Monday, October 16, 2023

[USN-6431-2] iperf3 vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEKQtTo2MNG44yJq/lXjZQcrWpV2YFAmUtSZ0FAwAAAAAACgkQXjZQcrWpV2Zo
nQ/+LqA5m899V+nfaGsiHIEO56S2IAn3TU391jF/WvXbdyV9FjHbOXdzLtWiIykOuuOXTpc6vuIN
5iWbSPUnuZk54daOehqCWM8aMsY1H87fm6cLMvh8U0JGA/IzxJcULP9t3vwM78ZkTp+Y8ASdECxE
qmPQp14363wapltMgjpWsXiPC9Y7V6LUtZhXJl0O6OFBRqUIP5sk+EwiTxPDpz5bcPPR3NZNoeqh
olAmXs0f1kvJzAvVjqE0PeI48zaOU2Q5HaUk7XqewjnwAT5T6mlQPRlOEqHLQ+uRGgRkMQxYNEwE
8Wlwb0bn2XQViIcmmlmbM1sWKTxMhFnhN3T7nEO6/rYwW18Hnqo24wWzI6IL9BiDWIWB99QzS7HS
5HKeJYU2ocRQT7aXvKtm9Xez8fHAOVR/2THm9+JbBUzo2kWpDRuh5hxDCCPFfNEuHrevqi0S1BTO
N8y9XNmL5AmCrgj278ks2YbNood3BcODkKUxcVtnewoMe4qU/LWpQ/p435xk6DdA1amHGutOnzNS
JcJozL+SYgbyL5HsNjAOl4b1VN+ICEt3cOeiB/ZSlD5dRKtBaFDg7vawCLyTA0LSUMP/kvlgx11p
8cY3H27txvjxyHjaneZnj7yedrzxqhhTxE3G1V1B22cuO2jJYFuC8dnCe6Mp9toYjA9mBPqSWE24
m9g=
=7rNt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6431-2
October 16, 2023

iperf3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS

Summary:

iperf3 could be made to crash if it received specially crafted network
traffic.

Software Description:
- iperf3: Internet Protocol bandwidth measuring tool

Details:

USN-6431-1 fixed a vulnerability in iperf3. This update provides
the corresponding update for Ubuntu 22.04 LTS and Ubuntu 23.04.

Original advisory details:

 It was discovered that iperf3 did not properly manage certain inputs,
 which could lead to a crash. A remote attacker could possibly use this
 issue to cause a denial of service. (CVE-2023-38403)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  iperf3                          3.12-1+deb12u1build0.23.04.1
  libiperf0                       3.12-1+deb12u1build0.23.04.1

Ubuntu 22.04 LTS:
  iperf3                          3.9-1+deb11u1build0.22.04.1
  libiperf0                       3.9-1+deb11u1build0.22.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6431-2
  https://ubuntu.com/security/notices/USN-6431-1
  CVE-2023-38403

Package Information:
https://launchpad.net/ubuntu/+source/iperf3/3.12-1+deb12u1build0.23.04.1
https://launchpad.net/ubuntu/+source/iperf3/3.9-1+deb11u1build0.22.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)