Описание
Security update for dpdk
This update for dpdk to version 18.11.3 fixes the following issues:
Security issue fixed:
- CVE-2019-14818: Fixed a denial of service by a malicious container via the vhost-user socket (bsc#1156146).
Non-security issue fixed:
- Added current version to the PMD driver directory to avoid loading previous version drivers (bsc#1157179).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP1
dpdk-18.11.3-4.3.1
dpdk-devel-18.11.3-4.3.1
dpdk-kmp-default-18.11.3_k4.12.14_197.29-4.3.1
dpdk-tools-18.11.3-4.3.1
libdpdk-18_11-18.11.3-4.3.1
Ссылки
- Link for SUSE-SU-2020:0439-1
- E-Mail link for SUSE-SU-2020:0439-1
- SUSE Security Ratings
- SUSE Bug 1151455
- SUSE Bug 1156146
- SUSE Bug 1157179
- SUSE CVE CVE-2019-14818 page
Описание
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.29-4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.3.1
Ссылки
- CVE-2019-14818
- SUSE Bug 1156146