Security update for iperf SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1981-1 Final 1 1 2024-06-11T10:12:23Z current 2024-06-11T10:12:23Z 2024-06-11T10:12:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for iperf This update for iperf fixes the following issues: - Update to version 3.17.1 - CVE-2024-26306: Fixed a vulnerability that could led to marvin attack if the authentication option is used. (bsc#1224262) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1981,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1981,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1981,SUSE-Storage-7.1-2024-1981,openSUSE-SLE-15.5-2024-1981,openSUSE-SLE-15.6-2024-1981 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241981-1/ Link for SUSE-SU-2024:1981-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035556.html E-Mail link for SUSE-SU-2024:1981-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1224262 SUSE Bug 1224262 https://www.suse.com/security/cve/CVE-2024-26306/ SUSE CVE CVE-2024-26306 page SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 iperf-3.17.1-150000.3.9.1 iperf-devel-3.17.1-150000.3.9.1 libiperf0-3.17.1-150000.3.9.1 iperf-3.17.1-150000.3.9.1 as a component of SUSE Enterprise Storage 7.1 libiperf0-3.17.1-150000.3.9.1 as a component of SUSE Enterprise Storage 7.1 iperf-3.17.1-150000.3.9.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 iperf-devel-3.17.1-150000.3.9.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 libiperf0-3.17.1-150000.3.9.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 iperf-3.17.1-150000.3.9.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 iperf-devel-3.17.1-150000.3.9.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libiperf0-3.17.1-150000.3.9.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 iperf-3.17.1-150000.3.9.1 as a component of openSUSE Leap 15.5 iperf-devel-3.17.1-150000.3.9.1 as a component of openSUSE Leap 15.5 libiperf0-3.17.1-150000.3.9.1 as a component of openSUSE Leap 15.5 iperf-3.17.1-150000.3.9.1 as a component of openSUSE Leap 15.6 iperf-devel-3.17.1-150000.3.9.1 as a component of openSUSE Leap 15.6 libiperf0-3.17.1-150000.3.9.1 as a component of openSUSE Leap 15.6 iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. CVE-2024-26306 SUSE Enterprise Storage 7.1:iperf-3.17.1-150000.3.9.1 SUSE Enterprise Storage 7.1:libiperf0-3.17.1-150000.3.9.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:iperf-3.17.1-150000.3.9.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:iperf-devel-3.17.1-150000.3.9.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:libiperf0-3.17.1-150000.3.9.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:iperf-3.17.1-150000.3.9.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:iperf-devel-3.17.1-150000.3.9.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libiperf0-3.17.1-150000.3.9.1 openSUSE Leap 15.5:iperf-3.17.1-150000.3.9.1 openSUSE Leap 15.5:iperf-devel-3.17.1-150000.3.9.1 openSUSE Leap 15.5:libiperf0-3.17.1-150000.3.9.1 openSUSE Leap 15.6:iperf-3.17.1-150000.3.9.1 openSUSE Leap 15.6:iperf-devel-3.17.1-150000.3.9.1 openSUSE Leap 15.6:libiperf0-3.17.1-150000.3.9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241981-1/ https://www.suse.com/security/cve/CVE-2024-26306.html CVE-2024-26306 https://bugzilla.suse.com/1224262 SUSE Bug 1224262