Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-9511 (GCVE-0-2019-9511)
Vulnerability from cvelistv5 – Published: 2019-08-13 20:50 – Updated: 2024-08-04 21:54
VLAI
EPSS
Title
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service
Summary
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
47 references
Credits
Thanks to Jonathan Looney of Netflix for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#605641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "USN-4099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"name": "FEDORA-2019-befd924cfe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"name": "FEDORA-2019-81985a8858",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"name": "DSA-4505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"name": "FEDORA-2019-8a437d5c2f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"name": "FEDORA-2019-4427fd65be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"name": "FEDORA-2019-63ba15cc83",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"name": "DSA-4511",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"name": "FEDORA-2019-7a0b45fdc4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"name": "RHSA-2019:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"name": "openSUSE-SU-2019:2120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2745",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"name": "RHSA-2019:2746",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"name": "RHSA-2019:2775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"name": "RHSA-2019:2799",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"name": "RHSA-2019:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2949",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"name": "openSUSE-SU-2019:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"name": "openSUSE-SU-2019:2234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"name": "RHSA-2019:2955",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "openSUSE-SU-2019:2264",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"name": "RHSA-2019:3041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "RHSA-2019:4018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"name": "RHSA-2019:4019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"name": "RHSA-2019:4021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"name": "RHSA-2019:4020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"name": "DSA-4669",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#605641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "USN-4099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"name": "FEDORA-2019-befd924cfe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"name": "FEDORA-2019-81985a8858",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"name": "DSA-4505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"name": "FEDORA-2019-8a437d5c2f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"name": "FEDORA-2019-4427fd65be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"name": "FEDORA-2019-63ba15cc83",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"name": "DSA-4511",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"name": "FEDORA-2019-7a0b45fdc4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"name": "RHSA-2019:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"name": "openSUSE-SU-2019:2120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2745",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"name": "RHSA-2019:2746",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"name": "RHSA-2019:2775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"name": "RHSA-2019:2799",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"name": "RHSA-2019:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2949",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"name": "openSUSE-SU-2019:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"name": "openSUSE-SU-2019:2234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"name": "RHSA-2019:2955",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "openSUSE-SU-2019:2264",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"name": "RHSA-2019:3041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "RHSA-2019:4018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"name": "RHSA-2019:4019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"name": "RHSA-2019:4021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"name": "RHSA-2019:4020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"name": "DSA-4669",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "HTTP/2 Data Dribble",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9511",
"STATE": "PUBLIC",
"TITLE": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#605641",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "USN-4099-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"name": "FEDORA-2019-befd924cfe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"name": "FEDORA-2019-81985a8858",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"name": "DSA-4505",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"name": "FEDORA-2019-8a437d5c2f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"name": "FEDORA-2019-4427fd65be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"
},
{
"name": "FEDORA-2019-63ba15cc83",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"
},
{
"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"name": "DSA-4511",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"name": "FEDORA-2019-7a0b45fdc4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"name": "RHSA-2019:2692",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"name": "openSUSE-SU-2019:2120",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2745",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"name": "RHSA-2019:2746",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"name": "RHSA-2019:2775",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"name": "RHSA-2019:2799",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"name": "RHSA-2019:2925",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2949",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"name": "openSUSE-SU-2019:2232",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"name": "openSUSE-SU-2019:2234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"name": "RHSA-2019:2955",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "openSUSE-SU-2019:2264",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"name": "RHSA-2019:3041",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "RHSA-2019:4018",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"name": "RHSA-2019:4019",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"name": "RHSA-2019:4021",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"name": "RHSA-2019:4020",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"name": "DSA-4669",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_33",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"name": "https://support.f5.com/csp/article/K02591030",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"name": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9511",
"datePublished": "2019-08-13T20:50:59.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-9511",
"date": "2026-05-29",
"epss": "0.13725",
"percentile": "0.94383"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-9511\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2019-08-13T21:15:12.223\",\"lastModified\":\"2025-01-14T19:29:55.853\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\"},{\"lang\":\"es\",\"value\":\"Algunas implementaciones de HTTP / 2 son vulnerables a la manipulaci\u00f3n del tama\u00f1o de la ventana y la manipulaci\u00f3n de priorizaci\u00f3n de flujo, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante solicita una gran cantidad de datos de un recurso especificado a trav\u00e9s de m\u00faltiples flujos. Manipulan el tama\u00f1o de la ventana y la prioridad de transmisi\u00f3n para obligar al servidor a poner en cola los datos en fragmentos de 1 byte. Dependiendo de cu\u00e1n eficientemente se pongan en cola estos datos, esto puede consumir un exceso de CPU, memoria o ambos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.4.0\",\"matchCriteriaId\":\"93988E60-006B-434D-AB16-1FA1D2FEBC2A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.12\",\"matchCriteriaId\":\"1D294D56-E784-4DA8-9C2C-BC5A05C92C0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.04\",\"matchCriteriaId\":\"65B1D2F6-BC1F-47AF-B4E6-4B50986AC622\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.2.3\",\"matchCriteriaId\":\"603BF43B-FC99-4039-A3C0-467F015A32FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.1.6\",\"matchCriteriaId\":\"07BB02CE-D4F2-459C-B0C6-FF78BF7996AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.3\",\"matchCriteriaId\":\"D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C997777-BE79-4F77-90D7-E1A71D474D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9685B12-824F-42AD-B87C-6E7A78BB7FA5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D0C5120-B961-440F-B454-584BC54B549C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CCBDFF9-AF42-4681-879B-CF789EBAD130\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2466282-51AB-478D-9FF4-FA524265ED2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0952BA1A-5DF9-400F-B01F-C3A398A8A2D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B157A2D-3422-4224-82D9-15AB3B989075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"732F14CE-7994-4DD2-A28B-AE9E79826C01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1987BDA-0113-4603-B9BE-76647EB043F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7EE4B6-A6EC-4B9B-91DF-79615796673F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C120C2F1-D50D-49CC-8E96-207ACCA49674\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.7.2.0\",\"versionEndExcluding\":\"7.7.2.24\",\"matchCriteriaId\":\"765E9856-2748-4A8B-91F5-A4DB3C8C547A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.8.2.0\",\"versionEndExcluding\":\"7.8.2.13\",\"matchCriteriaId\":\"EE6E66B1-3291-4E8E-93D6-30E9FDCF983E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.2.0\",\"matchCriteriaId\":\"227104AD-396D-4ADD-87C7-C4CD5583DA04\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.9.5\",\"versionEndExcluding\":\"1.16.1\",\"matchCriteriaId\":\"68DD813A-1BC4-45FB-A3C4-E1BCE5F82EC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.17.0\",\"versionEndIncluding\":\"1.17.2\",\"matchCriteriaId\":\"DF1705D3-ABAB-477E-9572-7D4DBAB4E38B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E11C65C3-1B17-4362-A99C-59583081A24D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348EEE70-E114-4720-AAAF-E77DE5C9A2D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.8.1\",\"matchCriteriaId\":\"74FB695D-2C76-47AB-988E-5629D2E695E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.16.1\",\"matchCriteriaId\":\"CFC0252A-DF1D-4CF4-B450-27267227B599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.12.0\",\"matchCriteriaId\":\"25A3180B-21AF-4010-9DAB-41ADFD2D8031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"10.13.0\",\"versionEndExcluding\":\"10.16.3\",\"matchCriteriaId\":\"2EC65858-FF7B-4171-82EA-80942D426F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.8.1\",\"matchCriteriaId\":\"F522C500-AA33-4029-865F-F27FB00A354E\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2692\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2745\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2746\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2775\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2799\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2925\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2939\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2949\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2955\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2966\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3041\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4018\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4019\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4020\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4021\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/605641/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/40\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Sep/1\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0002/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0005/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K02591030\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4099-1/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4505\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4511\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4669\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_33\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2745\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2925\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2955\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/605641/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/40\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Sep/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K02591030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4099-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4511\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2019:2254-1
Vulnerability from csaf_suse - Published: 2019-08-29 16:53 - Updated: 2019-08-29 16:53Summary
Security update for nodejs10
Severity
Important
Notes
Title of the patch: Security update for nodejs10
Description of the patch: This update for nodejs10 to version 10.16.3 fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).
- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).
- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).
Patchnames: SUSE-2019-2254,SUSE-SLE-Module-Web-Scripting-12-2019-2254
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
57 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs10 to version 10.16.3 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2254,SUSE-SLE-Module-Web-Scripting-12-2019-2254",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2254-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2254-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2254-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-August/005861.html"
},
{
"category": "self",
"summary": "SUSE Bug 1146090",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "self",
"summary": "SUSE Bug 1146091",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "self",
"summary": "SUSE Bug 1146093",
"url": "https://bugzilla.suse.com/1146093"
},
{
"category": "self",
"summary": "SUSE Bug 1146094",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "self",
"summary": "SUSE Bug 1146095",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "self",
"summary": "SUSE Bug 1146097",
"url": "https://bugzilla.suse.com/1146097"
},
{
"category": "self",
"summary": "SUSE Bug 1146099",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "self",
"summary": "SUSE Bug 1146100",
"url": "https://bugzilla.suse.com/1146100"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9515 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9518 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9518/"
}
],
"title": "Security update for nodejs10",
"tracking": {
"current_release_date": "2019-08-29T16:53:45Z",
"generator": {
"date": "2019-08-29T16:53:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2254-1",
"initial_release_date": "2019-08-29T16:53:45Z",
"revision_history": [
{
"date": "2019-08-29T16:53:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.aarch64",
"product": {
"name": "nodejs10-10.16.3-1.12.1.aarch64",
"product_id": "nodejs10-10.16.3-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.aarch64",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.aarch64",
"product_id": "nodejs10-devel-10.16.3-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.aarch64",
"product": {
"name": "npm10-10.16.3-1.12.1.aarch64",
"product_id": "npm10-10.16.3-1.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.i586",
"product": {
"name": "nodejs10-10.16.3-1.12.1.i586",
"product_id": "nodejs10-10.16.3-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.i586",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.i586",
"product_id": "nodejs10-devel-10.16.3-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.i586",
"product": {
"name": "npm10-10.16.3-1.12.1.i586",
"product_id": "npm10-10.16.3-1.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-docs-10.16.3-1.12.1.noarch",
"product": {
"name": "nodejs10-docs-10.16.3-1.12.1.noarch",
"product_id": "nodejs10-docs-10.16.3-1.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.ppc64le",
"product": {
"name": "nodejs10-10.16.3-1.12.1.ppc64le",
"product_id": "nodejs10-10.16.3-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.ppc64le",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.ppc64le",
"product_id": "nodejs10-devel-10.16.3-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.ppc64le",
"product": {
"name": "npm10-10.16.3-1.12.1.ppc64le",
"product_id": "npm10-10.16.3-1.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.s390",
"product": {
"name": "nodejs10-10.16.3-1.12.1.s390",
"product_id": "nodejs10-10.16.3-1.12.1.s390"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.s390",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.s390",
"product_id": "nodejs10-devel-10.16.3-1.12.1.s390"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.s390",
"product": {
"name": "npm10-10.16.3-1.12.1.s390",
"product_id": "npm10-10.16.3-1.12.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.s390x",
"product": {
"name": "nodejs10-10.16.3-1.12.1.s390x",
"product_id": "nodejs10-10.16.3-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.s390x",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.s390x",
"product_id": "nodejs10-devel-10.16.3-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.s390x",
"product": {
"name": "npm10-10.16.3-1.12.1.s390x",
"product_id": "npm10-10.16.3-1.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.x86_64",
"product": {
"name": "nodejs10-10.16.3-1.12.1.x86_64",
"product_id": "nodejs10-10.16.3-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.x86_64",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.x86_64",
"product_id": "nodejs10-devel-10.16.3-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.x86_64",
"product": {
"name": "npm10-10.16.3-1.12.1.x86_64",
"product_id": "npm10-10.16.3-1.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64"
},
"product_reference": "nodejs10-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le"
},
"product_reference": "nodejs10-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x"
},
"product_reference": "nodejs10-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64"
},
"product_reference": "nodejs10-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-docs-10.16.3-1.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch"
},
"product_reference": "nodejs10-docs-10.16.3-1.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64"
},
"product_reference": "npm10-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le"
},
"product_reference": "npm10-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x"
},
"product_reference": "npm10-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
},
"product_reference": "npm10-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:53:45Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:53:45Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:53:45Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:53:45Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9515"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9515",
"url": "https://www.suse.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146100 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1146100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:53:45Z",
"details": "important"
}
],
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:53:45Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:53:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
},
{
"cve": "CVE-2019-9518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9518"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9518",
"url": "https://www.suse.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146093 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1146093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:53:45Z",
"details": "important"
}
],
"title": "CVE-2019-9518"
}
]
}
SUSE-SU-2019:2259-1
Vulnerability from csaf_suse - Published: 2019-09-02 07:04 - Updated: 2019-09-02 07:04Summary
Security update for nodejs10
Severity
Important
Notes
Title of the patch: Security update for nodejs10
Description of the patch: This update for nodejs10 to version 10.16.3 fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).
- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).
- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).
Patchnames: SUSE-2019-2259,SUSE-SLE-Module-Web-Scripting-15-2019-2259,SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2259
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
57 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs10 to version 10.16.3 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2259,SUSE-SLE-Module-Web-Scripting-15-2019-2259,SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2259",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2259-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2259-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192259-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2259-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-September/005863.html"
},
{
"category": "self",
"summary": "SUSE Bug 1146090",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "self",
"summary": "SUSE Bug 1146091",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "self",
"summary": "SUSE Bug 1146093",
"url": "https://bugzilla.suse.com/1146093"
},
{
"category": "self",
"summary": "SUSE Bug 1146094",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "self",
"summary": "SUSE Bug 1146095",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "self",
"summary": "SUSE Bug 1146097",
"url": "https://bugzilla.suse.com/1146097"
},
{
"category": "self",
"summary": "SUSE Bug 1146099",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "self",
"summary": "SUSE Bug 1146100",
"url": "https://bugzilla.suse.com/1146100"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9515 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9518 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9518/"
}
],
"title": "Security update for nodejs10",
"tracking": {
"current_release_date": "2019-09-02T07:04:04Z",
"generator": {
"date": "2019-09-02T07:04:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2259-1",
"initial_release_date": "2019-09-02T07:04:04Z",
"revision_history": [
{
"date": "2019-09-02T07:04:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.aarch64",
"product": {
"name": "nodejs10-10.16.3-1.12.1.aarch64",
"product_id": "nodejs10-10.16.3-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.aarch64",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.aarch64",
"product_id": "nodejs10-devel-10.16.3-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.aarch64",
"product": {
"name": "npm10-10.16.3-1.12.1.aarch64",
"product_id": "npm10-10.16.3-1.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.i586",
"product": {
"name": "nodejs10-10.16.3-1.12.1.i586",
"product_id": "nodejs10-10.16.3-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.i586",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.i586",
"product_id": "nodejs10-devel-10.16.3-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.i586",
"product": {
"name": "npm10-10.16.3-1.12.1.i586",
"product_id": "npm10-10.16.3-1.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-docs-10.16.3-1.12.1.noarch",
"product": {
"name": "nodejs10-docs-10.16.3-1.12.1.noarch",
"product_id": "nodejs10-docs-10.16.3-1.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.ppc64le",
"product": {
"name": "nodejs10-10.16.3-1.12.1.ppc64le",
"product_id": "nodejs10-10.16.3-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.ppc64le",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.ppc64le",
"product_id": "nodejs10-devel-10.16.3-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.ppc64le",
"product": {
"name": "npm10-10.16.3-1.12.1.ppc64le",
"product_id": "npm10-10.16.3-1.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.s390x",
"product": {
"name": "nodejs10-10.16.3-1.12.1.s390x",
"product_id": "nodejs10-10.16.3-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.s390x",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.s390x",
"product_id": "nodejs10-devel-10.16.3-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.s390x",
"product": {
"name": "npm10-10.16.3-1.12.1.s390x",
"product_id": "npm10-10.16.3-1.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-1.12.1.x86_64",
"product": {
"name": "nodejs10-10.16.3-1.12.1.x86_64",
"product_id": "nodejs10-10.16.3-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-1.12.1.x86_64",
"product": {
"name": "nodejs10-devel-10.16.3-1.12.1.x86_64",
"product_id": "nodejs10-devel-10.16.3-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-1.12.1.x86_64",
"product": {
"name": "npm10-10.16.3-1.12.1.x86_64",
"product_id": "npm10-10.16.3-1.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64"
},
"product_reference": "nodejs10-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le"
},
"product_reference": "nodejs10-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x"
},
"product_reference": "nodejs10-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64"
},
"product_reference": "nodejs10-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-docs-10.16.3-1.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch"
},
"product_reference": "nodejs10-docs-10.16.3-1.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64"
},
"product_reference": "npm10-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le"
},
"product_reference": "npm10-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x"
},
"product_reference": "npm10-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
},
"product_reference": "npm10-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64"
},
"product_reference": "nodejs10-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le"
},
"product_reference": "nodejs10-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x"
},
"product_reference": "nodejs10-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64"
},
"product_reference": "nodejs10-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64"
},
"product_reference": "nodejs10-devel-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-docs-10.16.3-1.12.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch"
},
"product_reference": "nodejs10-docs-10.16.3-1.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64"
},
"product_reference": "npm10-10.16.3-1.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le"
},
"product_reference": "npm10-10.16.3-1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x"
},
"product_reference": "npm10-10.16.3-1.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-1.12.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64"
},
"product_reference": "npm10-10.16.3-1.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:04Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:04Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:04Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:04Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9515"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9515",
"url": "https://www.suse.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146100 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1146100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:04Z",
"details": "important"
}
],
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:04Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:04Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
},
{
"cve": "CVE-2019-9518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9518"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9518",
"url": "https://www.suse.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146093 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1146093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.16.3-1.12.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.16.3-1.12.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.16.3-1.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:04Z",
"details": "important"
}
],
"title": "CVE-2019-9518"
}
]
}
SUSE-SU-2019:2260-1
Vulnerability from csaf_suse - Published: 2019-09-02 07:04 - Updated: 2019-09-02 07:04Summary
Security update for nodejs8
Severity
Important
Notes
Title of the patch: Security update for nodejs8
Description of the patch: This update for nodejs8 to version 8.16.1 fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).
- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).
- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).
Bug fixes:
- Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).
Patchnames: SUSE-2019-2260,SUSE-SLE-Module-Web-Scripting-15-2019-2260,SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2260
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
58 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs8",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs8 to version 8.16.1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nBug fixes:\n\n- Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2260,SUSE-SLE-Module-Web-Scripting-15-2019-2260,SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2260",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2260-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2260-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2260-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-September/005862.html"
},
{
"category": "self",
"summary": "SUSE Bug 1144919",
"url": "https://bugzilla.suse.com/1144919"
},
{
"category": "self",
"summary": "SUSE Bug 1146090",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "self",
"summary": "SUSE Bug 1146091",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "self",
"summary": "SUSE Bug 1146093",
"url": "https://bugzilla.suse.com/1146093"
},
{
"category": "self",
"summary": "SUSE Bug 1146094",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "self",
"summary": "SUSE Bug 1146095",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "self",
"summary": "SUSE Bug 1146097",
"url": "https://bugzilla.suse.com/1146097"
},
{
"category": "self",
"summary": "SUSE Bug 1146099",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "self",
"summary": "SUSE Bug 1146100",
"url": "https://bugzilla.suse.com/1146100"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9515 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9518 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9518/"
}
],
"title": "Security update for nodejs8",
"tracking": {
"current_release_date": "2019-09-02T07:04:20Z",
"generator": {
"date": "2019-09-02T07:04:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2260-1",
"initial_release_date": "2019-09-02T07:04:20Z",
"revision_history": [
{
"date": "2019-09-02T07:04:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.16.1-3.20.1.aarch64",
"product": {
"name": "nodejs8-8.16.1-3.20.1.aarch64",
"product_id": "nodejs8-8.16.1-3.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.16.1-3.20.1.aarch64",
"product": {
"name": "nodejs8-devel-8.16.1-3.20.1.aarch64",
"product_id": "nodejs8-devel-8.16.1-3.20.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm8-8.16.1-3.20.1.aarch64",
"product": {
"name": "npm8-8.16.1-3.20.1.aarch64",
"product_id": "npm8-8.16.1-3.20.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.16.1-3.20.1.i586",
"product": {
"name": "nodejs8-8.16.1-3.20.1.i586",
"product_id": "nodejs8-8.16.1-3.20.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.16.1-3.20.1.i586",
"product": {
"name": "nodejs8-devel-8.16.1-3.20.1.i586",
"product_id": "nodejs8-devel-8.16.1-3.20.1.i586"
}
},
{
"category": "product_version",
"name": "npm8-8.16.1-3.20.1.i586",
"product": {
"name": "npm8-8.16.1-3.20.1.i586",
"product_id": "npm8-8.16.1-3.20.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-docs-8.16.1-3.20.1.noarch",
"product": {
"name": "nodejs8-docs-8.16.1-3.20.1.noarch",
"product_id": "nodejs8-docs-8.16.1-3.20.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.16.1-3.20.1.ppc64le",
"product": {
"name": "nodejs8-8.16.1-3.20.1.ppc64le",
"product_id": "nodejs8-8.16.1-3.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.16.1-3.20.1.ppc64le",
"product": {
"name": "nodejs8-devel-8.16.1-3.20.1.ppc64le",
"product_id": "nodejs8-devel-8.16.1-3.20.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm8-8.16.1-3.20.1.ppc64le",
"product": {
"name": "npm8-8.16.1-3.20.1.ppc64le",
"product_id": "npm8-8.16.1-3.20.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.16.1-3.20.1.s390x",
"product": {
"name": "nodejs8-8.16.1-3.20.1.s390x",
"product_id": "nodejs8-8.16.1-3.20.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.16.1-3.20.1.s390x",
"product": {
"name": "nodejs8-devel-8.16.1-3.20.1.s390x",
"product_id": "nodejs8-devel-8.16.1-3.20.1.s390x"
}
},
{
"category": "product_version",
"name": "npm8-8.16.1-3.20.1.s390x",
"product": {
"name": "npm8-8.16.1-3.20.1.s390x",
"product_id": "npm8-8.16.1-3.20.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.16.1-3.20.1.x86_64",
"product": {
"name": "nodejs8-8.16.1-3.20.1.x86_64",
"product_id": "nodejs8-8.16.1-3.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.16.1-3.20.1.x86_64",
"product": {
"name": "nodejs8-devel-8.16.1-3.20.1.x86_64",
"product_id": "nodejs8-devel-8.16.1-3.20.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm8-8.16.1-3.20.1.x86_64",
"product": {
"name": "npm8-8.16.1-3.20.1.x86_64",
"product_id": "npm8-8.16.1-3.20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-3.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64"
},
"product_reference": "nodejs8-8.16.1-3.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-3.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le"
},
"product_reference": "nodejs8-8.16.1-3.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-3.20.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x"
},
"product_reference": "nodejs8-8.16.1-3.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-3.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64"
},
"product_reference": "nodejs8-8.16.1-3.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-3.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64"
},
"product_reference": "nodejs8-devel-8.16.1-3.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-3.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le"
},
"product_reference": "nodejs8-devel-8.16.1-3.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-3.20.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x"
},
"product_reference": "nodejs8-devel-8.16.1-3.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-3.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64"
},
"product_reference": "nodejs8-devel-8.16.1-3.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-docs-8.16.1-3.20.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch"
},
"product_reference": "nodejs8-docs-8.16.1-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-3.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64"
},
"product_reference": "npm8-8.16.1-3.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-3.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le"
},
"product_reference": "npm8-8.16.1-3.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-3.20.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x"
},
"product_reference": "npm8-8.16.1-3.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-3.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
},
"product_reference": "npm8-8.16.1-3.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-3.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64"
},
"product_reference": "nodejs8-8.16.1-3.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-3.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le"
},
"product_reference": "nodejs8-8.16.1-3.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-3.20.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x"
},
"product_reference": "nodejs8-8.16.1-3.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-3.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64"
},
"product_reference": "nodejs8-8.16.1-3.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-3.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64"
},
"product_reference": "nodejs8-devel-8.16.1-3.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-3.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le"
},
"product_reference": "nodejs8-devel-8.16.1-3.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-3.20.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x"
},
"product_reference": "nodejs8-devel-8.16.1-3.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-3.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64"
},
"product_reference": "nodejs8-devel-8.16.1-3.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-docs-8.16.1-3.20.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch"
},
"product_reference": "nodejs8-docs-8.16.1-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-3.20.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64"
},
"product_reference": "npm8-8.16.1-3.20.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-3.20.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le"
},
"product_reference": "npm8-8.16.1-3.20.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-3.20.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x"
},
"product_reference": "npm8-8.16.1-3.20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-3.20.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64"
},
"product_reference": "npm8-8.16.1-3.20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:20Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:20Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:20Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:20Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9515"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9515",
"url": "https://www.suse.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146100 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1146100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:20Z",
"details": "important"
}
],
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:20Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:20Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
},
{
"cve": "CVE-2019-9518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9518"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9518",
"url": "https://www.suse.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146093 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1146093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel-8.16.1-3.20.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs-8.16.1-3.20.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15:npm8-8.16.1-3.20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T07:04:20Z",
"details": "important"
}
],
"title": "CVE-2019-9518"
}
]
}
SUSE-SU-2019:2309-1
Vulnerability from csaf_suse - Published: 2019-09-05 14:00 - Updated: 2019-09-05 14:00Summary
Security update for nginx
Severity
Important
Notes
Title of the patch: Security update for nginx
Description of the patch: This update for nginx fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).
- CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).
- CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).
- CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015).
- CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022).
- CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025).
Patchnames: SUSE-2019-2309,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2309,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2309
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nginx",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nginx fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).\n- CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).\n- CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).\n- CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015).\n- CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022).\n- CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2309,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2309,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2309",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2309-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2309-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2309-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-September/005885.html"
},
{
"category": "self",
"summary": "SUSE Bug 1115015",
"url": "https://bugzilla.suse.com/1115015"
},
{
"category": "self",
"summary": "SUSE Bug 1115022",
"url": "https://bugzilla.suse.com/1115022"
},
{
"category": "self",
"summary": "SUSE Bug 1115025",
"url": "https://bugzilla.suse.com/1115025"
},
{
"category": "self",
"summary": "SUSE Bug 1145579",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "self",
"summary": "SUSE Bug 1145580",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "self",
"summary": "SUSE Bug 1145582",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16843 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16844 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16845 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
}
],
"title": "Security update for nginx",
"tracking": {
"current_release_date": "2019-09-05T14:00:22Z",
"generator": {
"date": "2019-09-05T14:00:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2309-1",
"initial_release_date": "2019-09-05T14:00:22Z",
"revision_history": [
{
"date": "2019-09-05T14:00:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-6.3.1.aarch64",
"product": {
"name": "nginx-1.14.2-6.3.1.aarch64",
"product_id": "nginx-1.14.2-6.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-6.3.1.i586",
"product": {
"name": "nginx-1.14.2-6.3.1.i586",
"product_id": "nginx-1.14.2-6.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-source-1.14.2-6.3.1.noarch",
"product": {
"name": "nginx-source-1.14.2-6.3.1.noarch",
"product_id": "nginx-source-1.14.2-6.3.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-plugin-nginx-1.14.2-6.3.1.noarch",
"product": {
"name": "vim-plugin-nginx-1.14.2-6.3.1.noarch",
"product_id": "vim-plugin-nginx-1.14.2-6.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-6.3.1.ppc64le",
"product": {
"name": "nginx-1.14.2-6.3.1.ppc64le",
"product_id": "nginx-1.14.2-6.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-6.3.1.s390x",
"product": {
"name": "nginx-1.14.2-6.3.1.s390x",
"product_id": "nginx-1.14.2-6.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-6.3.1.x86_64",
"product": {
"name": "nginx-1.14.2-6.3.1.x86_64",
"product_id": "nginx-1.14.2-6.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.14.2-6.3.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64"
},
"product_reference": "nginx-1.14.2-6.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.14.2-6.3.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le"
},
"product_reference": "nginx-1.14.2-6.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.14.2-6.3.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x"
},
"product_reference": "nginx-1.14.2-6.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.14.2-6.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64"
},
"product_reference": "nginx-1.14.2-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.14.2-6.3.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
},
"product_reference": "nginx-source-1.14.2-6.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16843"
}
],
"notes": [
{
"category": "general",
"text": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16843",
"url": "https://www.suse.com/security/cve/CVE-2018-16843"
},
{
"category": "external",
"summary": "SUSE Bug 1115022 for CVE-2018-16843",
"url": "https://bugzilla.suse.com/1115022"
},
{
"category": "external",
"summary": "SUSE Bug 1115025 for CVE-2018-16843",
"url": "https://bugzilla.suse.com/1115025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T14:00:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-16843"
},
{
"cve": "CVE-2018-16844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16844"
}
],
"notes": [
{
"category": "general",
"text": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16844",
"url": "https://www.suse.com/security/cve/CVE-2018-16844"
},
{
"category": "external",
"summary": "SUSE Bug 1115022 for CVE-2018-16844",
"url": "https://bugzilla.suse.com/1115022"
},
{
"category": "external",
"summary": "SUSE Bug 1115025 for CVE-2018-16844",
"url": "https://bugzilla.suse.com/1115025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T14:00:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-16844"
},
{
"cve": "CVE-2018-16845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16845"
}
],
"notes": [
{
"category": "general",
"text": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16845",
"url": "https://www.suse.com/security/cve/CVE-2018-16845"
},
{
"category": "external",
"summary": "SUSE Bug 1115015 for CVE-2018-16845",
"url": "https://bugzilla.suse.com/1115015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T14:00:22Z",
"details": "important"
}
],
"title": "CVE-2018-16845"
},
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T14:00:22Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T14:00:22Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-1.14.2-6.3.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:nginx-source-1.14.2-6.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T14:00:22Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
}
]
}
SUSE-SU-2019:2473-1
Vulnerability from csaf_suse - Published: 2019-09-26 08:02 - Updated: 2019-09-26 08:02Summary
Security update for nghttp2
Severity
Moderate
Notes
Title of the patch: Security update for nghttp2
Description of the patch: This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461).
Bug fixes and enhancements:
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
Patchnames: SUSE-2019-2473,SUSE-SLE-Module-Basesystem-15-2019-2473,SUSE-SLE-Module-Basesystem-15-SP1-2019-2473,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2473,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2473
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nghttp2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nghttp2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).\n- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461).\n\nBug fixes and enhancements:\n\n- Fixed mistake in spec file (bsc#1125689)\n- Fixed build issue with boost 1.70.0 (bsc#1134616)\n- Feature: Add W\u0026S module (FATE#326776, bsc#1112438)\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2473,SUSE-SLE-Module-Basesystem-15-2019-2473,SUSE-SLE-Module-Basesystem-15-SP1-2019-2473,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2473,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2473",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2473-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2473-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192473-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2473-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-September/005969.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112438",
"url": "https://bugzilla.suse.com/1112438"
},
{
"category": "self",
"summary": "SUSE Bug 1125689",
"url": "https://bugzilla.suse.com/1125689"
},
{
"category": "self",
"summary": "SUSE Bug 1134616",
"url": "https://bugzilla.suse.com/1134616"
},
{
"category": "self",
"summary": "SUSE Bug 1146182",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "self",
"summary": "SUSE Bug 1146184",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
}
],
"title": "Security update for nghttp2",
"tracking": {
"current_release_date": "2019-09-26T08:02:06Z",
"generator": {
"date": "2019-09-26T08:02:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2473-1",
"initial_release_date": "2019-09-26T08:02:06Z",
"revision_history": [
{
"date": "2019-09-26T08:02:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.3.1.aarch64",
"product": {
"name": "libnghttp2-14-1.39.2-3.3.1.aarch64",
"product_id": "libnghttp2-14-1.39.2-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.3.1.aarch64",
"product": {
"name": "libnghttp2-devel-1.39.2-3.3.1.aarch64",
"product_id": "libnghttp2-devel-1.39.2-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"product_id": "libnghttp2_asio-devel-1.39.2-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"product_id": "libnghttp2_asio1-1.39.2-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.3.1.aarch64",
"product": {
"name": "nghttp2-1.39.2-3.3.1.aarch64",
"product_id": "nghttp2-1.39.2-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.3.1.aarch64",
"product": {
"name": "python3-nghttp2-1.39.2-3.3.1.aarch64",
"product_id": "python3-nghttp2-1.39.2-3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-64bit-1.39.2-3.3.1.aarch64_ilp32",
"product": {
"name": "libnghttp2-14-64bit-1.39.2-3.3.1.aarch64_ilp32",
"product_id": "libnghttp2-14-64bit-1.39.2-3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-64bit-1.39.2-3.3.1.aarch64_ilp32",
"product": {
"name": "libnghttp2_asio1-64bit-1.39.2-3.3.1.aarch64_ilp32",
"product_id": "libnghttp2_asio1-64bit-1.39.2-3.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.3.1.i586",
"product": {
"name": "libnghttp2-14-1.39.2-3.3.1.i586",
"product_id": "libnghttp2-14-1.39.2-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.3.1.i586",
"product": {
"name": "libnghttp2-devel-1.39.2-3.3.1.i586",
"product_id": "libnghttp2-devel-1.39.2-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.i586",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.i586",
"product_id": "libnghttp2_asio-devel-1.39.2-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.3.1.i586",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.i586",
"product_id": "libnghttp2_asio1-1.39.2-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.3.1.i586",
"product": {
"name": "nghttp2-1.39.2-3.3.1.i586",
"product_id": "nghttp2-1.39.2-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.3.1.i586",
"product": {
"name": "python3-nghttp2-1.39.2-3.3.1.i586",
"product_id": "python3-nghttp2-1.39.2-3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.3.1.ppc64le",
"product": {
"name": "libnghttp2-14-1.39.2-3.3.1.ppc64le",
"product_id": "libnghttp2-14-1.39.2-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"product": {
"name": "libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"product_id": "libnghttp2-devel-1.39.2-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"product_id": "libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"product_id": "libnghttp2_asio1-1.39.2-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.3.1.ppc64le",
"product": {
"name": "nghttp2-1.39.2-3.3.1.ppc64le",
"product_id": "nghttp2-1.39.2-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.3.1.ppc64le",
"product": {
"name": "python3-nghttp2-1.39.2-3.3.1.ppc64le",
"product_id": "python3-nghttp2-1.39.2-3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.3.1.s390x",
"product": {
"name": "libnghttp2-14-1.39.2-3.3.1.s390x",
"product_id": "libnghttp2-14-1.39.2-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.3.1.s390x",
"product": {
"name": "libnghttp2-devel-1.39.2-3.3.1.s390x",
"product_id": "libnghttp2-devel-1.39.2-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"product_id": "libnghttp2_asio-devel-1.39.2-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.3.1.s390x",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.s390x",
"product_id": "libnghttp2_asio1-1.39.2-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.3.1.s390x",
"product": {
"name": "nghttp2-1.39.2-3.3.1.s390x",
"product_id": "nghttp2-1.39.2-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.3.1.s390x",
"product": {
"name": "python3-nghttp2-1.39.2-3.3.1.s390x",
"product_id": "python3-nghttp2-1.39.2-3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.3.1.x86_64",
"product": {
"name": "libnghttp2-14-1.39.2-3.3.1.x86_64",
"product_id": "libnghttp2-14-1.39.2-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"product": {
"name": "libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"product_id": "libnghttp2-14-32bit-1.39.2-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.3.1.x86_64",
"product": {
"name": "libnghttp2-devel-1.39.2-3.3.1.x86_64",
"product_id": "libnghttp2-devel-1.39.2-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"product_id": "libnghttp2_asio-devel-1.39.2-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"product_id": "libnghttp2_asio1-1.39.2-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-32bit-1.39.2-3.3.1.x86_64",
"product": {
"name": "libnghttp2_asio1-32bit-1.39.2-3.3.1.x86_64",
"product_id": "libnghttp2_asio1-32bit-1.39.2-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.3.1.x86_64",
"product": {
"name": "nghttp2-1.39.2-3.3.1.x86_64",
"product_id": "nghttp2-1.39.2-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.3.1.x86_64",
"product": {
"name": "python3-nghttp2-1.39.2-3.3.1.x86_64",
"product_id": "python3-nghttp2-1.39.2-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-1.39.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64"
},
"product_reference": "libnghttp2-devel-1.39.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-1.39.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le"
},
"product_reference": "libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-1.39.2-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x"
},
"product_reference": "libnghttp2-devel-1.39.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2-devel-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64"
},
"product_reference": "libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le"
},
"product_reference": "libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x"
},
"product_reference": "libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64"
},
"product_reference": "libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le"
},
"product_reference": "libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x"
},
"product_reference": "libnghttp2_asio1-1.39.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-1.39.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64"
},
"product_reference": "libnghttp2-devel-1.39.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-1.39.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le"
},
"product_reference": "libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-1.39.2-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x"
},
"product_reference": "libnghttp2-devel-1.39.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2-devel-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64"
},
"product_reference": "libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le"
},
"product_reference": "libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x"
},
"product_reference": "libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio-devel-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64"
},
"product_reference": "libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le"
},
"product_reference": "libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x"
},
"product_reference": "libnghttp2_asio1-1.39.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2_asio1-1.39.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64"
},
"product_reference": "libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-26T08:02:06Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libnghttp2_asio1-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-14-32bit-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio-devel-1.39.2-3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libnghttp2_asio1-1.39.2-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-26T08:02:06Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
}
]
}
SUSE-SU-2019:2559-1
Vulnerability from csaf_suse - Published: 2019-10-04 11:53 - Updated: 2019-10-04 11:53Summary
Security update for nginx
Severity
Moderate
Notes
Title of the patch: Security update for nginx
Description of the patch: This update for nginx fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).
- CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).
- CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).
Patchnames: SUSE-2019-2559,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2559,SUSE-SLE-Module-Server-Applications-15-2019-2559
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nginx",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nginx fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).\n- CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).\n- CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2559,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2559,SUSE-SLE-Module-Server-Applications-15-2019-2559",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2559-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2559-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192559-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2559-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/005991.html"
},
{
"category": "self",
"summary": "SUSE Bug 1145579",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "self",
"summary": "SUSE Bug 1145580",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "self",
"summary": "SUSE Bug 1145582",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
}
],
"title": "Security update for nginx",
"tracking": {
"current_release_date": "2019-10-04T11:53:35Z",
"generator": {
"date": "2019-10-04T11:53:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2559-1",
"initial_release_date": "2019-10-04T11:53:35Z",
"revision_history": [
{
"date": "2019-10-04T11:53:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-3.6.1.aarch64",
"product": {
"name": "nginx-1.14.2-3.6.1.aarch64",
"product_id": "nginx-1.14.2-3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-3.6.1.i586",
"product": {
"name": "nginx-1.14.2-3.6.1.i586",
"product_id": "nginx-1.14.2-3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-plugin-nginx-1.14.2-3.6.1.noarch",
"product": {
"name": "vim-plugin-nginx-1.14.2-3.6.1.noarch",
"product_id": "vim-plugin-nginx-1.14.2-3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-3.6.1.ppc64le",
"product": {
"name": "nginx-1.14.2-3.6.1.ppc64le",
"product_id": "nginx-1.14.2-3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-3.6.1.s390x",
"product": {
"name": "nginx-1.14.2-3.6.1.s390x",
"product_id": "nginx-1.14.2-3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.14.2-3.6.1.x86_64",
"product": {
"name": "nginx-1.14.2-3.6.1.x86_64",
"product_id": "nginx-1.14.2-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.14.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64"
},
"product_reference": "nginx-1.14.2-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.14.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le"
},
"product_reference": "nginx-1.14.2-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.14.2-3.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x"
},
"product_reference": "nginx-1.14.2-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.14.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
},
"product_reference": "nginx-1.14.2-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-04T11:53:35Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-04T11:53:35Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:nginx-1.14.2-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-04T11:53:35Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
}
]
}
SUSE-SU-2020:0059-1
Vulnerability from csaf_suse - Published: 2020-01-09 12:30 - Updated: 2020-01-09 12:30Summary
Security update for nodejs12
Severity
Moderate
Notes
Title of the patch: Security update for nodejs12
Description of the patch: This update for nodejs12 fixes the following issues:
Update to LTS release 12.13.0 (jsc#SLE-8947).
Security issues fixed:
- CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091).
- CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099).
- CVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094).
- CVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
- CVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100).
- CVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
- CVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097).
- CVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).
- CVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290).
Patchnames: SUSE-2020-59,SUSE-SLE-Module-Web-Scripting-12-2020-59
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs12 fixes the following issues:\n\nUpdate to LTS release 12.13.0 (jsc#SLE-8947).\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091).\n- CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099).\n- CVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094).\n- CVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n- CVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100).\n- CVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n- CVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097).\n- CVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n- CVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-59,SUSE-SLE-Module-Web-Scripting-12-2020-59",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0059-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0059-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0059-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-January/006320.html"
},
{
"category": "self",
"summary": "SUSE Bug 1140290",
"url": "https://bugzilla.suse.com/1140290"
},
{
"category": "self",
"summary": "SUSE Bug 1146090",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "self",
"summary": "SUSE Bug 1146091",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "self",
"summary": "SUSE Bug 1146093",
"url": "https://bugzilla.suse.com/1146093"
},
{
"category": "self",
"summary": "SUSE Bug 1146094",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "self",
"summary": "SUSE Bug 1146095",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "self",
"summary": "SUSE Bug 1146097",
"url": "https://bugzilla.suse.com/1146097"
},
{
"category": "self",
"summary": "SUSE Bug 1146099",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "self",
"summary": "SUSE Bug 1146100",
"url": "https://bugzilla.suse.com/1146100"
},
{
"category": "self",
"summary": "SUSE Bug 1149792",
"url": "https://bugzilla.suse.com/1149792"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13173 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9515 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9518 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9518/"
},
{
"category": "self",
"summary": "SUSE Bug SLE-8947",
"url": "https://bugzilla.suse.com/SLE-8947"
}
],
"title": "Security update for nodejs12",
"tracking": {
"current_release_date": "2020-01-09T12:30:16Z",
"generator": {
"date": "2020-01-09T12:30:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0059-1",
"initial_release_date": "2020-01-09T12:30:16Z",
"revision_history": [
{
"date": "2020-01-09T12:30:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.13.0-1.3.1.aarch64",
"product": {
"name": "nodejs12-12.13.0-1.3.1.aarch64",
"product_id": "nodejs12-12.13.0-1.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.13.0-1.3.1.aarch64",
"product": {
"name": "nodejs12-devel-12.13.0-1.3.1.aarch64",
"product_id": "nodejs12-devel-12.13.0-1.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm12-12.13.0-1.3.1.aarch64",
"product": {
"name": "npm12-12.13.0-1.3.1.aarch64",
"product_id": "npm12-12.13.0-1.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-docs-12.13.0-1.3.1.noarch",
"product": {
"name": "nodejs12-docs-12.13.0-1.3.1.noarch",
"product_id": "nodejs12-docs-12.13.0-1.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.13.0-1.3.1.ppc64le",
"product": {
"name": "nodejs12-12.13.0-1.3.1.ppc64le",
"product_id": "nodejs12-12.13.0-1.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.13.0-1.3.1.ppc64le",
"product": {
"name": "nodejs12-devel-12.13.0-1.3.1.ppc64le",
"product_id": "nodejs12-devel-12.13.0-1.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm12-12.13.0-1.3.1.ppc64le",
"product": {
"name": "npm12-12.13.0-1.3.1.ppc64le",
"product_id": "npm12-12.13.0-1.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.13.0-1.3.1.s390x",
"product": {
"name": "nodejs12-12.13.0-1.3.1.s390x",
"product_id": "nodejs12-12.13.0-1.3.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.13.0-1.3.1.s390x",
"product": {
"name": "nodejs12-devel-12.13.0-1.3.1.s390x",
"product_id": "nodejs12-devel-12.13.0-1.3.1.s390x"
}
},
{
"category": "product_version",
"name": "npm12-12.13.0-1.3.1.s390x",
"product": {
"name": "npm12-12.13.0-1.3.1.s390x",
"product_id": "npm12-12.13.0-1.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.13.0-1.3.1.x86_64",
"product": {
"name": "nodejs12-12.13.0-1.3.1.x86_64",
"product_id": "nodejs12-12.13.0-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.13.0-1.3.1.x86_64",
"product": {
"name": "nodejs12-devel-12.13.0-1.3.1.x86_64",
"product_id": "nodejs12-devel-12.13.0-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm12-12.13.0-1.3.1.x86_64",
"product": {
"name": "npm12-12.13.0-1.3.1.x86_64",
"product_id": "npm12-12.13.0-1.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.13.0-1.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64"
},
"product_reference": "nodejs12-12.13.0-1.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.13.0-1.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le"
},
"product_reference": "nodejs12-12.13.0-1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.13.0-1.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x"
},
"product_reference": "nodejs12-12.13.0-1.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.13.0-1.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64"
},
"product_reference": "nodejs12-12.13.0-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.13.0-1.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64"
},
"product_reference": "nodejs12-devel-12.13.0-1.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.13.0-1.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le"
},
"product_reference": "nodejs12-devel-12.13.0-1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.13.0-1.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x"
},
"product_reference": "nodejs12-devel-12.13.0-1.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.13.0-1.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64"
},
"product_reference": "nodejs12-devel-12.13.0-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.13.0-1.3.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch"
},
"product_reference": "nodejs12-docs-12.13.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.13.0-1.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64"
},
"product_reference": "npm12-12.13.0-1.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.13.0-1.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le"
},
"product_reference": "npm12-12.13.0-1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.13.0-1.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x"
},
"product_reference": "npm12-12.13.0-1.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.13.0-1.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
},
"product_reference": "npm12-12.13.0-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13173"
}
],
"notes": [
{
"category": "general",
"text": "fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system\u0027s file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13173",
"url": "https://www.suse.com/security/cve/CVE-2019-13173"
},
{
"category": "external",
"summary": "SUSE Bug 1140290 for CVE-2019-13173",
"url": "https://bugzilla.suse.com/1140290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-13173"
},
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9515"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9515",
"url": "https://www.suse.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146100 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1146100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "important"
}
],
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
},
{
"cve": "CVE-2019-9518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9518"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9518",
"url": "https://www.suse.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146093 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1146093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "important"
}
],
"title": "CVE-2019-9518"
}
]
}
SUSE-SU-2021:0932-1
Vulnerability from csaf_suse - Published: 2021-03-24 11:13 - Updated: 2021-03-24 11:13Summary
Security update for nghttp2
Severity
Important
Notes
Title of the patch: Security update for nghttp2
Description of the patch: This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).
- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).
- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318)
- Typo in description of libnghttp2_asio1 (bsc#962914)
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Fixed build issue with GCC 6 (bsc#964140)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
Patchnames: HPE-Helion-OpenStack-8-2021-932,SUSE-2021-932,SUSE-OpenStack-Cloud-7-2021-932,SUSE-OpenStack-Cloud-8-2021-932,SUSE-OpenStack-Cloud-9-2021-932,SUSE-OpenStack-Cloud-Crowbar-8-2021-932,SUSE-OpenStack-Cloud-Crowbar-9-2021-932,SUSE-SLE-SAP-12-SP2-2021-932,SUSE-SLE-SAP-12-SP3-2021-932,SUSE-SLE-SAP-12-SP4-2021-932,SUSE-SLE-SERVER-12-SP2-2021-932,SUSE-SLE-SERVER-12-SP2-BCL-2021-932,SUSE-SLE-SERVER-12-SP3-2021-932,SUSE-SLE-SERVER-12-SP3-BCL-2021-932,SUSE-SLE-SERVER-12-SP4-LTSS-2021-932,SUSE-SLE-SERVER-12-SP5-2021-932
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.9 (Medium)
Affected products
Recommended
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nghttp2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nghttp2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).\n- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).\n- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).\n- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).\n- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).\n\nBug fixes and enhancements:\n\n- Packages must not mark license files as %doc (bsc#1082318)\n- Typo in description of libnghttp2_asio1 (bsc#962914)\n- Fixed mistake in spec file (bsc#1125689)\n- Fixed build issue with boost 1.70.0 (bsc#1134616)\n- Fixed build issue with GCC 6 (bsc#964140)\n- Feature: Add W\u0026S module (FATE#326776, bsc#1112438)\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2021-932,SUSE-2021-932,SUSE-OpenStack-Cloud-7-2021-932,SUSE-OpenStack-Cloud-8-2021-932,SUSE-OpenStack-Cloud-9-2021-932,SUSE-OpenStack-Cloud-Crowbar-8-2021-932,SUSE-OpenStack-Cloud-Crowbar-9-2021-932,SUSE-SLE-SAP-12-SP2-2021-932,SUSE-SLE-SAP-12-SP3-2021-932,SUSE-SLE-SAP-12-SP4-2021-932,SUSE-SLE-SERVER-12-SP2-2021-932,SUSE-SLE-SERVER-12-SP2-BCL-2021-932,SUSE-SLE-SERVER-12-SP3-2021-932,SUSE-SLE-SERVER-12-SP3-BCL-2021-932,SUSE-SLE-SERVER-12-SP4-LTSS-2021-932,SUSE-SLE-SERVER-12-SP5-2021-932",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0932-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0932-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210932-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0932-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008541.html"
},
{
"category": "self",
"summary": "SUSE Bug 1082318",
"url": "https://bugzilla.suse.com/1082318"
},
{
"category": "self",
"summary": "SUSE Bug 1088639",
"url": "https://bugzilla.suse.com/1088639"
},
{
"category": "self",
"summary": "SUSE Bug 1112438",
"url": "https://bugzilla.suse.com/1112438"
},
{
"category": "self",
"summary": "SUSE Bug 1125689",
"url": "https://bugzilla.suse.com/1125689"
},
{
"category": "self",
"summary": "SUSE Bug 1134616",
"url": "https://bugzilla.suse.com/1134616"
},
{
"category": "self",
"summary": "SUSE Bug 1146182",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "self",
"summary": "SUSE Bug 1146184",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "self",
"summary": "SUSE Bug 1181358",
"url": "https://bugzilla.suse.com/1181358"
},
{
"category": "self",
"summary": "SUSE Bug 962914",
"url": "https://bugzilla.suse.com/962914"
},
{
"category": "self",
"summary": "SUSE Bug 964140",
"url": "https://bugzilla.suse.com/964140"
},
{
"category": "self",
"summary": "SUSE Bug 966514",
"url": "https://bugzilla.suse.com/966514"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1544 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000168 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11080 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11080/"
}
],
"title": "Security update for nghttp2",
"tracking": {
"current_release_date": "2021-03-24T11:13:09Z",
"generator": {
"date": "2021-03-24T11:13:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0932-1",
"initial_release_date": "2021-03-24T11:13:09Z",
"revision_history": [
{
"date": "2021-03-24T11:13:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"product_id": "libnghttp2-14-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.aarch64",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.aarch64",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.aarch64",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.aarch64",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.aarch64",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.aarch64",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.aarch64",
"product": {
"name": "nghttp2-1.39.2-3.5.1.aarch64",
"product_id": "nghttp2-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.aarch64",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.aarch64",
"product_id": "python3-nghttp2-1.39.2-3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-64bit-1.39.2-3.5.1.aarch64_ilp32",
"product": {
"name": "libnghttp2-14-64bit-1.39.2-3.5.1.aarch64_ilp32",
"product_id": "libnghttp2-14-64bit-1.39.2-3.5.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-64bit-1.39.2-3.5.1.aarch64_ilp32",
"product": {
"name": "libnghttp2_asio1-64bit-1.39.2-3.5.1.aarch64_ilp32",
"product_id": "libnghttp2_asio1-64bit-1.39.2-3.5.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.i586",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.i586",
"product_id": "libnghttp2-14-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.i586",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.i586",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.i586",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.i586",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.i586",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.i586",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.i586",
"product": {
"name": "nghttp2-1.39.2-3.5.1.i586",
"product_id": "nghttp2-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.i586",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.i586",
"product_id": "python3-nghttp2-1.39.2-3.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"product_id": "libnghttp2-14-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.ppc64le",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.ppc64le",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.ppc64le",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.ppc64le",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.ppc64le",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.ppc64le",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.ppc64le",
"product": {
"name": "nghttp2-1.39.2-3.5.1.ppc64le",
"product_id": "nghttp2-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.ppc64le",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.ppc64le",
"product_id": "python3-nghttp2-1.39.2-3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.s390",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390",
"product_id": "libnghttp2-14-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.s390",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.s390",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.s390",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.s390",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.s390",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.s390",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.s390",
"product": {
"name": "nghttp2-1.39.2-3.5.1.s390",
"product_id": "nghttp2-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.s390",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.s390",
"product_id": "python3-nghttp2-1.39.2-3.5.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2-14-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-32bit-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2_asio1-32bit-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2_asio1-32bit-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.s390x",
"product": {
"name": "nghttp2-1.39.2-3.5.1.s390x",
"product_id": "nghttp2-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.s390x",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.s390x",
"product_id": "python3-nghttp2-1.39.2-3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2-14-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-32bit-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2_asio1-32bit-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2_asio1-32bit-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.x86_64",
"product": {
"name": "nghttp2-1.39.2-3.5.1.x86_64",
"product_id": "nghttp2-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.x86_64",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.x86_64",
"product_id": "python3-nghttp2-1.39.2-3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1544"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1544",
"url": "https://www.suse.com/security/cve/CVE-2016-1544"
},
{
"category": "external",
"summary": "SUSE Bug 966514 for CVE-2016-1544",
"url": "https://bugzilla.suse.com/966514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "low"
}
],
"title": "CVE-2016-1544"
},
{
"cve": "CVE-2018-1000168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000168"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 version \u003e= 1.10.0 and nghttp2 \u003c= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in \u003e= 1.31.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000168",
"url": "https://www.suse.com/security/cve/CVE-2018-1000168"
},
{
"category": "external",
"summary": "SUSE Bug 1088639 for CVE-2018-1000168",
"url": "https://bugzilla.suse.com/1088639"
},
{
"category": "external",
"summary": "SUSE Bug 1097401 for CVE-2018-1000168",
"url": "https://bugzilla.suse.com/1097401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000168"
},
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2020-11080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11080"
}
],
"notes": [
{
"category": "general",
"text": "In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., \u003e 32), then drop the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11080",
"url": "https://www.suse.com/security/cve/CVE-2020-11080"
},
{
"category": "external",
"summary": "SUSE Bug 1172441 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1172441"
},
{
"category": "external",
"summary": "SUSE Bug 1172442 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1172442"
},
{
"category": "external",
"summary": "SUSE Bug 1181358 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1181358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "important"
}
],
"title": "CVE-2020-11080"
}
]
}
VAR-201908-0421
Vulnerability from variot - Updated: 2026-04-10 22:52Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an authenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper window manipulation in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by manipulating window sizes on affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates.
For the stable distribution (buster), these problems have been fixed in version 10.19.0~dfsg1-1.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6p6wwACgkQEMKTtsN8 TjYz/RAAl2mPQItVPZ7+gHf42+k3BfjOu2vgGgUNyamYKokGKD+R/GgGZhMKTdm1 EFBWZCSiEwy+vQD9+kcNCmWxZjmor0lVudgEZUt8IMTEHXirmbv5Qx539ULTKwuj TFva/I6q5umL37o0iQzEMWomsKD1gZ5yjXbZdO6ubtkiqc9c9WJUBdI3lNsmy8Wm 2MgHKFfwz2H6OR7ZLCWjIiVd/FmvuKTMR80vc8CjyHMP+JeuOoG3WXhBTjqEdWqr yYHNahMfHam4b22NX07ngoiy9joEu0Ti6HPWRk4vI2KelocAJDB+J7QZ0DuPyguI 6nB3Xj74gX4V2ps+N0LFOvtlj9pk2YUQW8klrND38i8LZQKRhHRtKuLSeql7QElt ja+6eDmuSRIlcsS/Yyxfyb9c8571hxIrw/wrg8/d2k29UdX0rqsAlQ8RC73gHfD0 eQpMJDLmKf83PHIMZCcb2THtGzeV0rTI2nOVMJ6ULCeIXVTOlXM7HKFLV8c56V2j oRy7PXu3FOuiDyKc2GKRftap9FSQLCD9AtSKO4iNT6Kx47CtiLWpUMDUv5h57Foy kyqhEiNjTK8UZH/+8prytQeH2pJ1iAq9j7ePtiyOsoI6vN2IOgP7xTyQ1QDkaKzb xKVacLkhBzO+drODEBaNlZdt2k6OewO5TR9d6oCmQT5ZLhuJ8Ak= =I2bH -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes. Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.1 release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
MAISTRA-977 - Rebuild RPMs for 1.0.1 release
- Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). Summary:
Updated Quay packages that fix several bugs and add various enhancements are now available.
Bug Fix(es):
- Fixed repository mirror credentials properly escaped to allow special characters
- Fixed repository mirror UI cancel button enabled
-
Fixed repository mirror UI change next sync date
-
Solution:
Please download the release images via:
quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1
- Description:
Red Hat JBoss Enterprise Application Platform CD18 is a platform for Java applications based on the WildFly application runtime.
You must restart the JBoss server process for the update to take effect. Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx112-nginx security update Advisory ID: RHSA-2019:2746-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx112-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx112-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9 PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2 PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS 7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/ issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO 7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL pTuQ2UprbLU=PAtT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
}
],
"trust": 0.7
},
"cve": "CVE-2019-9511",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9511",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160946",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9511",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9511",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9511",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9511",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160946",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9511",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "VULMON",
"id": "CVE-2019-9511"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an authenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper window manipulation in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by manipulating window sizes on affected system. A successful exploit could result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 10.19.0~dfsg1-1. \n\nWe recommend that you upgrade your nodejs packages. \n\nFor the detailed security status of nodejs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nodejs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6p6wwACgkQEMKTtsN8\nTjYz/RAAl2mPQItVPZ7+gHf42+k3BfjOu2vgGgUNyamYKokGKD+R/GgGZhMKTdm1\nEFBWZCSiEwy+vQD9+kcNCmWxZjmor0lVudgEZUt8IMTEHXirmbv5Qx539ULTKwuj\nTFva/I6q5umL37o0iQzEMWomsKD1gZ5yjXbZdO6ubtkiqc9c9WJUBdI3lNsmy8Wm\n2MgHKFfwz2H6OR7ZLCWjIiVd/FmvuKTMR80vc8CjyHMP+JeuOoG3WXhBTjqEdWqr\nyYHNahMfHam4b22NX07ngoiy9joEu0Ti6HPWRk4vI2KelocAJDB+J7QZ0DuPyguI\n6nB3Xj74gX4V2ps+N0LFOvtlj9pk2YUQW8klrND38i8LZQKRhHRtKuLSeql7QElt\nja+6eDmuSRIlcsS/Yyxfyb9c8571hxIrw/wrg8/d2k29UdX0rqsAlQ8RC73gHfD0\neQpMJDLmKf83PHIMZCcb2THtGzeV0rTI2nOVMJ6ULCeIXVTOlXM7HKFLV8c56V2j\noRy7PXu3FOuiDyKc2GKRftap9FSQLCD9AtSKO4iNT6Kx47CtiLWpUMDUv5h57Foy\nkyqhEiNjTK8UZH/+8prytQeH2pJ1iAq9j7ePtiyOsoI6vN2IOgP7xTyQ1QDkaKzb\nxKVacLkhBzO+drODEBaNlZdt2k6OewO5TR9d6oCmQT5ZLhuJ8Ak=\n=I2bH\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. \n\nThis advisory covers the RPM packages for the OpenShift Service Mesh 1.0.1\nrelease. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nMAISTRA-977 - Rebuild RPMs for 1.0.1 release\n\n7. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Summary:\n\nUpdated Quay packages that fix several bugs and add various enhancements\nare now available. \n\nBug Fix(es):\n\n* Fixed repository mirror credentials properly escaped to allow special\ncharacters\n* Fixed repository mirror UI cancel button enabled\n* Fixed repository mirror UI change next sync date\n\n3. Solution:\n\nPlease download the release images via:\n\nquay.io/redhat/quay:v3.1.1\nquay.io/redhat/clair-jwt:v3.1.1\nquay.io/redhat/quay-builder:v3.1.1\n\n4. Description:\n\nRed Hat JBoss Enterprise Application Platform CD18 is a platform for Java\napplications based on the WildFly application runtime. \n\nYou must restart the JBoss server process for the update to take effect. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx112-nginx security update\nAdvisory ID: RHSA-2019:2746-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2746\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx112-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx112-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9\nPPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS\nieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d\nkbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco\nrGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2\nPO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv\noEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS\n7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/\nissNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO\n7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt\nfXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL\npTuQ2UprbLU=PAtT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9511"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "VULMON",
"id": "CVE-2019-9511"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9511",
"trust": 2.1
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 1.9
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "154725",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154471",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154848",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154693",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154401",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154117",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154190",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154470",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201908-924",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160946",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9511",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168812",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155416",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "VULMON",
"id": "CVE-2019-9511"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"id": "VAR-201908-0421",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:52:23.899000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Red Hat: Important: nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192692 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193041 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192745 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192775 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192949 - Security Advisory"
},
{
"title": "Red Hat: Important: nginx:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192799 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192746 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4511-1 nghttp2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5abd31eeab4f550ac0063c6db4c6fefa"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194021 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4099-1"
},
{
"title": "Red Hat: CVE-2019-9511",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9511"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194018 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194020 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194019 - Security Advisory"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9511"
},
{
"title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1298"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-13"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202565 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-17"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1298"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1299",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1299"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1342",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1342"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193935 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-12"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193932 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193933 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201445 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200922 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00c2\u00ae SDK for Node.js\u00e2\u201e\u00a2 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "bogeitingress",
"trust": 0.1,
"url": "https://github.com/lieshoujieyuan/bogeitingress "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9511"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 1.9,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3041"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/sep/1"
},
{
"trust": 1.1,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2692"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4018"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4019"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4020"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4021"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6754-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.1/service_mesh/servicemesh-"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154848"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160946",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-9511",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168812",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178284",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154848",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157214",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154471",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9511",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160946",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9511",
"ident": null
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168812",
"ident": null
},
{
"date": "2024-04-26T15:13:40",
"db": "PACKETSTORM",
"id": "178284",
"ident": null
},
{
"date": "2019-10-15T00:10:40",
"db": "PACKETSTORM",
"id": "154848",
"ident": null
},
{
"date": "2019-11-20T23:02:22",
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"date": "2020-04-14T15:39:41",
"db": "PACKETSTORM",
"id": "157214",
"ident": null
},
{
"date": "2019-10-03T20:31:49",
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"date": "2020-06-16T00:54:44",
"db": "PACKETSTORM",
"id": "158095",
"ident": null
},
{
"date": "2019-11-20T20:55:55",
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"date": "2019-09-12T14:32:51",
"db": "PACKETSTORM",
"id": "154471",
"ident": null
},
{
"date": "2019-08-13T21:15:12.223000",
"db": "NVD",
"id": "CVE-2019-9511",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160946",
"ident": null
},
{
"date": "2022-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9511",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9511",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "178284"
}
],
"trust": 0.1
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "157214"
}
],
"trust": 0.1
}
}
WID-SEC-W-2024-1050
Vulnerability from csaf_certbund - Published: 2019-08-14 22:00 - Updated: 2024-05-07 22:00Summary
nginx: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: nginx ist eine modular aufgebaute Webserver-Software, welche durch verschiedene Module Funktionalitäten wie Reverse- oder Email-Proxy unterstützt. Nginx wird unter der BSD-Lizenz vertrieben.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in nginx ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungewöhnlich gestalteten Requests. Ein Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Juniper JUNOS
Juniper
|
cpe:/o:juniper:junos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungewöhnlich gestalteten Requests. Ein Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Juniper JUNOS
Juniper
|
cpe:/o:juniper:junos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungewöhnlich gestalteten Requests. Ein Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Juniper JUNOS
Juniper
|
cpe:/o:juniper:junos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
44 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "nginx ist eine modular aufgebaute Webserver-Software, welche durch verschiedene Module Funktionalit\u00e4ten wie Reverse- oder Email-Proxy unterst\u00fctzt. Nginx wird unter der BSD-Lizenz vertrieben.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in nginx ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1050 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1050.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1050 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1050"
},
{
"category": "external",
"summary": "NGINX Security Advisory vom 2019-08-14",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4099-1 vom 2019-08-16",
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201908-12 vom 2019-08-17",
"url": "https://security.archlinux.org/ASA-201908-12"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201908-13 vom 2019-08-17",
"url": "https://security.archlinux.org/ASA-201908-13"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4505 vom 2019-08-23",
"url": "http://www.debian.org/security/2019/dsa-4505"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201908-17 vom 2019-08-27",
"url": "https://security.archlinux.org/ASA-201908-17"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4511 vom 2019-09-02",
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2309-1 vom 2019-09-06",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2692 vom 2019-09-10",
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2692 vom 2019-09-11",
"url": "http://linux.oracle.com/errata/ELSA-2019-2692.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2746 vom 2019-09-12",
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2745 vom 2019-09-12",
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2775 vom 2019-09-17",
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2799-01 vom 2019-09-17",
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"category": "external",
"summary": "Oracle Linux Errata ELSA-2019-2799 vom 2019-09-19",
"url": "https://linux.oracle.com/errata/ELSA-2019-2799.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2473-1 vom 2019-09-26",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192473-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2925 vom 2019-09-30",
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2939 vom 2019-10-01",
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2946 vom 2019-10-01",
"url": "https://access.redhat.com/errata/RHSA-2019:2946"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2950 vom 2019-10-01",
"url": "https://access.redhat.com/errata/RHSA-2019:2950"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2949 vom 2019-10-01",
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2966 vom 2019-10-03",
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2955 vom 2019-10-02",
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2559-1 vom 2019-10-04",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192559-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3041 vom 2019-10-14",
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3933 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3935 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3932 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4018 vom 2019-11-26",
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4019 vom 2019-11-26",
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4021 vom 2019-11-26",
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4020 vom 2019-11-28",
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0922 vom 2020-03-23",
"url": "https://access.redhat.com/errata/RHSA-2020:0922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0983 vom 2020-03-26",
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1445 vom 2020-04-14",
"url": "https://access.redhat.com/errata/RHSA-2020:1445"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4669 vom 2020-04-30",
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2067 vom 2020-05-18",
"url": "https://access.redhat.com/errata/RHSA-2020:2067"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:0932-1 vom 2021-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008541.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3192 vom 2020-07-28",
"url": "https://access.redhat.com/errata/RHSA-2020:3192"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11167 vom 2021-04-16",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11167"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-5495 vom 2020-12-18",
"url": "https://linux.oracle.com/errata/ELSA-2020-5495.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6754-2 vom 2024-05-07",
"url": "https://ubuntu.com/security/notices/USN-6754-2"
}
],
"source_lang": "en-US",
"title": "nginx: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2024-05-07T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:08:35.913+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1050",
"initial_release_date": "2019-08-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-08-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-08-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-08-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Arch Linux und Fedora aufgenommen"
},
{
"date": "2019-08-19T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-63BA15CC83, FEDORA-2019-8A437D5C2F, FEDORA-2019-4427FD65BE"
},
{
"date": "2019-08-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-08-27T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Arch Linux und Fedora aufgenommen"
},
{
"date": "2019-09-02T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-09-05T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-09-09T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-10T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-09-12T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-17T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-18T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-19T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-09-26T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-09-29T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-30T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-30T22:00:00.000+00:00",
"number": "18",
"summary": "Version nicht vorhanden"
},
{
"date": "2019-10-01T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-10-03T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-10-06T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-10-14T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-11-20T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-11-26T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-11-27T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-22T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-26T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-14T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-29T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-05-17T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-28T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-12-17T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-03-24T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-04-15T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "35"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.16.1",
"product": {
"name": "Open Source nginx \u003c1.16.1",
"product_id": "T014853"
}
},
{
"category": "product_version_range",
"name": "\u003c1.17.3",
"product": {
"name": "Open Source nginx \u003c1.17.3",
"product_id": "T014854"
}
},
{
"category": "product_version_range",
"name": "\u003cPlus R18 P1",
"product": {
"name": "Open Source nginx \u003cPlus R18 P1",
"product_id": "T014855"
}
}
],
"category": "product_name",
"name": "NGINX"
}
],
"category": "vendor",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Arch Linux",
"product": {
"name": "Open Source Arch Linux",
"product_id": "T013312",
"product_identification_helper": {
"cpe": "cpe:/o:archlinux:archlinux:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"notes": [
{
"category": "description",
"text": "In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungew\u00f6hnlich gestalteten Requests. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"5930",
"T004914"
]
},
"release_date": "2019-08-14T22:00:00.000+00:00",
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9513",
"notes": [
{
"category": "description",
"text": "In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungew\u00f6hnlich gestalteten Requests. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"5930",
"T004914"
]
},
"release_date": "2019-08-14T22:00:00.000+00:00",
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9516",
"notes": [
{
"category": "description",
"text": "In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungew\u00f6hnlich gestalteten Requests. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"5930",
"T004914"
]
},
"release_date": "2019-08-14T22:00:00.000+00:00",
"title": "CVE-2019-9516"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…