Описание
Security update for iperf
This update for iperf fixes the following issues:
- Update to version 3.17.1
- CVE-2024-26306: Fixed a vulnerability that could led to marvin attack if the authentication option is used. (bsc#1224262)
Список пакетов
SUSE Enterprise Storage 7.1
iperf-3.17.1-150000.3.9.1
libiperf0-3.17.1-150000.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
iperf-3.17.1-150000.3.9.1
iperf-devel-3.17.1-150000.3.9.1
libiperf0-3.17.1-150000.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
iperf-3.17.1-150000.3.9.1
iperf-devel-3.17.1-150000.3.9.1
libiperf0-3.17.1-150000.3.9.1
openSUSE Leap 15.5
iperf-3.17.1-150000.3.9.1
iperf-devel-3.17.1-150000.3.9.1
libiperf0-3.17.1-150000.3.9.1
openSUSE Leap 15.6
iperf-3.17.1-150000.3.9.1
iperf-devel-3.17.1-150000.3.9.1
libiperf0-3.17.1-150000.3.9.1
Ссылки
- Link for SUSE-SU-2024:1981-1
- E-Mail link for SUSE-SU-2024:1981-1
- SUSE Security Ratings
- SUSE Bug 1224262
- SUSE CVE CVE-2024-26306 page
Описание
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
Затронутые продукты
SUSE Enterprise Storage 7.1:iperf-3.17.1-150000.3.9.1
SUSE Enterprise Storage 7.1:libiperf0-3.17.1-150000.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:iperf-3.17.1-150000.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:iperf-devel-3.17.1-150000.3.9.1
Ссылки
- CVE-2024-26306
- SUSE Bug 1224262