Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

dpdk: CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726

Related Vulnerabilities: CVE-2020-10722   CVE-2020-10723   CVE-2020-10724   CVE-2020-10725   CVE-2020-10726  

Source

Debian Bug report logs - #960936
dpdk: CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726

version graph

Package: src:dpdk; Maintainer for src:dpdk is Debian DPDK Maintainers <pkg-dpdk-devel@lists.alioth.debian.org>;

Reported by: Luca Boccassi <bluca@debian.org>

Date: Mon, 18 May 2020 14:54:02 UTC

Severity: important

Tags: security

Found in version dpdk/16.11-1

Fixed in versions dpdk/16.11.11-1+deb9u2, dpdk/18.11.6-1~deb10u2, dpdk/19.11.2-1

Done: Luca Boccassi <bluca@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian DPDK Maintainers <pkg-dpdk-devel@lists.alioth.debian.org>:
Bug#960936; Package src:dpdk. (Mon, 18 May 2020 14:54:04 GMT) (full text, mbox, link).

Acknowledgement sent to Luca Boccassi <bluca@debian.org>:
New Bug report received and forwarded. Copy sent to Debian DPDK Maintainers <pkg-dpdk-devel@lists.alioth.debian.org>. (Mon, 18 May 2020 14:54:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luca Boccassi <bluca@debian.org>
To: submit@bugs.debian.org
Subject: dpdk: CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726
Date: Mon, 18 May 2020 15:50:30 +0100
[Message part 1 (text/plain, inline)]
Source: dpdk
Version: 16.11-1
Severity: important
Tags: security

DPDK is affected by the following security issues in the vhost driver:

CVE-2020-10722
CVE-2020-10723
CVE-2020-10724
CVE-2020-10725
CVE-2020-10726

A malicious guess/container can cause resource leak resulting a
Denial-of-Service, or memory corruption and crash, or information leak
in vhost-user backend application.

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Reply sent to Luca Boccassi <bluca@debian.org>:
You have taken responsibility. (Mon, 18 May 2020 16:21:06 GMT) (full text, mbox, link).

Notification sent to Luca Boccassi <bluca@debian.org>:
Bug acknowledged by developer. (Mon, 18 May 2020 16:21:06 GMT) (full text, mbox, link).

Message #10 received at 960936-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 960936-close@bugs.debian.org
Subject: Bug#960936: fixed in dpdk 19.11.2-1
Date: Mon, 18 May 2020 16:18:56 +0000
Source: dpdk
Source-Version: 19.11.2-1
Done: Luca Boccassi <bluca@debian.org>

We believe that the bug you reported is fixed in the latest version of
dpdk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 960936@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luca Boccassi <bluca@debian.org> (supplier of updated dpdk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 May 2020 15:07:31 +0100
Source: dpdk
Architecture: source
Version: 19.11.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian DPDK Maintainers <pkg-dpdk-devel@lists.alioth.debian.org>
Changed-By: Luca Boccassi <bluca@debian.org>
Closes: 960936
Changes:
 dpdk (19.11.2-1) unstable; urgency=medium
 .
   [ Christian Ehrhardt ]
   * d/p/fix-autopkgtest-py3.patch: fix autotest runner for python3
   * d/t/*: use skippable test restriction and exit codes to skip tests
   * d/t/test-autotest: the python tool needs RTE_TARGET set in arg #3
   * d/p/fix-autopkgtest-py3.patch: update upstreaming info
   * d/p/autotest-fix-pexpect-in-python3.patch: fix autotest
   * d/t/test-autotest: adapt limits to autopkgtest environment
   * d/t/test-autotest: update blacklist
 .
   [ Luca Boccassi ]
   * New upstream version 19.11.2
     - A malicious guess/container can cause resource leak resulting a
       Denial-of-Service, or memory corruption and crash, or information leak
       in vhost-user backend application.
       (CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725,
       CVE-2020-10726) (Closes: #960936)
Checksums-Sha1:
 c57aa39227c9e03c26c672742924baaa903a969d 17261 dpdk_19.11.2-1.dsc
 29e715804c5af6afc44ffeb128716628823c89d2 12398636 dpdk_19.11.2.orig.tar.xz
 6c8949f4ab8c38e6b37fe07e4c7dbba57652f5e8 56840 dpdk_19.11.2-1.debian.tar.xz
 170ddd89af21dcc4972fa57ccc7c4be12329ef1c 16995 dpdk_19.11.2-1_source.buildinfo
Checksums-Sha256:
 fd368996022efc636ff9566c8f9b0dfbae5964b616e58834ea943cb943c496bb 17261 dpdk_19.11.2-1.dsc
 6978c493eb3cc14aaa943b659e74531d7e66e213f36b82b66ccb1c9de4e444bb 12398636 dpdk_19.11.2.orig.tar.xz
 93f0caf692ffbf7969666f955eb7d7e270a6ae87dc2053213f6d60a44d5da95a 56840 dpdk_19.11.2-1.debian.tar.xz
 8ca0288439c6109e2a0da49ed4829336e2f3f9a647f76ef4eb9034de39811afe 16995 dpdk_19.11.2-1_source.buildinfo
Files:
 4cfc67900cfb0eae062a77cb2ee696d3 17261 libs optional dpdk_19.11.2-1.dsc
 cd59c6577073b0a7bdf038f2658df1f2 12398636 libs optional dpdk_19.11.2.orig.tar.xz
 8ac235dad5403b60ccf98848a1464295 56840 libs optional dpdk_19.11.2-1.debian.tar.xz
 ac8fac430d1f1bcc722731dd6d1f3e01 16995 libs optional dpdk_19.11.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFFBAEBCgAvFiEE6g0RLAGYhL9yp9G8SylmgFB4UWIFAl7CrycRHGJsdWNhQGRl
Ymlhbi5vcmcACgkQSylmgFB4UWIHIAf+Px6kQ6k0dQ0j9Yw6iWmXP0sf6lWy9MuH
/9SHqLmTSwtAmjEGFfUuKwrd0lyurQt38Envlrh6c2Mj9Lci8m49Fq2TAkwTjGkr
nSQyIa/eeUzciZZp2MmcOc0ler+DcFHdElkHAtindCt0vRZsXvhXnyt1DO0b2fYW
0uKF2bxRbsvA+ks86Alx/eKdtpi6G2ZrpLRQCXVUTjL1xFeGnx3I/iVEwKhUDxgM
FvDKVpHgLiHXQdNCtoHD132jPOFrqG5nAzhRtCBTzXymx0lkOgjkMAwX3cD59pZf
okQ8Z3QCnNLQJDDl6z3j3CMg8B0vuJVyHtbUcqs1gZwPEfdWPEN53w==
=FzN0
-----END PGP SIGNATURE-----

Marked as fixed in versions dpdk/18.11.6-1~deb10u2. Request was from Luca Boccassi <bluca@debian.org> to control@bugs.debian.org. (Mon, 18 May 2020 19:03:02 GMT) (full text, mbox, link).

Marked as fixed in versions dpdk/16.11.11-1+deb9u2. Request was from Luca Boccassi <bluca@debian.org> to control@bugs.debian.org. (Mon, 18 May 2020 19:03:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue May 19 10:19:37 2020; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started