{"affected":[{"ecosystem_specific":{"binaries":[{"nginx":"1.16.1-3.12.7"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"nginx","purl":"pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.16.1-3.12.7"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"nginx":"1.16.1-3.12.7"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"nginx","purl":"pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.16.1-3.12.7"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"nginx":"1.16.1-3.12.7"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"nginx","purl":"pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.16.1-3.12.7"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"nginx":"1.16.1-3.12.7"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"nginx","purl":"pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.16.1-3.12.7"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nginx fixes the following issues:\n\nnginx was updated to 1.16.1 (jsc#ECO-1401)\t  \n\n- Added TLS 1.3 support (jsc#SLE-9295, bsc#1150711)\n- Replaced obsolete GeoIP module with MaxMinDB-based GeoIP2\n  (jsc#SLE-11184, bsc#1156202)\n- Started nginx after network is online (bsc#1155690)\t  \n- CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page \n  configurations which could have allowed unauthorized web page reads (bsc#1160682). \t  \n","id":"SUSE-SU-2020:1171-1","modified":"2020-05-04T15:06:28Z","published":"2020-05-04T15:06:28Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20201171-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1150711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155690"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156202"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160682"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20372"}],"related":["CVE-2019-20372"],"summary":"Security update for nginx","upstream":["CVE-2019-20372"]}