SUSE-SU-2019:3179-1: moderate: Security update for dpdk
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Dec 5 13:15:08 MST 2019
SUSE Security Update: Security update for dpdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:3179-1
Rating: moderate
References: #1134968 #1145713 #1151455 #1156146 #1157179
Cross-References: CVE-2019-14818
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15
______________________________________________________________________________
An update that solves one vulnerability and has four fixes
is now available.
Description:
This update of dpdk to version 18.11.3 provides the following fixes:
dpdk was updated to 18.11.3 (fate#327817, bsc#1145713, jsc#ECO-274,
fate#325916, fate#325951 fate#326025, fate#326992, bsc#1134968,
jsc#SLE-4715)
Security issue fixed:
- CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicius
container may lead to to denial of service (bsc#1156146).
Other issues addressed:
- Fixed a regression by inserting version numbers to the drivers
(bsc#1157179).
- Changed to multibuild (bsc#1151455).
- Added support for using externally allocated memory in DPDK.
- Added check for ensuring allocated memory is addressable by devices.
- Updated the C11 memory model version of the ring library.
- Added NXP CAAM JR PMD.
- Added support for GEN3 devices to Intel QAT driver.
- Added Distributed Software Eventdev PMD.
- Updated KNI kernel module, rte_kni library, and KNI sample application.
- Add a new sample application for vDPA.
- Updated mlx5 driver.
* Improved security of PMD to prevent the NIC from getting stuck when
the application misbehaves.
* Reworked flow engine to supported e-switch flow rules (transfer
attribute).
* Added support for header re-write(L2-L4), VXLAN encap/decap, count,
match on TCP flags and multiple flow groups with e-switch flow rules.
* Added support for match on metadata, VXLAN and MPLS encap/decap with
flow rules.
* Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better
support for representors.
* Added support for meson build.
* Fixed build issue with PPC.
* Added support for BlueField VF.
* Added support for externally allocated static memory for DMA.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Server Applications 15:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-3179=1
Package List:
- SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le x86_64):
dpdk-18.11.3-3.16.1
dpdk-debuginfo-18.11.3-3.16.1
dpdk-debugsource-18.11.3-3.16.1
dpdk-devel-18.11.3-3.16.1
dpdk-devel-debuginfo-18.11.3-3.16.1
dpdk-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1
dpdk-tools-18.11.3-3.16.1
dpdk-tools-debuginfo-18.11.3-3.16.1
libdpdk-18_11-18.11.3-3.16.1
libdpdk-18_11-debuginfo-18.11.3-3.16.1
- SUSE Linux Enterprise Module for Server Applications 15 (aarch64):
dpdk-thunderx-18.11.3-3.16.1
dpdk-thunderx-debuginfo-18.11.3-3.16.1
dpdk-thunderx-debugsource-18.11.3-3.16.1
dpdk-thunderx-devel-18.11.3-3.16.1
dpdk-thunderx-devel-debuginfo-18.11.3-3.16.1
dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1
References:
https://www.suse.com/security/cve/CVE-2019-14818.html
https://bugzilla.suse.com/1134968
https://bugzilla.suse.com/1145713
https://bugzilla.suse.com/1151455
https://bugzilla.suse.com/1156146
https://bugzilla.suse.com/1157179
More information about the sle-security-updates
mailing list