Hi all,
Here is a new stable release:
https://fast.dpdk.org/rel/dpdk-20.02.1.tar.xz
The git tree is at:
https://dpdk.org/browse/dpdk-stable/?h=20.02
This release fixes the following security issues:
CVE-2020-10722
CVE-2020-10723
CVE-2020-10724
CVE-2020-10725
CVE-2020-10726
A malicious guess/container can cause resource leak resulting a
Denial-of-Service, or memory corruption and crash, or information leak
in vhost-user backend application.
Thanks to the issue reporters, to the developers for fixing them, and
to RedHat and Intel for validating the fixes.
Luca Boccassi
---
VERSION | 2 +-
doc/guides/rel_notes/release_20_02.rst | 63
++++++++++++++++++++++++++++++++++
lib/librte_vhost/vhost_crypto.c | 17 +++++++++
lib/librte_vhost/vhost_user.c | 30 ++++++++++++----
lib/librte_vhost/virtio_net.c | 4 +++
5 files changed, 108 insertions(+), 8 deletions(-)
Luca Boccassi (1):
version: 20.02.1
Marvin Liu (1):
vhost: fix translated address not checked
Maxime Coquelin (3):
vhost: check log mmap offset and size overflow
vhost: fix vring index check
vhost/crypto: validate keys lengths
Xiaolong Ye (1):
vhost: fix potential memory space leak
Xuan Ding (1):
vhost: fix potential fd leak
