Security update for dpdk-thunderxdpdk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1560-1 Final 1 1 2018-06-05T21:01:59Z current 2018-06-05T21:01:59Z 2018-06-05T21:01:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dpdk-thunderxdpdk This update fixes the following issues: - CVE-2018-1059: The DPDK vhost-user interface did not check to verify that all the requested guest physical range was mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may have lead to a malicious guest exposing vhost-user backend process memory (bsc#1089638). This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00005.html E-Mail link for openSUSE-SU-2018:1560-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 dpdk-16.11.6-6.5.1 dpdk-devel-16.11.6-6.5.1 dpdk-doc-16.11.6-6.5.1 dpdk-examples-16.11.6-6.5.1 dpdk-kmp-default-16.11.6_k4.4.132_53-6.5.1 dpdk-tools-16.11.6-6.5.1 dpdk-16.11.6-6.5.1 as a component of openSUSE Leap 42.3 dpdk-devel-16.11.6-6.5.1 as a component of openSUSE Leap 42.3 dpdk-doc-16.11.6-6.5.1 as a component of openSUSE Leap 42.3 dpdk-examples-16.11.6-6.5.1 as a component of openSUSE Leap 42.3 dpdk-kmp-default-16.11.6_k4.4.132_53-6.5.1 as a component of openSUSE Leap 42.3 dpdk-tools-16.11.6-6.5.1 as a component of openSUSE Leap 42.3 The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. CVE-2018-1059 openSUSE Leap 42.3:dpdk-16.11.6-6.5.1 openSUSE Leap 42.3:dpdk-devel-16.11.6-6.5.1 openSUSE Leap 42.3:dpdk-doc-16.11.6-6.5.1 openSUSE Leap 42.3:dpdk-examples-16.11.6-6.5.1 openSUSE Leap 42.3:dpdk-kmp-default-16.11.6_k4.4.132_53-6.5.1 openSUSE Leap 42.3:dpdk-tools-16.11.6-6.5.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00005.html https://www.suse.com/security/cve/CVE-2018-1059.html CVE-2018-1059 https://bugzilla.suse.com/1089638 SUSE Bug 1089638 https://bugzilla.suse.com/1090647 SUSE Bug 1090647