Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted iperf3 3.9-1+deb11u2 (source) into oldstable-security
Date: Tue, 28 Jan 2025 13:10:22 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Jan 2025 13:52:47 CET
Source: iperf3
Architecture: source
Version: 3.9-1+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Roberto Lumbreras <rover@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 9b8c42cacd248344255555cf328892ead089711b 2009 iperf3_3.9-1+deb11u2.dsc
 e48bf82999e8bf5205d92b016ad50829454f0a9c 15172 iperf3_3.9-1+deb11u2.debian.tar.xz
 c9be31848b5fa8130f534e8084935e1ff3823176 7427 iperf3_3.9-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
 2fffa848f6711cf9ecdc6475167485c06e2502aad8214585b7942b552219bd63 2009 iperf3_3.9-1+deb11u2.dsc
 da55e18f4d0f02bd57205cc435fbed146e550a5ae65877c8f5d11127ae474c1a 15172 iperf3_3.9-1+deb11u2.debian.tar.xz
 0665a9a00408c0907a51fa97e270abe6cca9f9e0cc98adcbe4b98e95b8e865e3 7427 iperf3_3.9-1+deb11u2_amd64.buildinfo
Changes:
 iperf3 (3.9-1+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2023-7250:
     A flaw was found in iperf, a utility for testing network performance using
     TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than
     the expected amount of data to the iperf server, which can cause the server
     to hang indefinitely waiting for the remainder or until the connection gets
     closed. This will prevent other connections to the server, leading to a
     denial of service.
   * Fix CVE-2024-26306:
     iPerf3, when used with OpenSSL before 3.2.0 as a server with RSA
     authentication, allows a timing side channel in RSA decryption operations.
     This side channel could be sufficient for an attacker to recover credential
     plaintext. It requires the attacker to send a large number of messages for
     decryption, as described in "Everlasting ROBOT: the Marvin Attack" by
     Hubert Kario.
   * Fix CVE-2024-53580:
     iperf3 was discovered to contain a segmentation violation via the
     iperf_exchange_parameters() function.
Files:
 fa3ef77ef02d67696925fbdebdaa2f55 2009 net optional iperf3_3.9-1+deb11u2.dsc
 05898420e6ae79ea93b6467d6f35fc92 15172 net optional iperf3_3.9-1+deb11u2.debian.tar.xz
 4ee918e151c42156b51c1a7d53e1ba0e 7427 net optional iperf3_3.9-1+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmeY0zNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkFlsQAM1iMOh9BTF17gizlNqbDLTAtOiOQkJ3y2E5
wvKtP/3p0oU2CJcADJH6ZZ+nYstLYLH/kexIRyFf8tMLt3SxN3u4C+17TOdWfT2a
Y5ffmuGjSFMWKLGdZXslFzR6iimlovvDhUv1pubsco9K7LEtQtQgC5cEhkm+HfVF
uTSA5dyYfg9ffB3aVP75h6eEaykr39lIaw/o8x/u+X85yjVfK17T11PL5O4L8p13
NNEVrbUvNJdRV8r0YQK2HYdlfZHMjWoUnjYeEEkrKn5ySe7kOepW3/LmARoliqM/
h6SNWjVwLALdIBUueknHLP8As5VvGU8hmRq9aGj6AM3gO+o42WTqtSbN6nYEYiQa
V7Jt9VsRI6N+BhqoT6X0Ods/NDTqBeR49eOzEpRtzemBUmRLtEedplHs1nXWlYTv
D98ACqtkUIFI9IN5f/jYdkgEH9pz3IFQBPH5fhVZiOtlw6VNYa39JFiTf8xupuFV
cXXmcKyxFg9BUJKC52R7KkoB6C9gcG4AKkfKkdYdQWAaylBc3MbxVPuAvcq9wRBG
EipwhNxOke8CnNMs8fCkPu2vphsOHtE8pPL3jXEa+SdmeyL5RtN3U+9++MMIJO6n
BwGwsqq4NM25nSbmkN0uXK6PwqL9gQp7bbuu22yz5D6UH1TmZAu6s6lcO2qpAqze
gXwtHCAk
=pwvi
-----END PGP SIGNATURE-----
News for package iperf3
