[ubuntu/jammy-security] iperf3 3.9-1+deb11u1ubuntu0.1 (Accepted)
Shishir Subedi
shishirsub10 at gmail.com
Wed Jan 21 06:53:52 UTC 2026
iperf3 (3.9-1+deb11u1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: missing timeout while reading input from network
- debian/patches/CVE-2023-7250.patch: implements a timeout mechanism in
Nread function located in src/net.c
- CVE-2023-7250
* SECURITY UPDATE: Information disclosure using time side channel
- debian/patches/CVE-2024-26306.patch: use OAEP padding instead of
PKCS1 padding for OpenSSL
- CVE-2024-26306
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-53580.patch: add a variant of
cJSON_GetObjectItem that does type-checking avoiding crash with
malformed input
- CVE-2024-53580
* SECURITY UPDATE: Heap based buffer overflow
- debian/patches/CVE-2025-54349.patch: fix off-by-one heap overflow
in src/iperf_auth.c by allocating additional byte for null terminator
- CVE-2025-54349
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2025-54350.patch: remove assertion that could
cause crashes on malformed authentication attempts
- CVE-2025-54350
Date: 2026-01-20 11:58:11.660715+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
https://launchpad.net/ubuntu/+source/iperf3/3.9-1+deb11u1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list