Issued:: 2020-06-23
Updated:: 2020-06-23

RHSA-2020:2683 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: dpdk security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dpdk is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space.

The following packages have been upgraded to a later upstream version: dpdk (18.11.8). (BZ#1825276)

Security Fix(es):

dpdk: librte_vhost Interger overflow in vhost_user_set_log_base() (CVE-2020-10722)
dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1825276 - [Rebase] Rebase DPDK to 18.11.7
BZ - 1828867 - CVE-2020-10722 dpdk: librte_vhost Interger overflow in vhost_user_set_log_base()
BZ - 1828874 - CVE-2020-10723 dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
dpdk-18.11.8-1.el7_8.src.rpm	SHA-256: cd9a0abcbe7baf9cc669f5a0b79674e908ee8fbc7f778e79fd5bb2f2ada9fd7b
x86_64
dpdk-18.11.8-1.el7_8.x86_64.rpm	SHA-256: 2605f2f672de7885d4dba11d4e9d010a1f787f7c593677fa7272dc1c423f9708
dpdk-debuginfo-18.11.8-1.el7_8.x86_64.rpm	SHA-256: 255d86d9bce44db561dd9ae7e6ef9d9befbede97272cdfcbfb94af4fee580a12
dpdk-devel-18.11.8-1.el7_8.x86_64.rpm	SHA-256: 4e63e631a12a971de47f71d37739037f27c97ffe1c52b08686fe19b0c97710d0
dpdk-doc-18.11.8-1.el7_8.noarch.rpm	SHA-256: d5375cb08319aa0db144e534f32d595c6e8bc9f9be0ebf182049fae92ce6d61b
dpdk-tools-18.11.8-1.el7_8.x86_64.rpm	SHA-256: 1d1c2015db9c16159226b00f9ce12c1a03434e6d2d4d17592664d4d2f27de45f

Red Hat Enterprise Linux for Power, little endian 7

SRPM
dpdk-18.11.8-1.el7_8.src.rpm	SHA-256: cd9a0abcbe7baf9cc669f5a0b79674e908ee8fbc7f778e79fd5bb2f2ada9fd7b
ppc64le
dpdk-18.11.8-1.el7_8.ppc64le.rpm	SHA-256: 413dae4a90b265dfbfc572e09652272662f3e577edb10bfd6f7f2eefd740d0ca
dpdk-debuginfo-18.11.8-1.el7_8.ppc64le.rpm	SHA-256: c3e06914a10b64d0089cc7f90c33d1a970940adf6e5ca8f8cbb4f97874dae43d
dpdk-devel-18.11.8-1.el7_8.ppc64le.rpm	SHA-256: ae3e540afa290916ea4280142b81e7bc3a1c8eea82eab3e2d0ca707ee7245091
dpdk-doc-18.11.8-1.el7_8.noarch.rpm	SHA-256: d5375cb08319aa0db144e534f32d595c6e8bc9f9be0ebf182049fae92ce6d61b
dpdk-tools-18.11.8-1.el7_8.ppc64le.rpm	SHA-256: 2a53f3f2064886d8ebbb867e5e1a0d1e35e810247cd9c22646f2e370ea529b07

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation