Security update for dpdk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4003-1 Final 1 1 2018-12-06T14:31:22Z current 2018-12-06T14:31:22Z 2018-12-06T14:31:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dpdk This update for dpdk to version 16.11.8 provides the following security fix: - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application (ovs-dpdk) memory which could have lead all VM to lose connectivity (bsc#1089638) and following non-security fixes: - Enable the broadcom chipset family Broadcom NetXtreme II BCM57810 (bsc#1073363) - Fix a latency problem by using cond_resched rather than schedule_timeout_interruptible (bsc#1069601) - Fix a syntax error affecting csh environment configuration (bsc#1102310) - Fixes in net/bnxt: * Fix HW Tx checksum offload check * Fix incorrect IO address handling in Tx * Fix Rx ring count limitation * Check access denied for HWRM commands * Fix RETA size * Fix close operation - Fixes in eal/linux: * Fix an invalid syntax in interrupts * Fix return codes on thread naming failure - Fixes in kni: * Fix crash with null name * Fix build with gcc 8.1 - Fixes in net/thunderx: * Fix build with gcc optimization on * Avoid sq door bell write on zero packet - net/bonding: Fix MAC address reset - vhost: Fix missing increment of log cache count This update was imported from the SUSE:SLE-12-SP3:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00003.html E-Mail link for openSUSE-SU-2018:4003-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 dpdk-16.11.8-6.8.1 dpdk-devel-16.11.8-6.8.1 dpdk-doc-16.11.8-6.8.1 dpdk-examples-16.11.8-6.8.1 dpdk-kmp-default-16.11.8_k4.4.162_78-6.8.1 dpdk-tools-16.11.8-6.8.1 dpdk-16.11.8-6.8.1 as a component of openSUSE Leap 42.3 dpdk-devel-16.11.8-6.8.1 as a component of openSUSE Leap 42.3 dpdk-doc-16.11.8-6.8.1 as a component of openSUSE Leap 42.3 dpdk-examples-16.11.8-6.8.1 as a component of openSUSE Leap 42.3 dpdk-kmp-default-16.11.8_k4.4.162_78-6.8.1 as a component of openSUSE Leap 42.3 dpdk-tools-16.11.8-6.8.1 as a component of openSUSE Leap 42.3 The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. CVE-2018-1059 openSUSE Leap 42.3:dpdk-16.11.8-6.8.1 openSUSE Leap 42.3:dpdk-devel-16.11.8-6.8.1 openSUSE Leap 42.3:dpdk-doc-16.11.8-6.8.1 openSUSE Leap 42.3:dpdk-examples-16.11.8-6.8.1 openSUSE Leap 42.3:dpdk-kmp-default-16.11.8_k4.4.162_78-6.8.1 openSUSE Leap 42.3:dpdk-tools-16.11.8-6.8.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00003.html https://www.suse.com/security/cve/CVE-2018-1059.html CVE-2018-1059 https://bugzilla.suse.com/1089638 SUSE Bug 1089638 https://bugzilla.suse.com/1090647 SUSE Bug 1090647