Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-9513 (GCVE-0-2019-9513)
Vulnerability from cvelistv5 – Published: 2019-08-13 20:50 – Updated: 2024-08-04 21:54- CWE-400 - Uncontrolled Resource Consumption
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#605641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "USN-4099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"name": "FEDORA-2019-befd924cfe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"name": "FEDORA-2019-81985a8858",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"name": "DSA-4505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"name": "FEDORA-2019-5a6a7bc12c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"name": "FEDORA-2019-6a2980de56",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"name": "FEDORA-2019-8a437d5c2f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"name": "DSA-4511",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"name": "FEDORA-2019-7a0b45fdc4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"name": "RHSA-2019:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"name": "openSUSE-SU-2019:2120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2745",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"name": "RHSA-2019:2746",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"name": "RHSA-2019:2775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"name": "RHSA-2019:2799",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"name": "RHSA-2019:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2949",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"name": "openSUSE-SU-2019:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"name": "openSUSE-SU-2019:2234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"name": "RHSA-2019:2955",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "openSUSE-SU-2019:2264",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"name": "RHSA-2019:3041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "DSA-4669",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#605641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "USN-4099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"name": "FEDORA-2019-befd924cfe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"name": "FEDORA-2019-81985a8858",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"name": "DSA-4505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"name": "FEDORA-2019-5a6a7bc12c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"name": "FEDORA-2019-6a2980de56",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"name": "FEDORA-2019-8a437d5c2f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"name": "DSA-4511",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"name": "FEDORA-2019-7a0b45fdc4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"name": "RHSA-2019:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"name": "openSUSE-SU-2019:2120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2745",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"name": "RHSA-2019:2746",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"name": "RHSA-2019:2775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"name": "RHSA-2019:2799",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"name": "RHSA-2019:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2949",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"name": "openSUSE-SU-2019:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"name": "openSUSE-SU-2019:2234",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"name": "RHSA-2019:2955",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "openSUSE-SU-2019:2264",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"name": "RHSA-2019:3041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "DSA-4669",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "HTTP/2 Resource Loop",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9513",
"STATE": "PUBLIC",
"TITLE": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#605641",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "USN-4099-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"name": "FEDORA-2019-befd924cfe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"
},
{
"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/40"
},
{
"name": "FEDORA-2019-81985a8858",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"
},
{
"name": "DSA-4505",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"name": "FEDORA-2019-5a6a7bc12c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"name": "FEDORA-2019-6a2980de56",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"name": "FEDORA-2019-8a437d5c2f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"
},
{
"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/1"
},
{
"name": "DSA-4511",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"name": "FEDORA-2019-7a0b45fdc4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"
},
{
"name": "RHSA-2019:2692",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"name": "openSUSE-SU-2019:2120",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"name": "openSUSE-SU-2019:2114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2745",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"name": "RHSA-2019:2746",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"name": "RHSA-2019:2775",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"name": "RHSA-2019:2799",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"name": "RHSA-2019:2925",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2949",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"name": "openSUSE-SU-2019:2232",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"name": "openSUSE-SU-2019:2234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"name": "RHSA-2019:2955",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "openSUSE-SU-2019:2264",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"name": "RHSA-2019:3041",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "DSA-4669",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_33",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"name": "https://support.f5.com/csp/article/K02591030",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K02591030"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"name": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9513",
"datePublished": "2019-08-13T20:50:59.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-9513",
"date": "2026-07-12",
"epss": "0.82017",
"percentile": "0.99614"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-9513\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2019-08-13T21:15:12.380\",\"lastModified\":\"2025-01-14T19:29:55.853\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.\"},{\"lang\":\"es\",\"value\":\"Algunas implementaciones de HTTP / 2 son vulnerables a los bucles de recursos, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante crea m\u00faltiples flujos de solicitud y baraja continuamente la prioridad de los flujos de una manera que provoca un cambio considerable en el \u00e1rbol de prioridad. Esto puede consumir un exceso de CPU.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.4.0\",\"matchCriteriaId\":\"93988E60-006B-434D-AB16-1FA1D2FEBC2A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.12\",\"matchCriteriaId\":\"1D294D56-E784-4DA8-9C2C-BC5A05C92C0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.04\",\"matchCriteriaId\":\"65B1D2F6-BC1F-47AF-B4E6-4B50986AC622\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.2.3\",\"matchCriteriaId\":\"603BF43B-FC99-4039-A3C0-467F015A32FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.1.6\",\"matchCriteriaId\":\"07BB02CE-D4F2-459C-B0C6-FF78BF7996AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.3\",\"matchCriteriaId\":\"D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C997777-BE79-4F77-90D7-E1A71D474D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9685B12-824F-42AD-B87C-6E7A78BB7FA5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D0C5120-B961-440F-B454-584BC54B549C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CCBDFF9-AF42-4681-879B-CF789EBAD130\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2466282-51AB-478D-9FF4-FA524265ED2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0952BA1A-5DF9-400F-B01F-C3A398A8A2D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B157A2D-3422-4224-82D9-15AB3B989075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"732F14CE-7994-4DD2-A28B-AE9E79826C01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1987BDA-0113-4603-B9BE-76647EB043F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7EE4B6-A6EC-4B9B-91DF-79615796673F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C120C2F1-D50D-49CC-8E96-207ACCA49674\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.7.2.0\",\"versionEndExcluding\":\"7.7.2.24\",\"matchCriteriaId\":\"765E9856-2748-4A8B-91F5-A4DB3C8C547A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.8.2.0\",\"versionEndExcluding\":\"7.8.2.13\",\"matchCriteriaId\":\"EE6E66B1-3291-4E8E-93D6-30E9FDCF983E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.2.0\",\"matchCriteriaId\":\"227104AD-396D-4ADD-87C7-C4CD5583DA04\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.9.5\",\"versionEndExcluding\":\"1.16.1\",\"matchCriteriaId\":\"68DD813A-1BC4-45FB-A3C4-E1BCE5F82EC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.17.0\",\"versionEndIncluding\":\"1.17.2\",\"matchCriteriaId\":\"DF1705D3-ABAB-477E-9572-7D4DBAB4E38B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E11C65C3-1B17-4362-A99C-59583081A24D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348EEE70-E114-4720-AAAF-E77DE5C9A2D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.8.1\",\"matchCriteriaId\":\"74FB695D-2C76-47AB-988E-5629D2E695E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.16.1\",\"matchCriteriaId\":\"CFC0252A-DF1D-4CF4-B450-27267227B599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.12.0\",\"matchCriteriaId\":\"25A3180B-21AF-4010-9DAB-41ADFD2D8031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"10.13.0\",\"versionEndExcluding\":\"10.16.3\",\"matchCriteriaId\":\"2EC65858-FF7B-4171-82EA-80942D426F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.8.1\",\"matchCriteriaId\":\"F522C500-AA33-4029-865F-F27FB00A354E\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2692\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2745\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2746\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2775\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2799\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2925\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2939\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2949\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2955\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2966\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3041\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/605641/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/40\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Sep/1\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0002/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0005/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K02591030\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4099-1/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4505\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4511\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4669\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_33\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2745\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2925\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2955\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/605641/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/40\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Sep/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K02591030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K02591030?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4099-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4511\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-06-28T11:42:03+00:00",
"cve": "CVE-2019-9513",
"id": "CVE-2019-9513",
"initial_release_date": "2019-08-13T17:00:00+00:00",
"product_status:fixed": "1213",
"product_status:known_affected": "2",
"product_status:known_not_affected": "98",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9513.json",
"version": "3"
}
}
}
SUSE-SU-2020:0059-1
Vulnerability from csaf_suse - Published: 2020-01-09 12:30 - Updated: 2020-01-09 12:30| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs12 fixes the following issues:\n\nUpdate to LTS release 12.13.0 (jsc#SLE-8947).\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091).\n- CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099).\n- CVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094).\n- CVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n- CVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100).\n- CVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n- CVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097).\n- CVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n- CVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-59,SUSE-SLE-Module-Web-Scripting-12-2020-59",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0059-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0059-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0059-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-January/006320.html"
},
{
"category": "self",
"summary": "SUSE Bug 1140290",
"url": "https://bugzilla.suse.com/1140290"
},
{
"category": "self",
"summary": "SUSE Bug 1146090",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "self",
"summary": "SUSE Bug 1146091",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "self",
"summary": "SUSE Bug 1146093",
"url": "https://bugzilla.suse.com/1146093"
},
{
"category": "self",
"summary": "SUSE Bug 1146094",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "self",
"summary": "SUSE Bug 1146095",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "self",
"summary": "SUSE Bug 1146097",
"url": "https://bugzilla.suse.com/1146097"
},
{
"category": "self",
"summary": "SUSE Bug 1146099",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "self",
"summary": "SUSE Bug 1146100",
"url": "https://bugzilla.suse.com/1146100"
},
{
"category": "self",
"summary": "SUSE Bug 1149792",
"url": "https://bugzilla.suse.com/1149792"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13173 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9515 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9518 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9518/"
},
{
"category": "self",
"summary": "SUSE Bug SLE-8947",
"url": "https://bugzilla.suse.com/SLE-8947"
}
],
"title": "Security update for nodejs12",
"tracking": {
"current_release_date": "2020-01-09T12:30:16Z",
"generator": {
"date": "2020-01-09T12:30:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0059-1",
"initial_release_date": "2020-01-09T12:30:16Z",
"revision_history": [
{
"date": "2020-01-09T12:30:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.13.0-1.3.1.aarch64",
"product": {
"name": "nodejs12-12.13.0-1.3.1.aarch64",
"product_id": "nodejs12-12.13.0-1.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.13.0-1.3.1.aarch64",
"product": {
"name": "nodejs12-devel-12.13.0-1.3.1.aarch64",
"product_id": "nodejs12-devel-12.13.0-1.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm12-12.13.0-1.3.1.aarch64",
"product": {
"name": "npm12-12.13.0-1.3.1.aarch64",
"product_id": "npm12-12.13.0-1.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-docs-12.13.0-1.3.1.noarch",
"product": {
"name": "nodejs12-docs-12.13.0-1.3.1.noarch",
"product_id": "nodejs12-docs-12.13.0-1.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.13.0-1.3.1.ppc64le",
"product": {
"name": "nodejs12-12.13.0-1.3.1.ppc64le",
"product_id": "nodejs12-12.13.0-1.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.13.0-1.3.1.ppc64le",
"product": {
"name": "nodejs12-devel-12.13.0-1.3.1.ppc64le",
"product_id": "nodejs12-devel-12.13.0-1.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm12-12.13.0-1.3.1.ppc64le",
"product": {
"name": "npm12-12.13.0-1.3.1.ppc64le",
"product_id": "npm12-12.13.0-1.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.13.0-1.3.1.s390x",
"product": {
"name": "nodejs12-12.13.0-1.3.1.s390x",
"product_id": "nodejs12-12.13.0-1.3.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.13.0-1.3.1.s390x",
"product": {
"name": "nodejs12-devel-12.13.0-1.3.1.s390x",
"product_id": "nodejs12-devel-12.13.0-1.3.1.s390x"
}
},
{
"category": "product_version",
"name": "npm12-12.13.0-1.3.1.s390x",
"product": {
"name": "npm12-12.13.0-1.3.1.s390x",
"product_id": "npm12-12.13.0-1.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs12-12.13.0-1.3.1.x86_64",
"product": {
"name": "nodejs12-12.13.0-1.3.1.x86_64",
"product_id": "nodejs12-12.13.0-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs12-devel-12.13.0-1.3.1.x86_64",
"product": {
"name": "nodejs12-devel-12.13.0-1.3.1.x86_64",
"product_id": "nodejs12-devel-12.13.0-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm12-12.13.0-1.3.1.x86_64",
"product": {
"name": "npm12-12.13.0-1.3.1.x86_64",
"product_id": "npm12-12.13.0-1.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.13.0-1.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64"
},
"product_reference": "nodejs12-12.13.0-1.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.13.0-1.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le"
},
"product_reference": "nodejs12-12.13.0-1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.13.0-1.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x"
},
"product_reference": "nodejs12-12.13.0-1.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-12.13.0-1.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64"
},
"product_reference": "nodejs12-12.13.0-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.13.0-1.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64"
},
"product_reference": "nodejs12-devel-12.13.0-1.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.13.0-1.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le"
},
"product_reference": "nodejs12-devel-12.13.0-1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.13.0-1.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x"
},
"product_reference": "nodejs12-devel-12.13.0-1.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-devel-12.13.0-1.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64"
},
"product_reference": "nodejs12-devel-12.13.0-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs12-docs-12.13.0-1.3.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch"
},
"product_reference": "nodejs12-docs-12.13.0-1.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.13.0-1.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64"
},
"product_reference": "npm12-12.13.0-1.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.13.0-1.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le"
},
"product_reference": "npm12-12.13.0-1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.13.0-1.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x"
},
"product_reference": "npm12-12.13.0-1.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm12-12.13.0-1.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
},
"product_reference": "npm12-12.13.0-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13173"
}
],
"notes": [
{
"category": "general",
"text": "fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system\u0027s file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13173",
"url": "https://www.suse.com/security/cve/CVE-2019-13173"
},
{
"category": "external",
"summary": "SUSE Bug 1140290 for CVE-2019-13173",
"url": "https://bugzilla.suse.com/1140290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-13173"
},
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9515"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9515",
"url": "https://www.suse.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146100 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1146100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "important"
}
],
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
},
{
"cve": "CVE-2019-9518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9518"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9518",
"url": "https://www.suse.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146093 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1146093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.13.0-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.13.0-1.3.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.13.0-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-09T12:30:16Z",
"details": "important"
}
],
"title": "CVE-2019-9518"
}
]
}
SUSE-SU-2021:0932-1
Vulnerability from csaf_suse - Published: 2021-03-24 11:13 - Updated: 2021-03-24 11:13| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nghttp2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nghttp2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).\n- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).\n- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).\n- CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).\n- CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).\n\nBug fixes and enhancements:\n\n- Packages must not mark license files as %doc (bsc#1082318)\n- Typo in description of libnghttp2_asio1 (bsc#962914)\n- Fixed mistake in spec file (bsc#1125689)\n- Fixed build issue with boost 1.70.0 (bsc#1134616)\n- Fixed build issue with GCC 6 (bsc#964140)\n- Feature: Add W\u0026S module (FATE#326776, bsc#1112438)\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2021-932,SUSE-2021-932,SUSE-OpenStack-Cloud-7-2021-932,SUSE-OpenStack-Cloud-8-2021-932,SUSE-OpenStack-Cloud-9-2021-932,SUSE-OpenStack-Cloud-Crowbar-8-2021-932,SUSE-OpenStack-Cloud-Crowbar-9-2021-932,SUSE-SLE-SAP-12-SP2-2021-932,SUSE-SLE-SAP-12-SP3-2021-932,SUSE-SLE-SAP-12-SP4-2021-932,SUSE-SLE-SERVER-12-SP2-2021-932,SUSE-SLE-SERVER-12-SP2-BCL-2021-932,SUSE-SLE-SERVER-12-SP3-2021-932,SUSE-SLE-SERVER-12-SP3-BCL-2021-932,SUSE-SLE-SERVER-12-SP4-LTSS-2021-932,SUSE-SLE-SERVER-12-SP5-2021-932",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0932-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0932-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210932-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0932-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008541.html"
},
{
"category": "self",
"summary": "SUSE Bug 1082318",
"url": "https://bugzilla.suse.com/1082318"
},
{
"category": "self",
"summary": "SUSE Bug 1088639",
"url": "https://bugzilla.suse.com/1088639"
},
{
"category": "self",
"summary": "SUSE Bug 1112438",
"url": "https://bugzilla.suse.com/1112438"
},
{
"category": "self",
"summary": "SUSE Bug 1125689",
"url": "https://bugzilla.suse.com/1125689"
},
{
"category": "self",
"summary": "SUSE Bug 1134616",
"url": "https://bugzilla.suse.com/1134616"
},
{
"category": "self",
"summary": "SUSE Bug 1146182",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "self",
"summary": "SUSE Bug 1146184",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "self",
"summary": "SUSE Bug 1181358",
"url": "https://bugzilla.suse.com/1181358"
},
{
"category": "self",
"summary": "SUSE Bug 962914",
"url": "https://bugzilla.suse.com/962914"
},
{
"category": "self",
"summary": "SUSE Bug 964140",
"url": "https://bugzilla.suse.com/964140"
},
{
"category": "self",
"summary": "SUSE Bug 966514",
"url": "https://bugzilla.suse.com/966514"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1544 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000168 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11080 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11080/"
}
],
"title": "Security update for nghttp2",
"tracking": {
"current_release_date": "2021-03-24T11:13:09Z",
"generator": {
"date": "2021-03-24T11:13:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0932-1",
"initial_release_date": "2021-03-24T11:13:09Z",
"revision_history": [
{
"date": "2021-03-24T11:13:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"product_id": "libnghttp2-14-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.aarch64",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.aarch64",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.aarch64",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.aarch64",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.aarch64",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.aarch64",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.aarch64",
"product": {
"name": "nghttp2-1.39.2-3.5.1.aarch64",
"product_id": "nghttp2-1.39.2-3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.aarch64",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.aarch64",
"product_id": "python3-nghttp2-1.39.2-3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-64bit-1.39.2-3.5.1.aarch64_ilp32",
"product": {
"name": "libnghttp2-14-64bit-1.39.2-3.5.1.aarch64_ilp32",
"product_id": "libnghttp2-14-64bit-1.39.2-3.5.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-64bit-1.39.2-3.5.1.aarch64_ilp32",
"product": {
"name": "libnghttp2_asio1-64bit-1.39.2-3.5.1.aarch64_ilp32",
"product_id": "libnghttp2_asio1-64bit-1.39.2-3.5.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.i586",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.i586",
"product_id": "libnghttp2-14-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.i586",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.i586",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.i586",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.i586",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.i586",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.i586",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.i586",
"product": {
"name": "nghttp2-1.39.2-3.5.1.i586",
"product_id": "nghttp2-1.39.2-3.5.1.i586"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.i586",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.i586",
"product_id": "python3-nghttp2-1.39.2-3.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"product_id": "libnghttp2-14-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.ppc64le",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.ppc64le",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.ppc64le",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.ppc64le",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.ppc64le",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.ppc64le",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.ppc64le",
"product": {
"name": "nghttp2-1.39.2-3.5.1.ppc64le",
"product_id": "nghttp2-1.39.2-3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.ppc64le",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.ppc64le",
"product_id": "python3-nghttp2-1.39.2-3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.s390",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390",
"product_id": "libnghttp2-14-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.s390",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.s390",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.s390",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.s390",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.s390",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.s390",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.s390",
"product": {
"name": "nghttp2-1.39.2-3.5.1.s390",
"product_id": "nghttp2-1.39.2-3.5.1.s390"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.s390",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.s390",
"product_id": "python3-nghttp2-1.39.2-3.5.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2-14-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-32bit-1.39.2-3.5.1.s390x",
"product": {
"name": "libnghttp2_asio1-32bit-1.39.2-3.5.1.s390x",
"product_id": "libnghttp2_asio1-32bit-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.s390x",
"product": {
"name": "nghttp2-1.39.2-3.5.1.s390x",
"product_id": "nghttp2-1.39.2-3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.s390x",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.s390x",
"product_id": "python3-nghttp2-1.39.2-3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2-14-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2-devel-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2-devel-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2_asio-devel-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2_asio-devel-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2_asio1-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2_asio1-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnghttp2_asio1-32bit-1.39.2-3.5.1.x86_64",
"product": {
"name": "libnghttp2_asio1-32bit-1.39.2-3.5.1.x86_64",
"product_id": "libnghttp2_asio1-32bit-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "nghttp2-1.39.2-3.5.1.x86_64",
"product": {
"name": "nghttp2-1.39.2-3.5.1.x86_64",
"product_id": "nghttp2-1.39.2-3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-nghttp2-1.39.2-3.5.1.x86_64",
"product": {
"name": "python3-nghttp2-1.39.2-3.5.1.x86_64",
"product_id": "python3-nghttp2-1.39.2-3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
},
"product_reference": "libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1544"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1544",
"url": "https://www.suse.com/security/cve/CVE-2016-1544"
},
{
"category": "external",
"summary": "SUSE Bug 966514 for CVE-2016-1544",
"url": "https://bugzilla.suse.com/966514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "low"
}
],
"title": "CVE-2016-1544"
},
{
"cve": "CVE-2018-1000168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000168"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 version \u003e= 1.10.0 and nghttp2 \u003c= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in \u003e= 1.31.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000168",
"url": "https://www.suse.com/security/cve/CVE-2018-1000168"
},
{
"category": "external",
"summary": "SUSE Bug 1088639 for CVE-2018-1000168",
"url": "https://bugzilla.suse.com/1088639"
},
{
"category": "external",
"summary": "SUSE Bug 1097401 for CVE-2018-1000168",
"url": "https://bugzilla.suse.com/1097401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000168"
},
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2020-11080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11080"
}
],
"notes": [
{
"category": "general",
"text": "In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., \u003e 32), then drop the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11080",
"url": "https://www.suse.com/security/cve/CVE-2020-11080"
},
{
"category": "external",
"summary": "SUSE Bug 1172441 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1172441"
},
{
"category": "external",
"summary": "SUSE Bug 1172442 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1172442"
},
{
"category": "external",
"summary": "SUSE Bug 1181358 for CVE-2020-11080",
"url": "https://bugzilla.suse.com/1181358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.s390x",
"SUSE OpenStack Cloud 7:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-1.39.2-3.5.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libnghttp2-14-32bit-1.39.2-3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-24T11:13:09Z",
"details": "important"
}
],
"title": "CVE-2020-11080"
}
]
}
VAR-201908-0263
Vulnerability from variot - Updated: 2026-04-10 22:30Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes. Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). 7) - noarch, x86_64
- Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2019:2745-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2 mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+ 4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14 ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6 uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0 Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X zMtgbVh8BNU=zH69 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Summary:
Updated Quay packages that fix several bugs and add various enhancements are now available.
Bug Fix(es):
- Fixed repository mirror credentials properly escaped to allow special characters
- Fixed repository mirror UI cancel button enabled
-
Fixed repository mirror UI change next sync date
-
Solution:
Please download the release images via:
quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1
For the oldstable distribution (stretch), these problems have been fixed in version 1.18.1-1+deb9u1.
For the stable distribution (buster), these problems have been fixed in version 1.36.0-2+deb10u1.
We recommend that you upgrade your nghttp2 packages.
For the detailed security status of nghttp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nghttp2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1sMs8ACgkQEMKTtsN8 Tjb8Uw//S/tOXQZwAiYCUe3tC+Uc/Zz3FpbSoC73Edn/zShG5PWuACth3NDbBhZI Ye7o8jMxvsJ1J/McekMPqT8eD5D+HxrQJAkZzvyquVKhxhgHB4onmqOn6/kMiuFp sdUhBh+Kyiwr0ix2uph92KxggC+jq65RbvSWFFP0CXQJ2Ua0929JJQfkv76Wk1nD bWd2Pw0maSiXTagShhWqCkBgZo5swMIx2uHvixlFe75FnERnwu3JhKHL4R90r3dq rqItD3BDWXa2l8UNjPj7W7Nf01UxZSPl+GCOR+qDX0LDghy1M9GOz9u8qq+argca foHTJPPibbG3DYsOg5BrQkQE9LiRZmezhG13hkIEN25cKDyZo2gxCZ597MSfjzgf 6VLTFRbd2cLmK0iilXa6OtL3Rm3wTTgSjhZ5wjSgbPddpHnso//AeFpSyCyIIDWL VHlB44ehulQljfYxH0iLH8cy9MtEDk5zhOh9ziFjnzDtx5JX7l/5D8LLOGHZj67O TH0VNXYmKvt/x9ROi3G9+1XweYM8rYIwxQlBIVASQtlSfqqYCOX5LjJkSuBQhk8D nsGr1umNZ8hdDc4dfZQiD/Trwo99/3HuPdmEt5jwfunocygMyv9+yLfB+J3H+AS/ 5epPIGh/E96OLBqPwWUryVX3xx8JiEaHvxPFIDLzZyRYSjQaSXo= =FvKi -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 1.2
},
"cve": "CVE-2019-9513",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9513",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160948",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-935",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160948",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9513",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2019:2745-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2745\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP\nvsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2\nmVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+\n4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k\nrNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14\nENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6\nuglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU\nBGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl\nOmt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0\nElhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR\nLF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X\nzMtgbVh8BNU=zH69\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Summary:\n\nUpdated Quay packages that fix several bugs and add various enhancements\nare now available. \n\nBug Fix(es):\n\n* Fixed repository mirror credentials properly escaped to allow special\ncharacters\n* Fixed repository mirror UI cancel button enabled\n* Fixed repository mirror UI change next sync date\n\n3. Solution:\n\nPlease download the release images via:\n\nquay.io/redhat/quay:v3.1.1\nquay.io/redhat/clair-jwt:v3.1.1\nquay.io/redhat/quay-builder:v3.1.1\n\n4. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.18.1-1+deb9u1. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.36.0-2+deb10u1. \n\nWe recommend that you upgrade your nghttp2 packages. \n\nFor the detailed security status of nghttp2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nghttp2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1sMs8ACgkQEMKTtsN8\nTjb8Uw//S/tOXQZwAiYCUe3tC+Uc/Zz3FpbSoC73Edn/zShG5PWuACth3NDbBhZI\nYe7o8jMxvsJ1J/McekMPqT8eD5D+HxrQJAkZzvyquVKhxhgHB4onmqOn6/kMiuFp\nsdUhBh+Kyiwr0ix2uph92KxggC+jq65RbvSWFFP0CXQJ2Ua0929JJQfkv76Wk1nD\nbWd2Pw0maSiXTagShhWqCkBgZo5swMIx2uHvixlFe75FnERnwu3JhKHL4R90r3dq\nrqItD3BDWXa2l8UNjPj7W7Nf01UxZSPl+GCOR+qDX0LDghy1M9GOz9u8qq+argca\nfoHTJPPibbG3DYsOg5BrQkQE9LiRZmezhG13hkIEN25cKDyZo2gxCZ597MSfjzgf\n6VLTFRbd2cLmK0iilXa6OtL3Rm3wTTgSjhZ5wjSgbPddpHnso//AeFpSyCyIIDWL\nVHlB44ehulQljfYxH0iLH8cy9MtEDk5zhOh9ziFjnzDtx5JX7l/5D8LLOGHZj67O\nTH0VNXYmKvt/x9ROi3G9+1XweYM8rYIwxQlBIVASQtlSfqqYCOX5LjJkSuBQhk8D\nnsGr1umNZ8hdDc4dfZQiD/Trwo99/3HuPdmEt5jwfunocygMyv9+yLfB+J3H+AS/\n5epPIGh/E96OLBqPwWUryVX3xx8JiEaHvxPFIDLzZyRYSjQaSXo=\n=FvKi\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9513"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154284"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9513",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3306",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3116",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3129",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43920",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160948",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168812",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154284",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154284"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"id": "VAR-201908-0263",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:30:10.522000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96619"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193041 - Security Advisory"
},
{
"title": "Red Hat: Important: nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192692 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx110-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192745 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx112-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192746 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nginx114-nginx security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192775 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192949 - Security Advisory"
},
{
"title": "Red Hat: Important: nginx:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192799 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4511-1 nghttp2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5abd31eeab4f550ac0063c6db4c6fefa"
},
{
"title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192966 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4099-1"
},
{
"title": "Red Hat: CVE-2019-9513",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-9513"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-9513"
},
{
"title": "Red Hat: Important: nodejs:10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192925 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
},
{
"title": "Red Hat: Important: rh-nodejs8-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192955 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-nodejs10-nodejs security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192939 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1298"
},
{
"title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-13"
},
{
"title": "Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-17"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1298",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1298"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1299",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1299"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193932 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193933 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193935 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201908-12"
},
{
"title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200983 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbf2ee0b22e92590472860fdb3718cab"
},
{
"title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
},
{
"title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00c2\u00ae SDK for Node.js\u00e2\u201e\u00a2 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
},
{
"title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-225"
},
{
"title": "bogeitingress",
"trust": 0.1,
"url": "https://github.com/lieshoujieyuan/bogeitingress "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9513"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/1"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2692"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:3041"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1544/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3306/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3116/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3129/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43920"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6754-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nghttp2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160948"
},
{
"db": "PACKETSTORM",
"id": "168812"
},
{
"db": "PACKETSTORM",
"id": "154510"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154470"
},
{
"db": "PACKETSTORM",
"id": "154533"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "154284"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
},
{
"db": "NVD",
"id": "CVE-2019-9513"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160948",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-9513",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168812",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154510",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178284",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154699",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154470",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154533",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154284",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9513",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160948",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9513",
"ident": null
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168812",
"ident": null
},
{
"date": "2019-09-17T20:58:22",
"db": "PACKETSTORM",
"id": "154510",
"ident": null
},
{
"date": "2024-04-26T15:13:40",
"db": "PACKETSTORM",
"id": "178284",
"ident": null
},
{
"date": "2019-10-02T15:03:59",
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"date": "2019-10-01T20:46:00",
"db": "PACKETSTORM",
"id": "154699",
"ident": null
},
{
"date": "2019-09-12T14:32:43",
"db": "PACKETSTORM",
"id": "154470",
"ident": null
},
{
"date": "2019-09-19T16:28:51",
"db": "PACKETSTORM",
"id": "154533",
"ident": null
},
{
"date": "2019-10-03T20:31:49",
"db": "PACKETSTORM",
"id": "154725",
"ident": null
},
{
"date": "2019-09-02T17:39:28",
"db": "PACKETSTORM",
"id": "154284",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-935",
"ident": null
},
{
"date": "2019-08-13T21:15:12.380000",
"db": "NVD",
"id": "CVE-2019-9513",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160948",
"ident": null
},
{
"date": "2022-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9513",
"ident": null
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-935",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9513",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-935"
}
],
"trust": 0.6
}
}
WID-SEC-W-2024-1050
Vulnerability from csaf_certbund - Published: 2019-08-14 22:00 - Updated: 2024-05-07 22:00In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungewöhnlich gestalteten Requests. Ein Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Juniper JUNOS
Juniper
|
cpe:/o:juniper:junos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungewöhnlich gestalteten Requests. Ein Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Juniper JUNOS
Juniper
|
cpe:/o:juniper:junos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungewöhnlich gestalteten Requests. Ein Angreifer kann dieses durch Übermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Juniper JUNOS
Juniper
|
cpe:/o:juniper:junos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "nginx ist eine modular aufgebaute Webserver-Software, welche durch verschiedene Module Funktionalit\u00e4ten wie Reverse- oder Email-Proxy unterst\u00fctzt. Nginx wird unter der BSD-Lizenz vertrieben.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in nginx ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1050 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1050.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1050 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1050"
},
{
"category": "external",
"summary": "NGINX Security Advisory vom 2019-08-14",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4099-1 vom 2019-08-16",
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201908-12 vom 2019-08-17",
"url": "https://security.archlinux.org/ASA-201908-12"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201908-13 vom 2019-08-17",
"url": "https://security.archlinux.org/ASA-201908-13"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4505 vom 2019-08-23",
"url": "http://www.debian.org/security/2019/dsa-4505"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201908-17 vom 2019-08-27",
"url": "https://security.archlinux.org/ASA-201908-17"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4511 vom 2019-09-02",
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2309-1 vom 2019-09-06",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2692 vom 2019-09-10",
"url": "https://access.redhat.com/errata/RHSA-2019:2692"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-2692 vom 2019-09-11",
"url": "http://linux.oracle.com/errata/ELSA-2019-2692.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2746 vom 2019-09-12",
"url": "https://access.redhat.com/errata/RHSA-2019:2746"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2745 vom 2019-09-12",
"url": "https://access.redhat.com/errata/RHSA-2019:2745"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2775 vom 2019-09-17",
"url": "https://access.redhat.com/errata/RHSA-2019:2775"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2799-01 vom 2019-09-17",
"url": "https://access.redhat.com/errata/RHSA-2019:2799"
},
{
"category": "external",
"summary": "Oracle Linux Errata ELSA-2019-2799 vom 2019-09-19",
"url": "https://linux.oracle.com/errata/ELSA-2019-2799.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2473-1 vom 2019-09-26",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192473-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2925 vom 2019-09-30",
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2939 vom 2019-10-01",
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2946 vom 2019-10-01",
"url": "https://access.redhat.com/errata/RHSA-2019:2946"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2950 vom 2019-10-01",
"url": "https://access.redhat.com/errata/RHSA-2019:2950"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2949 vom 2019-10-01",
"url": "https://access.redhat.com/errata/RHSA-2019:2949"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2966 vom 2019-10-03",
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2955 vom 2019-10-02",
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:2559-1 vom 2019-10-04",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192559-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3041 vom 2019-10-14",
"url": "https://access.redhat.com/errata/RHSA-2019:3041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3933 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3935 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3932 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4018 vom 2019-11-26",
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4019 vom 2019-11-26",
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4021 vom 2019-11-26",
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4020 vom 2019-11-28",
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0922 vom 2020-03-23",
"url": "https://access.redhat.com/errata/RHSA-2020:0922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0983 vom 2020-03-26",
"url": "https://access.redhat.com/errata/RHSA-2020:0983"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1445 vom 2020-04-14",
"url": "https://access.redhat.com/errata/RHSA-2020:1445"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4669 vom 2020-04-30",
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2067 vom 2020-05-18",
"url": "https://access.redhat.com/errata/RHSA-2020:2067"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:0932-1 vom 2021-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008541.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3192 vom 2020-07-28",
"url": "https://access.redhat.com/errata/RHSA-2020:3192"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11167 vom 2021-04-16",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11167"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-5495 vom 2020-12-18",
"url": "https://linux.oracle.com/errata/ELSA-2020-5495.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6754-2 vom 2024-05-07",
"url": "https://ubuntu.com/security/notices/USN-6754-2"
}
],
"source_lang": "en-US",
"title": "nginx: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2024-05-07T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:08:35.913+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1050",
"initial_release_date": "2019-08-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-08-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-08-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-08-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Arch Linux und Fedora aufgenommen"
},
{
"date": "2019-08-19T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-63BA15CC83, FEDORA-2019-8A437D5C2F, FEDORA-2019-4427FD65BE"
},
{
"date": "2019-08-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-08-27T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Arch Linux und Fedora aufgenommen"
},
{
"date": "2019-09-02T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2019-09-05T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-09-09T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-10T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-09-12T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-17T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-18T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-19T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2019-09-26T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-09-29T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-30T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-09-30T22:00:00.000+00:00",
"number": "18",
"summary": "Version nicht vorhanden"
},
{
"date": "2019-10-01T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-10-03T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-10-06T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-10-14T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-11-20T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-11-26T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-11-27T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-22T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-03-26T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-14T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-29T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-05-17T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-28T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-12-17T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-03-24T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-04-15T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "35"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.16.1",
"product": {
"name": "Open Source nginx \u003c1.16.1",
"product_id": "T014853"
}
},
{
"category": "product_version_range",
"name": "\u003c1.17.3",
"product": {
"name": "Open Source nginx \u003c1.17.3",
"product_id": "T014854"
}
},
{
"category": "product_version_range",
"name": "\u003cPlus R18 P1",
"product": {
"name": "Open Source nginx \u003cPlus R18 P1",
"product_id": "T014855"
}
}
],
"category": "product_name",
"name": "NGINX"
}
],
"category": "vendor",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Arch Linux",
"product": {
"name": "Open Source Arch Linux",
"product_id": "T013312",
"product_identification_helper": {
"cpe": "cpe:/o:archlinux:archlinux:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"notes": [
{
"category": "description",
"text": "In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungew\u00f6hnlich gestalteten Requests. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"5930",
"T004914"
]
},
"release_date": "2019-08-14T22:00:00.000+00:00",
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9513",
"notes": [
{
"category": "description",
"text": "In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungew\u00f6hnlich gestalteten Requests. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"5930",
"T004914"
]
},
"release_date": "2019-08-14T22:00:00.000+00:00",
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9516",
"notes": [
{
"category": "description",
"text": "In nginx existieren mehrere Schwachstellen. Diese befinden sich in der HTTP/2 Implementierung. Sie beruht auf Fehlern bei der Verarbeitung von ungew\u00f6hnlich gestalteten Requests. Ein Angreifer kann dieses durch \u00dcbermittlung geeignet gestalteter Daten zu einem Denial of Service Angriff nutzen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"5930",
"T004914"
]
},
"release_date": "2019-08-14T22:00:00.000+00:00",
"title": "CVE-2019-9516"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.