Security update for dpdk

Announcement ID:	SUSE-SU-2019:3179-1
Rating:	moderate
References:	bsc#1134968 bsc#1145713 bsc#1151455 bsc#1156146 bsc#1157179 jsc#ECO-274 jsc#SLE-4715
Cross-References:	CVE-2019-14818
CVSS scores:	CVE-2019-14818 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-14818 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Server Applications Module 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves one vulnerability, contains two features and has four security fixes can now be installed.

Description:

This update of dpdk to version 18.11.3 provides the following fixes:

dpdk was updated to 18.11.3 (fate#327817, bsc#1145713, jsc#ECO-274, fate#325916, fate#325951 fate#326025, fate#326992, bsc#1134968, jsc#SLE-4715)

Security issue fixed:

• CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicius container may lead to to denial of service (bsc#1156146).

Other issues addressed:

• Fixed a regression by inserting version numbers to the drivers (bsc#1157179).
• Changed to multibuild (bsc#1151455).
• Added support for using externally allocated memory in DPDK.
• Added check for ensuring allocated memory is addressable by devices.
• Updated the C11 memory model version of the ring library.
• Added NXP CAAM JR PMD.
• Added support for GEN3 devices to Intel QAT driver.
• Added Distributed Software Eventdev PMD.
• Updated KNI kernel module, rte_kni library, and KNI sample application.
• Add a new sample application for vDPA.
• Updated mlx5 driver.
• Improved security of PMD to prevent the NIC from getting stuck when the application misbehaves.
• Reworked flow engine to supported e-switch flow rules (transfer attribute).
• Added support for header re-write(L2-L4), VXLAN encap/decap, count, match on TCP flags and multiple flow groups with e-switch flow rules.
• Added support for match on metadata, VXLAN and MPLS encap/decap with flow rules.
• Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better support for representors.
• Added support for meson build.
• Fixed build issue with PPC.
• Added support for BlueField VF.
• Added support for externally allocated static memory for DMA.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Server Applications Module 15
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-3179=1

Package List:

• Server Applications Module 15 (aarch64 ppc64le x86_64)
  • dpdk-devel-debuginfo-18.11.3-3.16.1
  • dpdk-devel-18.11.3-3.16.1
  • dpdk-18.11.3-3.16.1
  • dpdk-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
  • dpdk-tools-debuginfo-18.11.3-3.16.1
  • dpdk-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1
  • dpdk-debuginfo-18.11.3-3.16.1
  • dpdk-debugsource-18.11.3-3.16.1
  • dpdk-tools-18.11.3-3.16.1
  • libdpdk-18_11-debuginfo-18.11.3-3.16.1
  • libdpdk-18_11-18.11.3-3.16.1
• Server Applications Module 15 (aarch64)
  • dpdk-thunderx-devel-debuginfo-18.11.3-3.16.1
  • dpdk-thunderx-kmp-default-18.11.3_k4.12.14_150.41-3.16.1
  • dpdk-thunderx-kmp-default-debuginfo-18.11.3_k4.12.14_150.41-3.16.1
  • dpdk-thunderx-debugsource-18.11.3-3.16.1
  • dpdk-thunderx-devel-18.11.3-3.16.1
  • dpdk-thunderx-18.11.3-3.16.1
  • dpdk-thunderx-debuginfo-18.11.3-3.16.1

References:

• https://www.suse.com/security/cve/CVE-2019-14818.html
• https://bugzilla.suse.com/show_bug.cgi?id=1134968
• https://bugzilla.suse.com/show_bug.cgi?id=1145713
• https://bugzilla.suse.com/show_bug.cgi?id=1151455
• https://bugzilla.suse.com/show_bug.cgi?id=1156146
• https://bugzilla.suse.com/show_bug.cgi?id=1157179
• https://jira.suse.com/browse/ECO-274
• https://jira.suse.com/browse/SLE-4715