SUSE-SU-2022:3429-1

Опубликовано: 27 сент. 2022

Источник: suse-cvrf

Описание

Security update for dpdk

This update for dpdk fixes the following issues:

CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs (bsc#1202903).
CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956).

Список пакетов

SUSE Enterprise Storage 7

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-thunderx-19.11.4-150200.3.20.1

dpdk-thunderx-devel-19.11.4-150200.3.20.1

dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-thunderx-19.11.4-150200.3.20.1

dpdk-thunderx-devel-19.11.4-150200.3.20.1

dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-thunderx-19.11.4-150200.3.20.1

dpdk-thunderx-devel-19.11.4-150200.3.20.1

dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

SUSE Linux Enterprise Server 15 SP2-BCL

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

SUSE Linux Enterprise Server 15 SP2-LTSS

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-thunderx-19.11.4-150200.3.20.1

dpdk-thunderx-devel-19.11.4-150200.3.20.1

dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

SUSE Manager Proxy 4.1

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

SUSE Manager Retail Branch Server 4.1

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

SUSE Manager Server 4.1

dpdk-19.11.4-150200.3.20.1

dpdk-devel-19.11.4-150200.3.20.1

dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

dpdk-tools-19.11.4-150200.3.20.1

libdpdk-20_0-19.11.4-150200.3.20.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223429-1/
Link for SUSE-SU-2022:3429-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012405.html
E-Mail link for SUSE-SU-2022:3429-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1202903
SUSE Bug 1202903
https://bugzilla.suse.com/1202956
SUSE Bug 1202956
https://www.suse.com/security/cve/CVE-2022-2132/
SUSE CVE CVE-2022-2132 page
https://www.suse.com/security/cve/CVE-2022-28199/
SUSE CVE CVE-2022-28199 page

Описание

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

Затронутые продукты

SUSE Enterprise Storage 7:dpdk-19.11.4-150200.3.20.1

SUSE Enterprise Storage 7:dpdk-devel-19.11.4-150200.3.20.1

SUSE Enterprise Storage 7:dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

SUSE Enterprise Storage 7:dpdk-thunderx-19.11.4-150200.3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-2132.html
CVE-2022-2132
https://bugzilla.suse.com/1202903
SUSE Bug 1202903

Описание

NVIDIA's distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

Затронутые продукты

SUSE Enterprise Storage 7:dpdk-19.11.4-150200.3.20.1

SUSE Enterprise Storage 7:dpdk-devel-19.11.4-150200.3.20.1

SUSE Enterprise Storage 7:dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1

SUSE Enterprise Storage 7:dpdk-thunderx-19.11.4-150200.3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-28199.html
CVE-2022-28199
https://bugzilla.suse.com/1202956
SUSE Bug 1202956

SUSE-SU-2022:3429-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

Ссылки

Уязвимость: CVE-2022-2132

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-28199

Описание

Затронутые продукты

Ссылки