CVE-2025-54349 fixed by: https://github.com/esnet/iperf/commit/42280d2292ed5f213bfcb33b2206ebcdb151ae66 (3.19.1)

CVE-2025-54350 fixed by: https://github.com/esnet/iperf/commit/de932ea16bc959f839d28d370f0602de52c5def1 (3.19.1)

Status comment: (none) => Fixed upstream in 3.19.1 and patches available from upstream and Ubuntu
Source RPM: (none) => iperf-3.18-2.mga10.src.rpm, iperf-3.18-1.mga9.src.rpm
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2025-54349, CVE-2025-54350
Flags: (none) => affects_mga9+

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. (CVE-2025-54349)

In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. (CVE-2025-54350)

References:
https://ubuntu.com/security/notices/USN-7970-1
========================

Updated packages in core/updates_testing:
========================
iperf-3.18-1.1.mga9
lib(64)iperf0-3.18-1.1.mga9
lib(64)iperf-devel-3.18-1.1.mga9

from SRPM:
iperf-3.18-1.1.mga9.src.rpm

Status: NEW => ASSIGNED
Flags: affects_mga9+ => (none)
Source RPM: iperf-3.18-2.mga10.src.rpm, iperf-3.18-1.mga9.src.rpm => iperf-3.18-1.mga9.src.rpm
Status comment: Fixed upstream in 3.19.1 and patches available from upstream and Ubuntu => (none)
Version: Cauldron => 9
Assignee: bugsquad => qa-bugs
Whiteboard: MGA9TOO => (none)

Installed and tested without issues.

Tested on a Gigabit Ethernet network.
Had to open a hole in the firewall.
Results are as expected. All OK.



System A: Mageia 9, x86_64, AMD Ryzen 5 5600G with Radeon Graphics.
System B: Mageia 9, x86_64, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz.



=======================================================
==== System A
=======================================================

$ uname -a
Linux jupiter 6.6.120-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Jan 14 01:59:53 UTC 2026 x86_64 GNU/Linux
$ rpm -qa | grep iperf
iperf-3.18-1.1.mga9
lib64iperf0-3.18-1.1.mga9
$ iperf3 -s
-----------------------------------------------------------
Server listening on 5201 (test #1)
-----------------------------------------------------------
Accepted connection from 192.168.1.2, port 38732
[  5] local 192.168.1.3 port 5201 connected to 192.168.1.2 port 38734
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   110 MBytes   925 Mbits/sec                  
[  5]   1.00-2.00   sec   110 MBytes   927 Mbits/sec                  
[  5]   2.00-3.00   sec   110 MBytes   927 Mbits/sec                  
[  5]   3.00-4.00   sec   110 MBytes   927 Mbits/sec                  
[  5]   4.00-5.00   sec   110 MBytes   927 Mbits/sec                  
[  5]   5.00-6.00   sec   111 MBytes   928 Mbits/sec                  
[  5]   6.00-7.00   sec   110 MBytes   926 Mbits/sec                  
[  5]   7.00-8.00   sec   110 MBytes   925 Mbits/sec                  
[  5]   8.00-9.00   sec   110 MBytes   927 Mbits/sec                  
[  5]   9.00-10.00  sec   111 MBytes   928 Mbits/sec                  
[  5]  10.00-10.01  sec   384 KBytes   764 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.01  sec  1.08 GBytes   927 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201 (test #2)
-----------------------------------------------------------



=======================================================
==== System B
=======================================================

$ uname -a
Linux marte 6.6.120-server-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Jan 14 03:15:42 UTC 2026 x86_64 GNU/Linux
$ rpm -qa | grep iperf
lib64iperf0-3.18-1.1.mga9
iperf-3.18-1.1.mga9
$ iperf3 -c jupiter
Connecting to host jupiter, port 5201
[  5] local 192.168.1.2 port 38734 connected to 192.168.1.3 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   112 MBytes   942 Mbits/sec    0    392 KBytes       
[  5]   1.00-2.00   sec   111 MBytes   928 Mbits/sec    0    392 KBytes       
[  5]   2.00-3.00   sec   110 MBytes   924 Mbits/sec    0    392 KBytes       
[  5]   3.00-4.00   sec   110 MBytes   926 Mbits/sec    0    392 KBytes       
[  5]   4.00-5.00   sec   111 MBytes   931 Mbits/sec    0    392 KBytes       
[  5]   5.00-6.00   sec   110 MBytes   926 Mbits/sec    0    392 KBytes       
[  5]   6.00-7.00   sec   110 MBytes   924 Mbits/sec    0    392 KBytes       
[  5]   7.00-8.00   sec   111 MBytes   931 Mbits/sec    0    392 KBytes       
[  5]   8.00-9.00   sec   110 MBytes   924 Mbits/sec    0    392 KBytes       
[  5]   9.00-10.00  sec   111 MBytes   931 Mbits/sec    0    392 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.08 GBytes   929 Mbits/sec    0            sender
[  5]   0.00-10.01  sec  1.08 GBytes   927 Mbits/sec                  receiver

iperf Done.

CC: (none) => mageia

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
Opening port 5201 on both sides firewall.
Repeated steps above on server side (current version installed.
$ iperf3 -s
-----------------------------------------------------------
Server listening on 5201 (test #1)
etc....
Running client on updated laptop:
$ iperf3 -c mach1
Connecting to host xxxx, port 5201
[  5] local 192.168.2.3 port 41992 connected to 192.168.2.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  7.38 MBytes  61.8 Mbits/sec    0    315 KBytes       
[  5]   1.00-2.00   sec  6.12 MBytes  51.4 Mbits/sec    0    315 KBytes       
[  5]   2.00-3.00   sec  6.88 MBytes  57.7 Mbits/sec    0    331 KBytes       
[  5]   3.00-4.00   sec  6.25 MBytes  52.4 Mbits/sec    0    331 KBytes       
[  5]   4.00-5.00   sec  6.25 MBytes  52.4 Mbits/sec    0    331 KBytes       
[  5]   5.00-6.00   sec  6.88 MBytes  57.7 Mbits/sec    0    331 KBytes       
[  5]   6.00-7.00   sec  6.25 MBytes  52.4 Mbits/sec    0    331 KBytes       
[  5]   7.00-8.00   sec  6.12 MBytes  51.4 Mbits/sec    0    331 KBytes       
[  5]   8.00-9.00   sec  6.88 MBytes  57.7 Mbits/sec    0    331 KBytes       
[  5]   9.00-10.00  sec  6.38 MBytes  53.4 Mbits/sec    0    331 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  65.4 MBytes  54.8 Mbits/sec    0            sender
[  5]   0.00-10.01  sec  63.8 MBytes  53.4 Mbits/sec                  receiver

iperf Done.

In view of same test in Comment 3 above, good to go.

Flags: (none) => test_passed_mga9_64+
CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0021.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED