1146182 1146184 1176201
1181358 962914 964140 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511
CVE-2019-9513 CVE-2020-11080
-----------------------------------------------------------------
The container suse/sles12sp5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:796-1
Released: Tue Mar 16 10:28:14 2021
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1176201
This update for zlib fixes the following issues:
- Fixed hw compression on z15 (bsc#1176201)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:932-1
Released: Wed Mar 24 12:13:01 2021
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1082318,1088639,1112438,1125689,1134616,1146182,1146184,1181358,962914,964140,966514,CVE-2016-1544,CVE-2018-1000168,CVE-2019-9511,CVE-2019-9513,CVE-2020-11080
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).
- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).
- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318)
- Typo in description of libnghttp2_asio1 (bsc#962914)
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Fixed build issue with GCC 6 (bsc#964140)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
More information about the sle-security-updates
mailing list