Security update for dpdk

SUSE Security Update: Security update for dpdk
Announcement ID: SUSE-SU-2019:3179-1
Rating: moderate
References: #1134968 #1145713 #1151455 #1156146 #1157179
Cross-References: CVE-2019-14818
Affected Products:
  • SUSE Linux Enterprise Module for Server Applications 15

An update that solves one vulnerability and has four fixes is now available.


This update of dpdk to version 18.11.3 provides the following fixes:
dpdk was updated to 18.11.3 (fate#327817, bsc#1145713, jsc#ECO-274, fate#325916, fate#325951 fate#326025, fate#326992, bsc#1134968, jsc#SLE-4715)
Security issue fixed:

  • CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicius container may lead to to denial of service (bsc#1156146).

Other issues addressed:
  • Fixed a regression by inserting version numbers to the drivers (bsc#1157179).
  • Changed to multibuild (bsc#1151455).
  • Added support for using externally allocated memory in DPDK.
  • Added check for ensuring allocated memory is addressable by devices.
  • Updated the C11 memory model version of the ring library.
  • Added NXP CAAM JR PMD.
  • Added support for GEN3 devices to Intel QAT driver.
  • Added Distributed Software Eventdev PMD.
  • Updated KNI kernel module, rte_kni library, and KNI sample application.
  • Add a new sample application for vDPA.
  • Updated mlx5 driver. * Improved security of PMD to prevent the NIC from getting stuck when the application misbehaves. * Reworked flow engine to supported e-switch flow rules (transfer attribute). * Added support for header re-write(L2-L4), VXLAN encap/decap, count, match on TCP flags and multiple flow groups with e-switch flow rules. * Added support for match on metadata, VXLAN and MPLS encap/decap with flow rules. * Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better support for representors. * Added support for meson build. * Fixed build issue with PPC. * Added support for BlueField VF. * Added support for externally allocated static memory for DMA.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Server Applications 15:
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-3179=1

Package List:

  • SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le x86_64):
    • dpdk-18.11.3-3.16.1
    • dpdk-debuginfo-18.11.3-3.16.1
    • dpdk-debugsource-18.11.3-3.16.1
    • dpdk-devel-18.11.3-3.16.1
    • dpdk-devel-debuginfo-18.11.3-3.16.1
    • dpdk-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
    • dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1
    • dpdk-tools-18.11.3-3.16.1
    • dpdk-tools-debuginfo-18.11.3-3.16.1
    • libdpdk-18_11-18.11.3-3.16.1
    • libdpdk-18_11-debuginfo-18.11.3-3.16.1
  • SUSE Linux Enterprise Module for Server Applications 15 (aarch64):
    • dpdk-thunderx-18.11.3-3.16.1
    • dpdk-thunderx-debuginfo-18.11.3-3.16.1
    • dpdk-thunderx-debugsource-18.11.3-3.16.1
    • dpdk-thunderx-devel-18.11.3-3.16.1
    • dpdk-thunderx-devel-debuginfo-18.11.3-3.16.1
    • dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
    • dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1