SUSE-SU-2019:3179-1: moderate: Security update for dpdk

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Dec 5 13:15:08 MST 2019


   SUSE Security Update: Security update for dpdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:3179-1
Rating:             moderate
References:         #1134968 #1145713 #1151455 #1156146 #1157179 
                    
Cross-References:   CVE-2019-14818
Affected Products:
                    SUSE Linux Enterprise Module for Server Applications 15
______________________________________________________________________________

   An update that solves one vulnerability and has four fixes
   is now available.

Description:

   This update of dpdk to version 18.11.3 provides the following fixes:

   dpdk was updated to 18.11.3 (fate#327817, bsc#1145713, jsc#ECO-274,
   fate#325916, fate#325951 fate#326025, fate#326992, bsc#1134968,
   jsc#SLE-4715)

   Security issue fixed:

   - CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicius
     container may lead to to denial of service (bsc#1156146).

   Other issues addressed:

   - Fixed a regression by inserting version numbers to the drivers
     (bsc#1157179).
   - Changed to multibuild (bsc#1151455).
   - Added support for using externally allocated memory in DPDK.
   - Added check for ensuring allocated memory is addressable by devices.
   - Updated the C11 memory model version of the ring library.
   - Added NXP CAAM JR PMD.
   - Added support for GEN3 devices to Intel QAT driver.
   - Added Distributed Software Eventdev PMD.
   - Updated KNI kernel module, rte_kni library, and KNI sample application.
   - Add a new sample application for vDPA.
   - Updated mlx5 driver.
     * Improved security of PMD to prevent the NIC from getting stuck when
       the application misbehaves.
     * Reworked flow engine to supported e-switch flow rules (transfer
       attribute).
     * Added support for header re-write(L2-L4), VXLAN encap/decap, count,
       match on TCP flags and multiple flow groups with e-switch flow rules.
     * Added support for match on metadata, VXLAN and MPLS encap/decap with
       flow rules.
     * Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better
       support for representors.
     * Added support for meson build.
     * Fixed build issue with PPC.
     * Added support for BlueField VF.
     * Added support for externally allocated static memory for DMA.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Server Applications 15:

      zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-3179=1



Package List:

   - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le x86_64):

      dpdk-18.11.3-3.16.1
      dpdk-debuginfo-18.11.3-3.16.1
      dpdk-debugsource-18.11.3-3.16.1
      dpdk-devel-18.11.3-3.16.1
      dpdk-devel-debuginfo-18.11.3-3.16.1
      dpdk-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
      dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1
      dpdk-tools-18.11.3-3.16.1
      dpdk-tools-debuginfo-18.11.3-3.16.1
      libdpdk-18_11-18.11.3-3.16.1
      libdpdk-18_11-debuginfo-18.11.3-3.16.1

   - SUSE Linux Enterprise Module for Server Applications 15 (aarch64):

      dpdk-thunderx-18.11.3-3.16.1
      dpdk-thunderx-debuginfo-18.11.3-3.16.1
      dpdk-thunderx-debugsource-18.11.3-3.16.1
      dpdk-thunderx-devel-18.11.3-3.16.1
      dpdk-thunderx-devel-debuginfo-18.11.3-3.16.1
      dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
      dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1


References:

   https://www.suse.com/security/cve/CVE-2019-14818.html
   https://bugzilla.suse.com/1134968
   https://bugzilla.suse.com/1145713
   https://bugzilla.suse.com/1151455
   https://bugzilla.suse.com/1156146
   https://bugzilla.suse.com/1157179



More information about the sle-security-updates mailing list