Описание
Security update for dpdk
This update for dpdk to version 17.11.7 fixes the following issues:
- CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicious container may lead to to denial of service (bsc#1156146).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
dpdk-17.11.7-5.3.2
dpdk-kmp-default-17.11.7_k4.12.14_95.37-5.3.2
dpdk-thunderx-17.11.7-5.3.2
dpdk-thunderx-kmp-default-17.11.7_k4.12.14_95.37-5.3.2
dpdk-tools-17.11.7-5.3.2
libdpdk-17_11-17.11.7-5.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
dpdk-17.11.7-5.3.2
dpdk-kmp-default-17.11.7_k4.12.14_95.37-5.3.2
dpdk-thunderx-17.11.7-5.3.2
dpdk-thunderx-kmp-default-17.11.7_k4.12.14_95.37-5.3.2
dpdk-tools-17.11.7-5.3.2
libdpdk-17_11-17.11.7-5.3.2
SUSE Linux Enterprise Software Development Kit 12 SP4
dpdk-devel-17.11.7-5.3.2
dpdk-thunderx-devel-17.11.7-5.3.2
Ссылки
- Link for SUSE-SU-2019:3032-1
- E-Mail link for SUSE-SU-2019:3032-1
- SUSE Security Ratings
- SUSE Bug 1156146
- SUSE CVE CVE-2019-14818 page
Описание
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:dpdk-17.11.7-5.3.2
SUSE Linux Enterprise Server 12 SP4:dpdk-kmp-default-17.11.7_k4.12.14_95.37-5.3.2
SUSE Linux Enterprise Server 12 SP4:dpdk-thunderx-17.11.7-5.3.2
SUSE Linux Enterprise Server 12 SP4:dpdk-thunderx-kmp-default-17.11.7_k4.12.14_95.37-5.3.2
Ссылки
- CVE-2019-14818
- SUSE Bug 1156146