Security update for dpdk

SUSE Security Update: Security update for dpdk
Announcement ID: SUSE-SU-2019:3179-1
Rating: moderate
References: #1134968 #1145713 #1151455 #1156146 #1157179
Cross-References: CVE-2019-14818
Affected Products:
  • SUSE Linux Enterprise Module for Server Applications 15

An update that solves one vulnerability and has four fixes is now available.

Description:

This update of dpdk to version 18.11.3 provides the following fixes:
dpdk was updated to 18.11.3 (fate#327817, bsc#1145713, jsc#ECO-274, fate#325916, fate#325951 fate#326025, fate#326992, bsc#1134968, jsc#SLE-4715)
Security issue fixed:

  • CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicius container may lead to to denial of service (bsc#1156146).

Other issues addressed:
  • Fixed a regression by inserting version numbers to the drivers (bsc#1157179).
  • Changed to multibuild (bsc#1151455).
  • Added support for using externally allocated memory in DPDK.
  • Added check for ensuring allocated memory is addressable by devices.
  • Updated the C11 memory model version of the ring library.
  • Added NXP CAAM JR PMD.
  • Added support for GEN3 devices to Intel QAT driver.
  • Added Distributed Software Eventdev PMD.
  • Updated KNI kernel module, rte_kni library, and KNI sample application.
  • Add a new sample application for vDPA.
  • Updated mlx5 driver. * Improved security of PMD to prevent the NIC from getting stuck when the application misbehaves. * Reworked flow engine to supported e-switch flow rules (transfer attribute). * Added support for header re-write(L2-L4), VXLAN encap/decap, count, match on TCP flags and multiple flow groups with e-switch flow rules. * Added support for match on metadata, VXLAN and MPLS encap/decap with flow rules. * Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better support for representors. * Added support for meson build. * Fixed build issue with PPC. * Added support for BlueField VF. * Added support for externally allocated static memory for DMA.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Server Applications 15:
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-3179=1

Package List:

  • SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le x86_64):
    • dpdk-18.11.3-3.16.1
    • dpdk-debuginfo-18.11.3-3.16.1
    • dpdk-debugsource-18.11.3-3.16.1
    • dpdk-devel-18.11.3-3.16.1
    • dpdk-devel-debuginfo-18.11.3-3.16.1
    • dpdk-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
    • dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1
    • dpdk-tools-18.11.3-3.16.1
    • dpdk-tools-debuginfo-18.11.3-3.16.1
    • libdpdk-18_11-18.11.3-3.16.1
    • libdpdk-18_11-debuginfo-18.11.3-3.16.1
  • SUSE Linux Enterprise Module for Server Applications 15 (aarch64):
    • dpdk-thunderx-18.11.3-3.16.1
    • dpdk-thunderx-debuginfo-18.11.3-3.16.1
    • dpdk-thunderx-debugsource-18.11.3-3.16.1
    • dpdk-thunderx-devel-18.11.3-3.16.1
    • dpdk-thunderx-devel-debuginfo-18.11.3-3.16.1
    • dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
    • dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1

References: