Описание
Security update for dpdk
This update for dpdk to version 16.11.8 provides the following security fix:
- CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application (ovs-dpdk) memory which could have lead all VM to lose connectivity (bsc#1089638)
and following non-security fixes:
- Enable the broadcom chipset family Broadcom NetXtreme II BCM57810 (bsc#1073363)
- Fix a latency problem by using cond_resched rather than schedule_timeout_interruptible (bsc#1069601)
- Fix a syntax error affecting csh environment configuration (bsc#1102310)
- Fixes in net/bnxt:
- Fix HW Tx checksum offload check
- Fix incorrect IO address handling in Tx
- Fix Rx ring count limitation
- Check access denied for HWRM commands
- Fix RETA size
- Fix close operation
- Fixes in eal/linux:
- Fix an invalid syntax in interrupts
- Fix return codes on thread naming failure
- Fixes in kni:
- Fix crash with null name
- Fix build with gcc 8.1
- Fixes in net/thunderx:
- Fix build with gcc optimization on
- Avoid sq door bell write on zero packet
- net/bonding: Fix MAC address reset
- vhost: Fix missing increment of log cache count
Список пакетов
SUSE Linux Enterprise Server 12 SP3
dpdk-16.11.8-8.10.2
dpdk-kmp-default-16.11.8_k4.4.156_94.64-8.10.2
dpdk-thunderx-16.11.8-8.10.2
dpdk-thunderx-kmp-default-16.11.8_k4.4.156_94.64-8.10.2
dpdk-tools-16.11.8-8.10.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
dpdk-16.11.8-8.10.2
dpdk-kmp-default-16.11.8_k4.4.156_94.64-8.10.2
dpdk-thunderx-16.11.8-8.10.2
dpdk-thunderx-kmp-default-16.11.8_k4.4.156_94.64-8.10.2
dpdk-tools-16.11.8-8.10.2
SUSE Linux Enterprise Software Development Kit 12 SP3
dpdk-devel-16.11.8-8.10.2
dpdk-thunderx-devel-16.11.8-8.10.2
Ссылки
- Link for SUSE-SU-2018:3923-1
- E-Mail link for SUSE-SU-2018:3923-1
- SUSE Security Ratings
- SUSE Bug 1069601
- SUSE Bug 1073363
- SUSE Bug 1089638
- SUSE Bug 1102310
- SUSE CVE CVE-2018-1059 page
Описание
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:dpdk-16.11.8-8.10.2
SUSE Linux Enterprise Server 12 SP3:dpdk-kmp-default-16.11.8_k4.4.156_94.64-8.10.2
SUSE Linux Enterprise Server 12 SP3:dpdk-thunderx-16.11.8-8.10.2
SUSE Linux Enterprise Server 12 SP3:dpdk-thunderx-kmp-default-16.11.8_k4.4.156_94.64-8.10.2
Ссылки
- CVE-2018-1059
- SUSE Bug 1089638
- SUSE Bug 1090647