Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1760
dpdk security update
19 May 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: dpdk
Publisher: Debian
Operating System: Debian GNU/Linux 9
Debian GNU/Linux 10
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified
Denial of Service -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2020-10724 CVE-2020-10723 CVE-2020-10722
Original Bulletin:
http://www.debian.org/security/2020/dsa-4688
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running dpdk check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4688-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : dpdk
CVE ID : CVE-2020-10722 CVE-2020-10723 CVE-2020-10724
Multiple vulnerabilities were discovered in the vhost code of DPDK,
a set of libraries for fast packet processing, which could result
in denial of service or the execution of arbitrary code by malicious
guests/containers.
For the oldstable distribution (stretch), these problems have been fixed
in version 16.11.11-1+deb9u2.
For the stable distribution (buster), these problems have been fixed in
version 18.11.6-1~deb10u2.
We recommend that you upgrade your dpdk packages.
For the detailed security status of dpdk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dpdk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7CzHsACgkQEMKTtsN8
TjYndBAAjiKFfUNxHjax/nCVHkY3OeiCHGkqOkH5kY6/nTpEIW6neMIc4tXh/cMV
JEI/dC6kRIZoMETehV/pqdBCSFiYzkIjlVakYIabBZ/oZpZVIzZrLQxDoX5rL4zQ
oyDaaWYJEz879enRUrUIF8m3QICtxlbcaviO9RNcXJnKpjt6QYGdDMzpBLySZyzl
OhZEOwc/bXBQafAdhTYFar1HMtbdMqZfIEuIOry+KAPVx7UJbKEYm3z+sKgrr8RE
Evyr39fTBNGxn/grERRwIcnsOSFKDiddqlEprUtWHwoPmk3xWCa5DbZ9RuMvvjdU
Dk4acd+4tprN2qgZZPkoQN5AgLpUvkgZwiCl77BReyEk/5XynuSff4rLJ9frmxvU
gU3tuKLEjhTCoEeElE8sUvi3ULZ4+yKfuVKtZToQyDt/JKlhSSTrqUPLR8h9rFMI
qUzc5YL5Bf0pM2GZ6F8lfZCpXkAxXvl5orYp2AZeym8oqqt5dZdL3ZCw2/hdiMYB
ptwNlgM8RTiAJJJfnIt9fEQ/rIdhTYVAPglBjJgeH7qWEyUy20WISckN5ZHaKoau
sOaULquxQdVk2M5PvApIdeOdGzkp/QttC0yMNfbVBqk35jUrHf3ikyN9fXyxp4fs
jpqA11lPUNHS+08aCoPcnvT6AdEiejVu43E0j7r7HAb1mYFiEpQ=
=9YVf
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXsMTF+NLKJtyKPYoAQg2Hw/+OkeX35jUDEexLSEzRkfIBF6c2YX7TUxu
ewgZ0t+XezP0Y2S1y7dRwb+sPMNfAkKi3VqVipFa3GlvPb3BdWtujk+57E+04qjk
GQwANP1d0jy3MGC+aRnFb1T/ALYwG4GqdIJhz9I3tu8YIEJD+diZ6DYUnQ0Xua5p
I8BEVKj0lHQchTgZZwK34bk8Z6/Bip3r56MF7YA9ANuo6OussFumASden2qy2uu2
REK4XXU/eRHanJ/2Etofvl5yS1pDL42NqU0OFYaglWmIxBbheKMZ9htBixtKRG54
4YjlW7K8O3OBj45UDZ0QmTEFsYlruvvyCzBvD9dZoxYKNyYOE4w+UR2povK+lauZ
4KjSyh2T9ZcK8kvuW0i7aNYNyT3pA8CHD23nGAbbLrEuM+o2nWK0AfsskL7EjaAA
XaW4PMVxRJthO/R9iNtYNsBKGDTTFMfBQntZbsuwfWhjjtnBtd6G1MdTo0Y1J9R6
rUxzQwmG8ZtfVmWYfQh4prgDLueKq4sg8IO9pdLJsJzauAmQku6U0sISINPLslFU
hxJFwzGfCq9DfCQQw/CKqSEljM148HKCZ5ha+jACK5lvKSQyXRapYkXspEcZdPNT
biP1t6NGYsjSXSqEL94f8yZylfZ3raPyGu396jClLAgrLbDfqXRyA1wbR8YiU9hj
l2VvAzNP2nQ=
=hwmd
-----END PGP SIGNATURE-----