-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
==================================================================== Red Hat Security Advisory
Synopsis: Important: dpdk security, bug fix, and enhancement update
Advisory ID: RHSA-2020:4806-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4806
Issue date: 2020-11-03
CVE Names: CVE-2020-10722 CVE-2020-10723 CVE-2020-10725
CVE-2020-10726
====================================================================
1. Summary:
An update for dpdk is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, x86_64
3. Description:
The dpdk packages provide the Data Plane Development Kit, which is a set of
libraries and drivers for fast packet processing in the user space.
The following packages have been upgraded to a later upstream version: dpdk
(19.11.3). (BZ#1824905)
Security Fix(es):
* dpdk: librte_vhost Malicious guest could cause segfault by sending
invalid Virtio descriptor (CVE-2020-10725)
* dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()
(CVE-2020-10722)
* dpdk: librte_vhost Integer truncation in
vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723)
* dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result
in a DoS (CVE-2020-10726)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1801361 - dpdk-pmdinfo.py can't work on RHEL8
1813252 - dpdk-devel needs rdma-core-devel and libmnl-devel on x86_64
1824905 - [Rebase] Rebase DPDK to 19.11.1
1828867 - CVE-2020-10722 dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()
1828874 - CVE-2020-10723 dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()
1828894 - CVE-2020-10725 dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor
1828898 - CVE-2020-10726 dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS
1868708 - Update to dpdk-19.11.3
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
dpdk-19.11.3-1.el8.src.rpm
aarch64:
dpdk-19.11.3-1.el8.aarch64.rpm
dpdk-debuginfo-19.11.3-1.el8.aarch64.rpm
dpdk-debugsource-19.11.3-1.el8.aarch64.rpm
dpdk-devel-19.11.3-1.el8.aarch64.rpm
dpdk-devel-debuginfo-19.11.3-1.el8.aarch64.rpm
dpdk-tools-19.11.3-1.el8.aarch64.rpm
noarch:
dpdk-doc-19.11.3-1.el8.noarch.rpm
ppc64le:
dpdk-19.11.3-1.el8.ppc64le.rpm
dpdk-debuginfo-19.11.3-1.el8.ppc64le.rpm
dpdk-debugsource-19.11.3-1.el8.ppc64le.rpm
dpdk-devel-19.11.3-1.el8.ppc64le.rpm
dpdk-devel-debuginfo-19.11.3-1.el8.ppc64le.rpm
dpdk-tools-19.11.3-1.el8.ppc64le.rpm
x86_64:
dpdk-19.11.3-1.el8.x86_64.rpm
dpdk-debuginfo-19.11.3-1.el8.x86_64.rpm
dpdk-debugsource-19.11.3-1.el8.x86_64.rpm
dpdk-devel-19.11.3-1.el8.x86_64.rpm
dpdk-devel-debuginfo-19.11.3-1.el8.x86_64.rpm
dpdk-tools-19.11.3-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-10722
https://access.redhat.com/security/cve/CVE-2020-10723
https://access.redhat.com/security/cve/CVE-2020-10725
https://access.redhat.com/security/cve/CVE-2020-10726
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6I4X9zjgjWX9erEAQi9ZQ//VvxnLfjRhkyx/z98tIv/9MyNuqNr0fSY
kN2mVdrjuNc5Sd67/qCK5lihu24lZ5SGfj3TWHT/gecFb6+9Ic+dkur6Veabd3SG
/HheeAJYtJJguGTSqPG8YTNHqBDk+/4HwxOSOeyB/shiiTRFecYLMX4xurM49OzC
65B3hlbZDpuIUDea/lENGLr6/eZQNGen14Nk0z06WkJqYuI5K8N66OVxjTAQnvM6
QicThpIM27XMJ7WviT+s0ZzJbP2MzUkdhMHV/QILxlVIujAUNwgNYmufrZoHnfNk
4KoRLsELGwf9g3uJgVzxGuDiGAe6nf//tNmNQNsftjyDUIWrg77wmBEw/Jq9fM/n
YpegSDTuJ8c1T7ZAkIPF7WNZax/aZ5tj/FgF3A9XQhIHnqh+UT50NjUwNpf+07dk
k9nCXDbHsGew01bUYy69JjREZ5llzP4UgPN1QotmNmYc2ztKUk5tkIH4D6ogLE20
udGDeiTbijCI5FcLrcJBuZg4T8IegffITPs5oKCIPtOrLWVTzlqfKf6Eb1qYuchc
4Ost5KNQOaKNakeV8NPg3LSdOnVn55pYdgRBMOs25/mm5Px6chv/p1cTCHvZiGuT
6sHz033O8g3suPHRXvGBeRjG8L0QciTj2U47ZZvbiYkZTSAedQVpIn9q920nCXiL
Yp/mtoHFLpc=+0KW
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
RedHat: RHSA-2020-4806:01 Important: dpdk security, bug fix,
An update for dpdk is now available for Red Hat Enterprise Linux 8
Summary
The dpdk packages provide the Data Plane Development Kit, which is a set of
libraries and drivers for fast packet processing in the user space.
The following packages have been upgraded to a later upstream version: dpdk
(19.11.3). (BZ#1824905)
Security Fix(es):
* dpdk: librte_vhost Malicious guest could cause segfault by sending
invalid Virtio descriptor (CVE-2020-10725)
* dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()
(CVE-2020-10722)
* dpdk: librte_vhost Integer truncation in
vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723)
* dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result
in a DoS (CVE-2020-10726)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2020-10722 https://access.redhat.com/security/cve/CVE-2020-10723 https://access.redhat.com/security/cve/CVE-2020-10725 https://access.redhat.com/security/cve/CVE-2020-10726 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
dpdk-19.11.3-1.el8.src.rpm
aarch64:
dpdk-19.11.3-1.el8.aarch64.rpm
dpdk-debuginfo-19.11.3-1.el8.aarch64.rpm
dpdk-debugsource-19.11.3-1.el8.aarch64.rpm
dpdk-devel-19.11.3-1.el8.aarch64.rpm
dpdk-devel-debuginfo-19.11.3-1.el8.aarch64.rpm
dpdk-tools-19.11.3-1.el8.aarch64.rpm
noarch:
dpdk-doc-19.11.3-1.el8.noarch.rpm
ppc64le:
dpdk-19.11.3-1.el8.ppc64le.rpm
dpdk-debuginfo-19.11.3-1.el8.ppc64le.rpm
dpdk-debugsource-19.11.3-1.el8.ppc64le.rpm
dpdk-devel-19.11.3-1.el8.ppc64le.rpm
dpdk-devel-debuginfo-19.11.3-1.el8.ppc64le.rpm
dpdk-tools-19.11.3-1.el8.ppc64le.rpm
x86_64:
dpdk-19.11.3-1.el8.x86_64.rpm
dpdk-debuginfo-19.11.3-1.el8.x86_64.rpm
dpdk-debugsource-19.11.3-1.el8.x86_64.rpm
dpdk-devel-19.11.3-1.el8.x86_64.rpm
dpdk-devel-debuginfo-19.11.3-1.el8.x86_64.rpm
dpdk-tools-19.11.3-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Severity
Advisory ID: RHSA-2020:4806-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4806
Issued Date: : 2020-11-03
CVE Names: CVE-2020-10722 CVE-2020-10723 CVE-2020-10725
CVE-2020-10726
Topic
An update for dpdk is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, x86_64
Bugs Fixed
1801361 - dpdk-pmdinfo.py can't work on RHEL8
1813252 - dpdk-devel needs rdma-core-devel and libmnl-devel on x86_64
1824905 - [Rebase] Rebase DPDK to 19.11.1
1828867 - CVE-2020-10722 dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()
1828874 - CVE-2020-10723 dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()
1828894 - CVE-2020-10725 dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor
1828898 - CVE-2020-10726 dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS
1868708 - Update to dpdk-19.11.3
News
HOWTOs
Features
About Us
Powered By
