ALT Linux Team

Branch p9 update on 2025-08-23

2025-08-23

ALT-BU-2025-10810-1

Branch p9 update bulletin.

ALT-PU-2025-10534-2

Package iperf3 updated to version 3.19.1-alt1 for branch p9 in task 392698.

Closed vulnerabilities

Published: 2025-08-03
Modified: 2025-08-05

CVE-2025-54349

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.

Severity: CRITICAL (10.0) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2025-08-03
Modified: 2025-08-05

CVE-2025-54350

In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2025-08-03
Modified: 2025-08-05

CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).

Severity: CRITICAL (10.0) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top