-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: dpdk security, bug fix and enhancement update
Advisory ID:       RHSA-2018:2038-01
Product:           Red Hat Enterprise Linux Extras
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2038
Issue date:        2018-06-26
CVE Names:         CVE-2018-1059 
====================================================================
1. Summary:

An update for DPDK is now available for Extras for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras - noarch, ppc64le, x86_64

3. Description:

The dpdk packages provide the Data Plane Development Kit, which is a set of
libraries and drivers for fast packet processing in the user space.

Security Fix(es):

* dpdk: Information exposure in unchecked guest physical to host virtual
address translations (CVE-2018-1059)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

This issue was discovered by Maxime Coquelin (Red Hat).

4. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1544298 - CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translations
1573912 - Backport "net/nfp: fix mbufs releasing when stop or close"

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:
dpdk-17.11-11.el7.src.rpm

noarch:
dpdk-doc-17.11-11.el7.noarch.rpm

ppc64le:
dpdk-17.11-11.el7.ppc64le.rpm
dpdk-debuginfo-17.11-11.el7.ppc64le.rpm
dpdk-devel-17.11-11.el7.ppc64le.rpm
dpdk-tools-17.11-11.el7.ppc64le.rpm

x86_64:
dpdk-17.11-11.el7.x86_64.rpm
dpdk-debuginfo-17.11-11.el7.x86_64.rpm
dpdk-devel-17.11-11.el7.x86_64.rpm
dpdk-tools-17.11-11.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-1059
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzKI59zjgjWX9erEAQjskA//Tc66M/UtbEDa/mlNWEJyN/esqQxY7xib
cML/Hq4YuuGDivZ7TOfDg+uG/K9IoYrLL0ZUyx39VOLtyPjQwfydCDuQZoqozMyJ
GMf1napNQuSg+2E1eu5IDb0pilhYo2LkeKIC7y54/cITD1sXsWqE77klGmGSqLVM
/lLXBHPXlc+IgaAGJaC5ZpW2j4ltZjtTTKq+mF5E5hRVSEVDN885nFrZ4k6UxXn2
RxVuDmAuIBwfXVX5au049iIoXnH80Kciknxg2BQOuZRbp3uC3mLWS7z4D5N98ldZ
fOTaDGvOv3+YjnChTAyrMIqrPP0kBrU6ipFmJvLobKEiXpJLbiPqnoxX5gihi7zJ
e9vWEDQI+JW7t69ifwZanxMlq2favhYYgj1lGVylh2Z6PQ4GJrihCnmYZp/ceJ3K
ZUdrGaLID4rZkso9+IX/uy+GdIy1uoPCATy9ayml2t1e8TDXAPOLuB1Jywze8Ijq
GHH+TLZNVR25o1Dl+YNPSDMjae0j+18carpc1uBSmwfbRVLZmp6/Ah7kwt8qMN+1
bacJMTTJ0hlkwDX0Gqpf/Vuhq9310cnGWv4RYlICaIP9FCmkAsJfh4GpJ+aYVlu6
0VWrc1WAg2B6c1Ht/wX855BiYexX+xn4fCjU0srWJ7WqF48DRuesKCR2vvLevbV4
OM2BWK6wsnQ=0z0H
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2018-2038:01 Moderate: dpdk security,

An update for DPDK is now available for Extras for Red Hat Enterprise Linux 7

Summary

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space.
Security Fix(es):
* dpdk: Information exposure in unchecked guest physical to host virtual address translations (CVE-2018-1059)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Maxime Coquelin (Red Hat).



Summary


Solution

For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2018-1059 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux 7 Extras:
Source: dpdk-17.11-11.el7.src.rpm
noarch: dpdk-doc-17.11-11.el7.noarch.rpm
ppc64le: dpdk-17.11-11.el7.ppc64le.rpm dpdk-debuginfo-17.11-11.el7.ppc64le.rpm dpdk-devel-17.11-11.el7.ppc64le.rpm dpdk-tools-17.11-11.el7.ppc64le.rpm
x86_64: dpdk-17.11-11.el7.x86_64.rpm dpdk-debuginfo-17.11-11.el7.x86_64.rpm dpdk-devel-17.11-11.el7.x86_64.rpm dpdk-tools-17.11-11.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2018:2038-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2038
Issued Date: : 2018-06-26
CVE Names: CVE-2018-1059

Topic

An update for DPDK is now available for Extras for Red Hat Enterprise Linux7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux 7 Extras - noarch, ppc64le, x86_64


Bugs Fixed

1544298 - CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translations

1573912 - Backport "net/nfp: fix mbufs releasing when stop or close"


Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved