From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 19A6CA04CC; Fri, 15 Nov 2019 19:19:28 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 877B02C19; Fri, 15 Nov 2019 19:19:26 +0100 (CET) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 7DFCF2C16; Fri, 15 Nov 2019 19:19:23 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Nov 2019 10:19:21 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,309,1569308400"; d="scan'208";a="405416478" Received: from pmezydlo-mobl1.ger.corp.intel.com (HELO [10.252.16.244]) ([10.252.16.244]) by fmsmga005.fm.intel.com with ESMTP; 15 Nov 2019 10:19:20 -0800 From: Ferruh Yigit To: dpdk-announce Cc: dpdk-dev , security@dpdk.org, security-prerelease@dpdk.org References: <69c30782-8079-1c92-624d-32c19110dc84@intel.com> Openpgp: preference=signencrypt Autocrypt: addr=ferruh.yigit@intel.com; prefer-encrypt=mutual; keydata= mQINBFXZCFABEADCujshBOAaqPZpwShdkzkyGpJ15lmxiSr3jVMqOtQS/sB3FYLT0/d3+bvy qbL9YnlbPyRvZfnP3pXiKwkRoR1RJwEo2BOf6hxdzTmLRtGtwWzI9MwrUPj6n/ldiD58VAGQ +iR1I/z9UBUN/ZMksElA2D7Jgg7vZ78iKwNnd+vLBD6I61kVrZ45Vjo3r+pPOByUBXOUlxp9 GWEKKIrJ4eogqkVNSixN16VYK7xR+5OUkBYUO+sE6etSxCr7BahMPKxH+XPlZZjKrxciaWQb +dElz3Ab4Opl+ZT/bK2huX+W+NJBEBVzjTkhjSTjcyRdxvS1gwWRuXqAml/sh+KQjPV1PPHF YK5LcqLkle+OKTCa82OvUb7cr+ALxATIZXQkgmn+zFT8UzSS3aiBBohg3BtbTIWy51jNlYdy ezUZ4UxKSsFuUTPt+JjHQBvF7WKbmNGS3fCid5Iag4tWOfZoqiCNzxApkVugltxoc6rG2TyX CmI2rP0mQ0GOsGXA3+3c1MCdQFzdIn/5tLBZyKy4F54UFo35eOX8/g7OaE+xrgY/4bZjpxC1 1pd66AAtKb3aNXpHvIfkVV6NYloo52H+FUE5ZDPNCGD0/btFGPWmWRmkPybzColTy7fmPaGz cBcEEqHK4T0aY4UJmE7Ylvg255Kz7s6wGZe6IR3N0cKNv++O7QARAQABtCVGZXJydWggWWln aXQgPGZlcnJ1aC55aWdpdEBpbnRlbC5jb20+iQJUBBMBCgA+AhsDAh4BAheABQsJCAcDBRUK CQgLBRYCAwEAFiEE0jZTh0IuwoTjmYHH+TPrQ98TYR8FAl1meboFCQlupOoACgkQ+TPrQ98T YR9ACBAAv2tomhyxY0Tp9Up7mNGLfEdBu/7joB/vIdqMRv63ojkwr9orQq5V16V/25+JEAD0 60cKodBDM6HdUvqLHatS8fooWRueSXHKYwJ3vxyB2tWDyZrLzLI1jxEvunGodoIzUOtum0Ce gPynnfQCelXBja0BwLXJMplM6TY1wXX22ap0ZViC0m714U5U4LQpzjabtFtjT8qOUR6L7hfy YQ72PBuktGb00UR/N5UrR6GqB0x4W41aZBHXfUQnvWIMmmCrRUJX36hOTYBzh+x86ULgg7H2 1499tA4o6rvE13FiGccplBNWCAIroAe/G11rdoN5NBgYVXu++38gTa/MBmIt6zRi6ch15oLA Ln2vHOdqhrgDuxjhMpG2bpNE36DG/V9WWyWdIRlz3NYPCDM/S3anbHlhjStXHOz1uHOnerXM 1jEjcsvmj1vSyYoQMyRcRJmBZLrekvgZeh7nJzbPHxtth8M7AoqiZ/o/BpYU+0xZ+J5/szWZ aYxxmIRu5ejFf+Wn9s5eXNHmyqxBidpCWvcbKYDBnkw2+Y9E5YTpL0mS0dCCOlrO7gca27ux ybtbj84aaW1g0CfIlUnOtHgMCmz6zPXThb+A8H8j3O6qmPoVqT3qnq3Uhy6GOoH8Fdu2Vchh TWiF5yo+pvUagQP6LpslffufSnu+RKAagkj7/RSuZV25Ag0EV9ZMvgEQAKc0Db17xNqtSwEv mfp4tkddwW9XA0tWWKtY4KUdd/jijYqc3fDD54ESYpV8QWj0xK4YM0dLxnDU2IYxjEshSB1T qAatVWz9WtBYvzalsyTqMKP3w34FciuL7orXP4AibPtrHuIXWQOBECcVZTTOdZYGAzaYzxiA ONzF9eTiwIqe9/oaOjTwTLnOarHt16QApTYQSnxDUQljeNvKYt1lZE/gAUUxNLWsYyTT+22/ vU0GDUahsJxs1+f1yEr+OGrFiEAmqrzpF0lCS3f/3HVTU6rS9cK3glVUeaTF4+1SK5ZNO35p iVQCwphmxa+dwTG/DvvHYCtgOZorTJ+OHfvCnSVjsM4kcXGjJPy3JZmUtyL9UxEbYlrffGPQ I3gLXIGD5AN5XdAXFCjjaID/KR1c9RHd7Oaw0Pdcq9UtMLgM1vdX8RlDuMGPrj5sQrRVbgYH fVU/TQCk1C9KhzOwg4Ap2T3tE1umY/DqrXQgsgH71PXFucVjOyHMYXXugLT8YQ0gcBPHy9mZ qw5mgOI5lCl6d4uCcUT0l/OEtPG/rA1lxz8ctdFBVOQOxCvwRG2QCgcJ/UTn5vlivul+cThi 6ERPvjqjblLncQtRg8izj2qgmwQkvfj+h7Ex88bI8iWtu5+I3K3LmNz/UxHBSWEmUnkg4fJl Rr7oItHsZ0ia6wWQ8lQnABEBAAGJAjwEGAEKACYCGwwWIQTSNlOHQi7ChOOZgcf5M+tD3xNh HwUCXWZ5wAUJB3FgggAKCRD5M+tD3xNhH2O+D/9OEz62YuJQLuIuOfL67eFTIB5/1+0j8Tsu o2psca1PUQ61SZJZOMl6VwNxpdvEaolVdrpnSxUF31kPEvR0Igy8HysQ11pj8AcgH0a9FrvU /8k2Roccd2ZIdpNLkirGFZR7LtRw41Kt1Jg+lafI0efkiHKMT/6D/P1EUp1RxOBNtWGV2hrd 0Yg9ds+VMphHHU69fDH02SwgpvXwG8Qm14Zi5WQ66R4CtTkHuYtA63sS17vMl8fDuTCtvfPF HzvdJLIhDYN3Mm1oMjKLlq4PUdYh68Fiwm+boJoBUFGuregJFlO3hM7uHBDhSEnXQr5mqpPM 6R/7Q5BjAxrwVBisH0yQGjsWlnysRWNfExAE2sRePSl0or9q19ddkRYltl6X4FDUXy2DTXa9 a+Fw4e1EvmcF3PjmTYs9IE3Vc64CRQXkhujcN4ZZh5lvOpU8WgyDxFq7bavFnSS6kx7Tk29/ wNJBp+cf9qsQxLbqhW5kfORuZGecus0TLcmpZEFKKjTJBK9gELRBB/zoN3j41hlEl7uTUXTI JQFLhpsFlEdKLujyvT/aCwP3XWT+B2uZDKrMAElF6ltpTxI53JYi22WO7NH7MR16Fhi4R6vh FHNBOkiAhUpoXRZXaCR6+X4qwA8CwHGqHRBfYFSU/Ulq1ZLR+S3hNj2mbnSx0lBs1eEqe2vh cA== Message-ID: <496085a3-7ffa-f33f-4863-e23d0ae93fbb@intel.com> Date: Fri, 15 Nov 2019 18:19:19 +0000 MIME-Version: 1.0 In-Reply-To: <69c30782-8079-1c92-624d-32c19110dc84@intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [dpdk-dev] [dpdk-security] DPDK security advisory: CVE-2019-14818 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 11/14/2019 11:25 AM, Ferruh Yigit wrote: > On 11/12/2019 3:15 PM, Ferruh Yigit wrote: >> A vulnerability was fixed in DPDK. >> >> Some downstream stakeholders were warned in advance in order to coordinate the >> release of fixes and reduce the vulnerability window. >> >> Problem: >> A malicious container which has direct access to the vhost-user socket can keep >> sending messages which may cause leaking resources until resulting a DOS. >> >> All users of the vhost library are strongly encouraged to upgrade as soon as >> possible. >> >> CVE-2019-14818 >> Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=363 >> Severity: Medium >> CVSS scores: 6.8 >> <...> >> > > A regression has been found on the above commits when VHOST_USER_VRING_NOFD_MASK > is set, there is a suggested fix [1], review and testing is going on. > We are planning to have an update tomorrow. > > Sorry for the inconvenience caused. > > [1] > https://patches.dpdk.org/patch/62956/ > Regression has been solved, please find new stable release links and updated commits. Commits: main repo https://git.dpdk.org/dpdk/commit/?id=612e17cf6d7b https://git.dpdk.org/dpdk/commit/?id=bf472259dde6 https://git.dpdk.org/dpdk/commit/?id=1407b0752eee 19.08.2 https://git.dpdk.org/dpdk-stable/commit/?h=19.08&id=fa674d08985f https://git.dpdk.org/dpdk-stable/commit/?h=19.08&id=6547dd563ea9 https://git.dpdk.org/dpdk-stable/commit/?h=19.08&id=7ce55a8e4f4d 18.11.5 (LTS) https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=70583a6b9b1c https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=f8898927bb16 https://git.dpdk.org/dpdk-stable/commit/?h=18.11&id=afc8c11865ef 17.11.9 (LTS) https://git.dpdk.org/dpdk-stable/commit/?h=17.11&id=3b1b44a1c82a https://git.dpdk.org/dpdk-stable/commit/?h=17.11&id=8a8dbd0ec19e https://git.dpdk.org/dpdk-stable/commit/?h=17.11&id=1f6147d9a01f https://git.dpdk.org/dpdk-stable/commit/?h=17.11&id=89ce028931ef 16.11.11 (LTS EOL) https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=5fbb5c2919b6 https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=3863340f93b8 https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=8790f4c3bcd2 https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=1bf11cfb7c7c https://git.dpdk.org/dpdk-stable/commit/?h=16.11&id=25b8ea4d8604 Stable Releases download links: DPDK 19.08.2 http://fast.dpdk.org/rel/dpdk-19.08.2.tar.xz DPDK 18.11.5 (LTS) http://fast.dpdk.org/rel/dpdk-18.11.5.tar.xz DPDK 17.11.9 (LTS) http://fast.dpdk.org/rel/dpdk-17.11.9.tar.xz DPDK 16.11.11 (LTS EOL) http://fast.dpdk.org/rel/dpdk-16.11.11.tar.xz -- DPDK Security Team http://core.dpdk.org/security/