Ubuntu Security Notice 6431-1 - It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service. Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service.
a31d342fecf960062d884af7d74330e3eec2a7c017d274b1641c30dddae4e1a7
==========================================================================
Ubuntu Security Notice USN-6431-1
October 16, 2023
iperf3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in iperf3.
Software Description:
- iperf3: Internet Protocol bandwidth measuring tool
Details:
It was discovered that iperf3 did not properly manage certain inputs,
which could lead to a crash. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2023-38403)
Jorge Sancho Larraz discovered that iperf3 did not properly manage certain
inputs, which could cause the server process to stop responding, waiting
for input on the control connection. A remote attacker could possibly use
this issue to cause a denial of service. (LP: #2038654)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS (Available with Ubuntu Pro):
iperf3 3.7-3ubuntu0.1~esm1
libiperf0 3.7-3ubuntu0.1~esm1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
iperf3 3.1.3-1ubuntu0.1~esm1
libiperf0 3.1.3-1ubuntu0.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
iperf3 3.0.11-1ubuntu0.1~esm2
libiperf0 3.0.11-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6431-1
CVE-2023-38403, https://launchpad.net/bugs/2038654