Debian alert DLA-2080-1 (iperf3)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2080-1] iperf3 security update | |
| Date: | Mon, 27 Jan 2020 22:51:10 +0100 (CET) | |
| Message-ID: | <alpine.DEB.2.20.2001272247250.32066@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : iperf3 Version : 3.0.7-1+deb8u1 CVE ID : CVE-2016-4303 Debian Bug : 827116 An issue has been found in iperf3, an Internet Protocol bandwidth measuring tool. Bad handling of UTF8/16 strings in an embedded library could cause a denial of service (crash) or execution of arbitrary code by putting special characters in a JSON string, which triggers a heap-based buffer overflow. For Debian 8 "Jessie", this problem has been fixed in version 3.0.7-1+deb8u1. We recommend that you upgrade your iperf3 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4vW05fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEfrxBAArL+Pmh6qDjExqu3BT3J0OvhWEf465ISP4GJPBi7+CYlWzIT2Nr1BWXUP ZwyUIQGR5KkWhNQeWDq3XbVL3Pdn62XJTc/KpETYamyq+JTp8Pds50JXIZfhXSeL h1HFxaRAeuo9Hzjwsyh5OYeUjcFVY95T/cIM9F0u6id4QWfn7I/ZGpDqcdZ1OhaJ LtiN6vYWG1glBExGPR26kAdA0DAnkDgtmAgXJOamv7P1q7GUJQcbTdSuJLAWEoMM l8WwQfdani2lHNQbiHIJHUtggGpzsE5QE0AQa0129thh8bdjeLSJPZDN8bfGtOZX zWJmbWCMD8LCfaGwNWWVCGsE7OdW9HI7ljlpbu5C7lkaUpbvNb/eX0Qma0Wfd3jk p0IB+xTcNOGxIGSUz5y7Jrh71dFOAjuvksJK2gUleVXjI/1H6DvH5GQQ3Sc+Yoak NAi9W7NpD4gLgbVUaQYU93wm7gIOv0WfkW3snwJbAaC6K8PSlU7SKaJ85eg5x8oi 2A7EBcClP08zkUH0GQ+6YY5rvJsFBG1XU8j1gWeTmg2HrnQY4CdV++f0EsHwY1Wb OdqAW9ZNh8wBMyWBphDs0bPETLZwaWY/D/e20ltvnv8Xf+ZZenh+V1TzOizy6LHk 7VgUROyg4hNUBZXN8GmBJ8DZLsywUw3595mFKrMr8CYy+/SGuZo= =FXAV -----END PGP SIGNATURE-----