Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 32: FEDORA-2020-04e3d34451 Moderate: DPDK DoS and Overflow Fixes

fedora
Calendar Grey May 28, 2020
Dist Fedora Esm H88
The DPDK update tackles various problems such as denial of service attacks and vulnerabilities related to integer overflow in the Fedora system.
Fix cvws CVE-2020-10726,CVE-2020-10724,CVE-2020-10723,CVE-2020-10722,CVE-2020-10725

Summary

The Data Plane Development Kit is a set of libraries and drivers for

fast packet processing in the user space.

Fix cvws

CVE-2020-10726,CVE-2020-10724,CVE-2020-10723,CVE-2020-10722,CVE-2020-10725

* Tue May 19 2020 Neil Horman - 2:19.11-2

- Fix CVE-2020-10726 (bz 1837060)

- Fix CVE-2020-10724 (bz 1837057)

- Fix CVE-2020-10723 (bz 1837056)

- Fix CVE-2020-10722 (bz 1837055)

- Fix CVE-2020-10725 (bz 1837059)

* Mon Apr 6 2020 Timothy Redaelli - 2:19.11-1

- Update to latest 19.11 LTS (bz1821213)

[ 1 ] Bug #1837055 - CVE-2020-10722 dpdk: librte_vhost Interger overflow in vhost_user_set_log_base() [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1837055

[ 2 ] Bug #1837056 - CVE-2020-10723 dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1837056

[ 3 ] Bug #1837057 - CVE-2020-10724 dpdk: librte_vhost Missing inputs validation in Vhost-crypto [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1837057

[ 4 ] Bug #1837059 - CVE-2020-10725 dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1837059

[ 5 ] Bug #1837060 - CVE-2020-10726 dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1837060

su -c 'dnf upgrade --advisory FEDORA-2020-04e3d34451' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora package update DoS integer overflow dpdk

Change Log

References

Update Instructions

Product: Fedora 32
Version: 19.11.1
Release: 2.fc32
URL: https://www.dpdk.org/
Summary: Set of libraries and drivers for fast packet processing

Topics%20covered

Topics Covered

security advisory fedora package update DoS integer overflow dpdk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here