Описание
Security update for dpdk
This update for dpdk to version 16.11.9 following issue:
-
CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicious container may lead to to denial of service (bsc#1156146).
-
CVE-2020-12693: Fixed an authentication bypass via an alternate path or channel (boo#1172004).
-
rebuilt with new signing key. (bsc#1174543)
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2020:2194-1
- E-Mail link for SUSE-SU-2020:2194-1
- SUSE Security Ratings
- SUSE Bug 1156146
- SUSE Bug 1171477
- SUSE Bug 1171930
- SUSE Bug 1174543
- SUSE CVE CVE-2019-14818 page
- SUSE CVE CVE-2020-10722 page
Описание
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Затронутые продукты
Ссылки
- CVE-2019-14818
- SUSE Bug 1156146
Описание
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
Затронутые продукты
Ссылки
- CVE-2020-10722
- SUSE Bug 1171477
- SUSE Bug 1171930