Debian has issued an advisory on July 17: https://www.debian.org/security/2023/dsa-5455 The issue is fixed upstream in 3.14. Mageia 8 is also affected.
This pkg is officially with Sander, but I am unsure that he is with us these days. So assigning globally, CC'ing him.
Assignee: bugsquad => pkg-bugsStatus comment: (none) => fixed upstream in 3.14CC: (none) => mageia
This is: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38403
Summary: iperf new security issue fixed upstream in 3.14 => iperf new security issue fixed upstream in 3.14 (CVE-2023-38403)Status comment: fixed upstream in 3.14 => Fixed upstream in 3.14Whiteboard: (none) => MGA8TOO
Package updated for cauldron, Mageia 9, and Mageia 8 Advisory: ======================== Patched iperf package fixes security vulnerability: It was discovered that iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field (CVE-2023-38403). References: https://www.debian.org/security/2023/dsa-5455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38403 ======================== Updated packages in core/updates_testing: ======================== iperf-3.14-1.mga8 lib64iperf0-3.14-1.mga8 lib64iperf-devel-3.14-1.mga8 from iperf-3.14-1.mga8.src.rpm (for mga9) iperf-3.14-1.mga9 lib64iperf0-3.14-1.mga9 lib64iperf-devel-3.14-1.mga9 from iperf-3.14-1.mga9.src.rpm test procedure https://bugs.mageia.org/show_bug.cgi?id=18743#c3
Keywords: (none) => has_procedureCC: (none) => mhrambo3501Version: Cauldron => 9Assignee: pkg-bugs => qa-bugs
m8 client/host within my lan with the server running iperf3 -s # iperf3 -c 192.168.10.2 Connecting to host 192.168.10.2, port 5201 [ 5] local 192.168.10.101 port 33576 connected to 192.168.10.2 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 95.2 MBytes 799 Mbits/sec 0 1.16 MBytes [ 5] 1.00-2.00 sec 106 MBytes 891 Mbits/sec 0 2.09 MBytes [ 5] 2.00-3.00 sec 102 MBytes 860 Mbits/sec 0 2.65 MBytes [ 5] 3.00-4.00 sec 95.0 MBytes 797 Mbits/sec 0 2.65 MBytes [ 5] 4.00-5.00 sec 104 MBytes 870 Mbits/sec 0 2.65 MBytes [ 5] 5.00-6.00 sec 96.2 MBytes 808 Mbits/sec 0 2.65 MBytes [ 5] 6.00-7.00 sec 105 MBytes 881 Mbits/sec 0 2.65 MBytes [ 5] 7.00-8.00 sec 101 MBytes 848 Mbits/sec 0 2.65 MBytes [ 5] 8.00-9.00 sec 98.8 MBytes 829 Mbits/sec 0 2.65 MBytes [ 5] 9.00-10.00 sec 100 MBytes 840 Mbits/sec 0 2.80 MBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 1004 MBytes 842 Mbits/sec 0 sender [ 5] 0.00-10.00 sec 1002 MBytes 840 Mbits/sec receiver iperf Done. Will test m9 later today
Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OKCC: (none) => davidwhodgins
M9-64bit - i set up both client and server iperf3 ----------------------------------------------------------- Server listening on 5201 (test #1) ----------------------------------------------------------- Accepted connection from 192.168.10.147, port 45788 [ 5] local 192.168.10.103 port 5201 connected to 192.168.10.147 port 49362 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 1.00-2.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 2.00-3.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 3.00-4.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 4.00-5.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 5.00-6.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 6.00-7.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 7.00-8.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 8.00-9.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 9.00-10.00 sec 11.2 MBytes 11.2 MBytes/sec [ 5] 10.00-10.00 sec 31.1 KBytes 10.2 MBytes/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 112 MBytes 11.2 MBytes/sec receiver working from my perspective on m9.
CC: (none) => brtians1Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
Validating. Advisory in comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Sorry, I had missed that this one had been validated. Advisory uploaded now
Keywords: (none) => advisoryCC: (none) => marja11
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0271.html
Status: NEW => RESOLVEDResolution: (none) => FIXED