[SECURITY] [DLA 4281-1] iperf3 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4281-1] iperf3 security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 24 Aug 2025 23:57:48 +0300
Message-id: <[🔎] aKt8zKKePLDsg5Hg@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4281-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
August 24, 2025                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : iperf3
Version        : 3.9-1+deb11u3
CVE ID         : CVE-2025-54349 CVE-2025-54350
Debian Bug     : 1110376

Two vulnerabilities have been fixed in the IP bandwidth measuring tool iperf3.

CVE-2025-54349

    heap buffer overflow

CVE-2025-54350

    reachable assert

For Debian 11 bullseye, these problems have been fixed in version
3.9-1+deb11u3.

We recommend that you upgrade your iperf3 packages.

For the detailed security status of iperf3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/iperf3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmirfMwACgkQiNJCh6LY
mLG+Rw//WiTPwyd45MpSl1m/DRB5iSfJtfEjQzAXaUieI9xNGKRtYZHEn+WiBEx7
fsDIrtXN+QbyaqODPJMjiZFhXYpQ6Sv+RNUGqPn3AXZq+G6eiKP4D/nzT5pWq0aY
eKED7AuE+Jkjwj1qJs3zL6wSnGHUX+wSClak5rD2psmtR4Swz/2GQBLz8ZFQx5iy
D36MkoMpxKldeuBAhK/ys55ZYsxXODRcPJJZeCCTe5Fn0WUEuUQXGsP7w/g1UfVn
fZWSIqUr7Gmnclv0GXoBaiAXoM7bu3x1FySULhNo7K9OSnzYhPzR42GrvzuRSPHj
1+qSQ/nUDAMNfE2vB3Gj0w9/shcqfMtme0r7Xuyv7409mKAo3kUX3uE1tFEEHNDR
jaoCJlEFHh5uomS5OTenF+l9rt5rCBd4H6B8YBRA0hY4Uv4DicbtLykokq8D42+S
uoxHhVvyPPOBtsYVZRzg0EfT+xQJ4LFQgcKVGaKsIt/OYY8XpPjNvkm8F+XmSeRS
zWitLJok9ylksxiShWPHS4o3z+zsbhNRd2YiVFd7Ky5lkdqNU7nmxEnZC24h7lrN
h6Z8nWzqQdpuygY+/z+Wrv4ZpxUXu3eyCgulsEqnYVn5vLZfysrVGvPgs3KPtBua
LzjmXc32NY3feKSH2JEDh3geDIJITf1cC78db0YsvQVT7FZnWr4=
=xoMg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4280-1] unbound security update
Next by Date: [SECURITY] [DLA 4282-1] firebird3.0 security update
Previous by thread: [SECURITY] [DLA 4280-1] unbound security update
Next by thread: [SECURITY] [DLA 4282-1] firebird3.0 security update
Index(es):
- Date
- Thread