Sicherheit: Zwei Probleme in DPDK

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============9178783535320032857==
Content-Language: en-CA
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------yVSzBoT0qIsQr9P5Hku6GgKP"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------yVSzBoT0qIsQr9P5Hku6GgKP
Content-Type: multipart/mixed;
boundary="------------6LDwNDXGLBaVC9dr4ASyW9aI";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <d51823ed-39e0-679e-8fb6-56753c83902e@canonical.com>
Subject: [USN-5401-1] DPDK vulnerabilities

--------------6LDwNDXGLBaVC9dr4ASyW9aI
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-5401-1
May 04, 2022

dpdk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in DPDK.

Software Description:
- dpdk: set of libraries for fast packet processing

Details:

Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An
attacker could use this issue to cause DPDK to crash, resulting in a denial
of service, or possibly execute arbitrary code. (CVE-2021-3839)

It was discovered that DPDK incorrectly handled inflight type messages. An
attacker could possibly use this issue to cause DPDK to consume resources,
leading to a denial of service. (CVE-2022-0669)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
dpdk 21.11.1-0ubuntu0.3

Ubuntu 21.10:
dpdk 20.11.5-0ubuntu1

Ubuntu 20.04 LTS:
dpdk 19.11.12-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5401-1
CVE-2021-3839, CVE-2022-0669

Package Information:
https://launchpad.net/ubuntu/+source/dpdk/21.11.1-0ubuntu0.3
https://launchpad.net/ubuntu/+source/dpdk/20.11.5-0ubuntu1
https://launchpad.net/ubuntu/+source/dpdk/19.11.12-0ubuntu0.20.04.1

--------------6LDwNDXGLBaVC9dr4ASyW9aI--

--------------yVSzBoT0qIsQr9P5Hku6GgKP
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmJys7wACgkQZWnYVadE
vpMSqg//XXwb0ov36hyBxrNsHfX1AcNsAEsoUw4G2DtamWCI3M1IXsa3BzonyHkc
mK14F2wlIZBkKTFl4zHFTl9lWKS+Bg+Ooh7J3wemd9NRYAqN59FRIwgKdGCCJZq2
OJy3468YsGO6/KjI9uqdK2RIy3MAMEceTe8U9Ml6i6fvwYT1lk/v6Yk6Xgh4p1ua
BntH+6WBTQdAKrAU2FFgkOKKi900RdW0lteC9fmrcWgYUC2qYhriKUC+Cn6Wu3nL
BvFR5iZmfr/eLA4W9/eiD5L5AZNSjAqqcgC8zESiKVieJRQD91SH0mce5woPNsSB
3GiphuNFNxMWDyEObW7zgu34ozzbzE4+PWmi8c/hF+9w6cM8BILTLtklYvAtlXm0
1aK7sB/YLfaJGX2O2DDYSbOCZ6zeyuuY0aCXaheueRnrdZTNyYkO9I0tUbVfQ2lU
2KVEmS7IhsIE/j4xl+NScKKlDh2OxtViGbNWSzX0heGAskwZenFrKY3iiooWbQ/d
xP8oDHtMCs2VbUva7zpOn4ISRNoU5jX4HmTbMBIBjwEVU4o+tjUtpteLR9T4vMe6
0DTYGmqMvDAIC/yZlGcPT5oSyh9Cvh0B+i5YqSDoI/PSSSp8qSHpX84BPPt39kOQ
pN7BxjRMdlsUj4z3yPiNVd51M1MUDdAhBs9OA1FdqiMq8XiVSwc=
=KnKi
-----END PGP SIGNATURE-----

--------------yVSzBoT0qIsQr9P5Hku6GgKP--

--===============9178783535320032857==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============9178783535320032857==--