Ubuntu Security Notice 6431-2 - USN-6431-1 fixed a vulnerability in iperf3. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service.
5dbdbf5f36a60de7a69c9dd0e63e2fdf0f2c8598e786ae36cc41d796dbb11502
==========================================================================
Ubuntu Security Notice USN-6431-2
October 16, 2023
iperf3 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
iperf3 could be made to crash if it received specially crafted network
traffic.
Software Description:
- iperf3: Internet Protocol bandwidth measuring tool
Details:
USN-6431-1 fixed a vulnerability in iperf3. This update provides
the corresponding update for Ubuntu 22.04 LTS and Ubuntu 23.04.
Original advisory details:
It was discovered that iperf3 did not properly manage certain inputs,
which could lead to a crash. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2023-38403)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
iperf3 3.12-1+deb12u1build0.23.04.1
libiperf0 3.12-1+deb12u1build0.23.04.1
Ubuntu 22.04 LTS:
iperf3 3.9-1+deb11u1build0.22.04.1
libiperf0 3.9-1+deb11u1build0.22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6431-2
https://ubuntu.com/security/notices/USN-6431-1
CVE-2023-38403
Package Information:
https://launchpad.net/ubuntu/+source/iperf3/3.12-1+deb12u1build0.23.04.1
https://launchpad.net/ubuntu/+source/iperf3/3.9-1+deb11u1build0.22.04.1