Headline
RHSA-2023:4570: Red Hat Security Advisory: iperf3 security update
An update for iperf3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap corruption. This flaw allows an attacker to use a malicious client to cause a denial of service of an iperf3 server or potentially use a malicious server to cause connecting clients to crash.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
发布:
2023-08-08
已更新:
2023-08-08
RHSA-2023:4570 - Security Advisory
- 概述
- 更新的软件包
概述
Important: iperf3 security update
类型/严重性
Security Advisory: Important
Red Hat Insights 补丁分析
标题
An update for iperf3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
Security Fix(es):
- iperf3: memory allocation hazard and crash (CVE-2023-38403)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
受影响的产品
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
修复
- BZ - 2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash
参考
- https://access.redhat.com/security/updates/classification/#important
Red Hat Enterprise Linux for x86_64 8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
x86_64
iperf3-3.5-7.el8_8.i686.rpm
SHA-256: 7bc645df19ab2b731a1650786204c856babc9c3d40c55f3e13508e68997098e6
iperf3-3.5-7.el8_8.x86_64.rpm
SHA-256: 2766c3ca5e325e47ec2cf15ff9c9e7fd1037f01d674a9ebafce6c400a609b1be
iperf3-debuginfo-3.5-7.el8_8.i686.rpm
SHA-256: 9455a294fb9ab8a1e25fd303455c7c4f4d682942d753fd1ae67c9bbc8813c5ca
iperf3-debuginfo-3.5-7.el8_8.x86_64.rpm
SHA-256: 239743483fefe352c3c5d0059ed8b7274718cb286e7b1e47dfaca181feb55ffa
iperf3-debugsource-3.5-7.el8_8.i686.rpm
SHA-256: 23bc53cd83344447894ec5ebdcbc5153c40744b65ee0e909aec97954df8e5d09
iperf3-debugsource-3.5-7.el8_8.x86_64.rpm
SHA-256: 2080ce268f7a81676943c7623b88bc51f4ea37dd82fc44550b3476a456ec4c40
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
x86_64
iperf3-3.5-7.el8_8.i686.rpm
SHA-256: 7bc645df19ab2b731a1650786204c856babc9c3d40c55f3e13508e68997098e6
iperf3-3.5-7.el8_8.x86_64.rpm
SHA-256: 2766c3ca5e325e47ec2cf15ff9c9e7fd1037f01d674a9ebafce6c400a609b1be
iperf3-debuginfo-3.5-7.el8_8.i686.rpm
SHA-256: 9455a294fb9ab8a1e25fd303455c7c4f4d682942d753fd1ae67c9bbc8813c5ca
iperf3-debuginfo-3.5-7.el8_8.x86_64.rpm
SHA-256: 239743483fefe352c3c5d0059ed8b7274718cb286e7b1e47dfaca181feb55ffa
iperf3-debugsource-3.5-7.el8_8.i686.rpm
SHA-256: 23bc53cd83344447894ec5ebdcbc5153c40744b65ee0e909aec97954df8e5d09
iperf3-debugsource-3.5-7.el8_8.x86_64.rpm
SHA-256: 2080ce268f7a81676943c7623b88bc51f4ea37dd82fc44550b3476a456ec4c40
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
s390x
iperf3-3.5-7.el8_8.s390x.rpm
SHA-256: f1dcc8e321d7241b95d021904f5cbf692dab2f682d427e203b438f5c79bb5628
iperf3-debuginfo-3.5-7.el8_8.s390x.rpm
SHA-256: 4a3110181622850000387b7fd8a788babe1b74b7c516069110bb2471f51aa9ab
iperf3-debugsource-3.5-7.el8_8.s390x.rpm
SHA-256: c4c4e1fbd9f4ad23fb640bdff068802079c289bc64f326752b251d9094c21d8c
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
s390x
iperf3-3.5-7.el8_8.s390x.rpm
SHA-256: f1dcc8e321d7241b95d021904f5cbf692dab2f682d427e203b438f5c79bb5628
iperf3-debuginfo-3.5-7.el8_8.s390x.rpm
SHA-256: 4a3110181622850000387b7fd8a788babe1b74b7c516069110bb2471f51aa9ab
iperf3-debugsource-3.5-7.el8_8.s390x.rpm
SHA-256: c4c4e1fbd9f4ad23fb640bdff068802079c289bc64f326752b251d9094c21d8c
Red Hat Enterprise Linux for Power, little endian 8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
ppc64le
iperf3-3.5-7.el8_8.ppc64le.rpm
SHA-256: 3027fadec04461967add15d361a2f5da62d6f33949f1290af13d974e9784a328
iperf3-debuginfo-3.5-7.el8_8.ppc64le.rpm
SHA-256: 53c9d3fec2c0d19bed983a21f78aa060139c3847adda1fce8937f68e74296670
iperf3-debugsource-3.5-7.el8_8.ppc64le.rpm
SHA-256: 0403a38263fadcdbc6a334b22e0254e360cf04501ae826754961282801207e85
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
ppc64le
iperf3-3.5-7.el8_8.ppc64le.rpm
SHA-256: 3027fadec04461967add15d361a2f5da62d6f33949f1290af13d974e9784a328
iperf3-debuginfo-3.5-7.el8_8.ppc64le.rpm
SHA-256: 53c9d3fec2c0d19bed983a21f78aa060139c3847adda1fce8937f68e74296670
iperf3-debugsource-3.5-7.el8_8.ppc64le.rpm
SHA-256: 0403a38263fadcdbc6a334b22e0254e360cf04501ae826754961282801207e85
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
x86_64
iperf3-3.5-7.el8_8.i686.rpm
SHA-256: 7bc645df19ab2b731a1650786204c856babc9c3d40c55f3e13508e68997098e6
iperf3-3.5-7.el8_8.x86_64.rpm
SHA-256: 2766c3ca5e325e47ec2cf15ff9c9e7fd1037f01d674a9ebafce6c400a609b1be
iperf3-debuginfo-3.5-7.el8_8.i686.rpm
SHA-256: 9455a294fb9ab8a1e25fd303455c7c4f4d682942d753fd1ae67c9bbc8813c5ca
iperf3-debuginfo-3.5-7.el8_8.x86_64.rpm
SHA-256: 239743483fefe352c3c5d0059ed8b7274718cb286e7b1e47dfaca181feb55ffa
iperf3-debugsource-3.5-7.el8_8.i686.rpm
SHA-256: 23bc53cd83344447894ec5ebdcbc5153c40744b65ee0e909aec97954df8e5d09
iperf3-debugsource-3.5-7.el8_8.x86_64.rpm
SHA-256: 2080ce268f7a81676943c7623b88bc51f4ea37dd82fc44550b3476a456ec4c40
Red Hat Enterprise Linux for ARM 64 8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
aarch64
iperf3-3.5-7.el8_8.aarch64.rpm
SHA-256: 0a135b9aafb9c9e6a051a6b5dfc48c83068f328d02d02bd07d761a7c97d17ac5
iperf3-debuginfo-3.5-7.el8_8.aarch64.rpm
SHA-256: 70ba754343cddda8127218036e85c57058034e23fa538295d0ec9154bc4da8ae
iperf3-debugsource-3.5-7.el8_8.aarch64.rpm
SHA-256: b23e8f852cb0bc1520c052cda5fd4fe8b5ac28f6c5430b9373d9016b3c01ea13
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
aarch64
iperf3-3.5-7.el8_8.aarch64.rpm
SHA-256: 0a135b9aafb9c9e6a051a6b5dfc48c83068f328d02d02bd07d761a7c97d17ac5
iperf3-debuginfo-3.5-7.el8_8.aarch64.rpm
SHA-256: 70ba754343cddda8127218036e85c57058034e23fa538295d0ec9154bc4da8ae
iperf3-debugsource-3.5-7.el8_8.aarch64.rpm
SHA-256: b23e8f852cb0bc1520c052cda5fd4fe8b5ac28f6c5430b9373d9016b3c01ea13
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
ppc64le
iperf3-3.5-7.el8_8.ppc64le.rpm
SHA-256: 3027fadec04461967add15d361a2f5da62d6f33949f1290af13d974e9784a328
iperf3-debuginfo-3.5-7.el8_8.ppc64le.rpm
SHA-256: 53c9d3fec2c0d19bed983a21f78aa060139c3847adda1fce8937f68e74296670
iperf3-debugsource-3.5-7.el8_8.ppc64le.rpm
SHA-256: 0403a38263fadcdbc6a334b22e0254e360cf04501ae826754961282801207e85
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
iperf3-3.5-7.el8_8.src.rpm
SHA-256: a288fb8d827b747740b80e6a3fe6308b9f9b1e0952ab686fdb3ae862a730ca97
x86_64
iperf3-3.5-7.el8_8.i686.rpm
SHA-256: 7bc645df19ab2b731a1650786204c856babc9c3d40c55f3e13508e68997098e6
iperf3-3.5-7.el8_8.x86_64.rpm
SHA-256: 2766c3ca5e325e47ec2cf15ff9c9e7fd1037f01d674a9ebafce6c400a609b1be
iperf3-debuginfo-3.5-7.el8_8.i686.rpm
SHA-256: 9455a294fb9ab8a1e25fd303455c7c4f4d682942d753fd1ae67c9bbc8813c5ca
iperf3-debuginfo-3.5-7.el8_8.x86_64.rpm
SHA-256: 239743483fefe352c3c5d0059ed8b7274718cb286e7b1e47dfaca181feb55ffa
iperf3-debugsource-3.5-7.el8_8.i686.rpm
SHA-256: 23bc53cd83344447894ec5ebdcbc5153c40744b65ee0e909aec97954df8e5d09
iperf3-debugsource-3.5-7.el8_8.x86_64.rpm
SHA-256: 2080ce268f7a81676943c7623b88bc51f4ea37dd82fc44550b3476a456ec4c40
Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
Related news
Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.
Ubuntu Security Notice 6431-1 - It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service. Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-4571-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
An update for iperf3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap...
Red Hat Security Advisory 2023-4431-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
Red Hat Security Advisory 2023-4432-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
An update for iperf3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted seque...
An update for iperf3 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving pr...
Red Hat Security Advisory 2023-4416-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
Red Hat Security Advisory 2023-4415-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
Red Hat Security Advisory 2023-4414-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
An update for iperf3 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the re...
Red Hat Security Advisory 2023-4326-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.