Detections
Analytics

openSUSE Security Update : dpdk (openSUSE-2018-1484)

medium Nessus Plugin ID 119492

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for dpdk to version 16.11.8 provides the following security fix :

 - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application (ovs-dpdk) memory which could have lead all VM to lose connectivity (bsc#1089638)

and following non-security fixes :

 - Enable the broadcom chipset family Broadcom NetXtreme II BCM57810 (bsc#1073363)

 - Fix a latency problem by using cond_resched rather than schedule_timeout_interruptible (bsc#1069601)

 - Fix a syntax error affecting csh environment configuration (bsc#1102310)

 - Fixes in net/bnxt :

 - Fix HW Tx checksum offload check

 - Fix incorrect IO address handling in Tx

 - Fix Rx ring count limitation

 - Check access denied for HWRM commands

 - Fix RETA size

 - Fix close operation

 - Fixes in eal/linux :

 - Fix an invalid syntax in interrupts

 - Fix return codes on thread naming failure

 - Fixes in kni :

 - Fix crash with null name

 - Fix build with gcc 8.1

 - Fixes in net/thunderx :

 - Fix build with gcc optimization on

 - Avoid sq door bell write on zero packet

 - net/bonding: Fix MAC address reset

 - vhost: Fix missing increment of log cache count

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Solution

Update the affected dpdk packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1069601

https://bugzilla.opensuse.org/show_bug.cgi?id=1073363

https://bugzilla.opensuse.org/show_bug.cgi?id=1089638

https://bugzilla.opensuse.org/show_bug.cgi?id=1102310

Plugin Details

Severity: Medium

ID: 119492

File Name: openSUSE-2018-1484.nasl

Version: 1.4

Type: local

Agent: unix

Published: 12/7/2018

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.9

Temporal Score: 2.1

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:dpdk, p-cpe:/a:novell:opensuse:dpdk-debuginfo, p-cpe:/a:novell:opensuse:dpdk-debugsource, p-cpe:/a:novell:opensuse:dpdk-devel, p-cpe:/a:novell:opensuse:dpdk-devel-debuginfo, p-cpe:/a:novell:opensuse:dpdk-examples, p-cpe:/a:novell:opensuse:dpdk-examples-debuginfo, p-cpe:/a:novell:opensuse:dpdk-kmp-default, p-cpe:/a:novell:opensuse:dpdk-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:dpdk-tools, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/6/2018

Vulnerability Publication Date: 4/24/2018

Reference Information

CVE: CVE-2018-1059