Описание
Security update for dpdk
This update for dpdk to version 18.11.3 fixes the following issues:
dpdk was updated to 18.11.3
Security issue fixed:
- CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicious container may lead to to denial of service (bsc#1156146).
Other issues addressed:
- Changed to multibuild (bsc#1151455).
- Fixed a regression caused by loading old version drivers (bsc#1157179).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
dpdk-18.11.3-3.6.1
dpdk-kmp-default-18.11.3_k4.12.14_122.12-3.6.1
dpdk-thunderx-18.11.3-3.6.1
dpdk-thunderx-kmp-default-18.11.3_k4.12.14_122.12-3.6.1
dpdk-tools-18.11.3-3.6.1
libdpdk-18_11-18.11.3-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
dpdk-18.11.3-3.6.1
dpdk-kmp-default-18.11.3_k4.12.14_122.12-3.6.1
dpdk-thunderx-18.11.3-3.6.1
dpdk-thunderx-kmp-default-18.11.3_k4.12.14_122.12-3.6.1
dpdk-tools-18.11.3-3.6.1
libdpdk-18_11-18.11.3-3.6.1
SUSE Linux Enterprise Software Development Kit 12 SP5
dpdk-devel-18.11.3-3.6.1
dpdk-thunderx-devel-18.11.3-3.6.1
Ссылки
- Link for SUSE-SU-2020:0412-1
- E-Mail link for SUSE-SU-2020:0412-1
- SUSE Security Ratings
- SUSE Bug 1151455
- SUSE Bug 1156146
- SUSE Bug 1157179
- SUSE CVE CVE-2019-14818 page
Описание
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:dpdk-18.11.3-3.6.1
SUSE Linux Enterprise Server 12 SP5:dpdk-kmp-default-18.11.3_k4.12.14_122.12-3.6.1
SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-18.11.3-3.6.1
SUSE Linux Enterprise Server 12 SP5:dpdk-thunderx-kmp-default-18.11.3_k4.12.14_122.12-3.6.1
Ссылки
- CVE-2019-14818
- SUSE Bug 1156146