Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1760 dpdk security update 19 May 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dpdk Publisher: Debian Operating System: Debian GNU/Linux 9 Debian GNU/Linux 10 Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified Denial of Service -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-10724 CVE-2020-10723 CVE-2020-10722 Original Bulletin: http://www.debian.org/security/2020/dsa-4688 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running dpdk check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4688-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : dpdk CVE ID : CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 Multiple vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers. For the oldstable distribution (stretch), these problems have been fixed in version 16.11.11-1+deb9u2. For the stable distribution (buster), these problems have been fixed in version 18.11.6-1~deb10u2. We recommend that you upgrade your dpdk packages. For the detailed security status of dpdk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dpdk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7CzHsACgkQEMKTtsN8 TjYndBAAjiKFfUNxHjax/nCVHkY3OeiCHGkqOkH5kY6/nTpEIW6neMIc4tXh/cMV JEI/dC6kRIZoMETehV/pqdBCSFiYzkIjlVakYIabBZ/oZpZVIzZrLQxDoX5rL4zQ oyDaaWYJEz879enRUrUIF8m3QICtxlbcaviO9RNcXJnKpjt6QYGdDMzpBLySZyzl OhZEOwc/bXBQafAdhTYFar1HMtbdMqZfIEuIOry+KAPVx7UJbKEYm3z+sKgrr8RE Evyr39fTBNGxn/grERRwIcnsOSFKDiddqlEprUtWHwoPmk3xWCa5DbZ9RuMvvjdU Dk4acd+4tprN2qgZZPkoQN5AgLpUvkgZwiCl77BReyEk/5XynuSff4rLJ9frmxvU gU3tuKLEjhTCoEeElE8sUvi3ULZ4+yKfuVKtZToQyDt/JKlhSSTrqUPLR8h9rFMI qUzc5YL5Bf0pM2GZ6F8lfZCpXkAxXvl5orYp2AZeym8oqqt5dZdL3ZCw2/hdiMYB ptwNlgM8RTiAJJJfnIt9fEQ/rIdhTYVAPglBjJgeH7qWEyUy20WISckN5ZHaKoau sOaULquxQdVk2M5PvApIdeOdGzkp/QttC0yMNfbVBqk35jUrHf3ikyN9fXyxp4fs jpqA11lPUNHS+08aCoPcnvT6AdEiejVu43E0j7r7HAb1mYFiEpQ= =9YVf - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXsMTF+NLKJtyKPYoAQg2Hw/+OkeX35jUDEexLSEzRkfIBF6c2YX7TUxu ewgZ0t+XezP0Y2S1y7dRwb+sPMNfAkKi3VqVipFa3GlvPb3BdWtujk+57E+04qjk GQwANP1d0jy3MGC+aRnFb1T/ALYwG4GqdIJhz9I3tu8YIEJD+diZ6DYUnQ0Xua5p I8BEVKj0lHQchTgZZwK34bk8Z6/Bip3r56MF7YA9ANuo6OussFumASden2qy2uu2 REK4XXU/eRHanJ/2Etofvl5yS1pDL42NqU0OFYaglWmIxBbheKMZ9htBixtKRG54 4YjlW7K8O3OBj45UDZ0QmTEFsYlruvvyCzBvD9dZoxYKNyYOE4w+UR2povK+lauZ 4KjSyh2T9ZcK8kvuW0i7aNYNyT3pA8CHD23nGAbbLrEuM+o2nWK0AfsskL7EjaAA XaW4PMVxRJthO/R9iNtYNsBKGDTTFMfBQntZbsuwfWhjjtnBtd6G1MdTo0Y1J9R6 rUxzQwmG8ZtfVmWYfQh4prgDLueKq4sg8IO9pdLJsJzauAmQku6U0sISINPLslFU hxJFwzGfCq9DfCQQw/CKqSEljM148HKCZ5ha+jACK5lvKSQyXRapYkXspEcZdPNT biP1t6NGYsjSXSqEL94f8yZylfZ3raPyGu396jClLAgrLbDfqXRyA1wbR8YiU9hj l2VvAzNP2nQ= =hwmd -----END PGP SIGNATURE-----