[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2080-1] iperf3 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : iperf3
Version        : 3.0.7-1+deb8u1
CVE ID         : CVE-2016-4303
Debian Bug     : 827116


An issue has been found in iperf3, an Internet Protocol bandwidth measuring tool. Bad handling of UTF8/16 strings in an embedded library could cause a denial of service (crash) or execution of arbitrary code by putting special characters in a JSON string, which triggers a heap-based buffer overflow.


For Debian 8 "Jessie", this problem has been fixed in version
3.0.7-1+deb8u1.

We recommend that you upgrade your iperf3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4vW05fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfrxBAArL+Pmh6qDjExqu3BT3J0OvhWEf465ISP4GJPBi7+CYlWzIT2Nr1BWXUP
ZwyUIQGR5KkWhNQeWDq3XbVL3Pdn62XJTc/KpETYamyq+JTp8Pds50JXIZfhXSeL
h1HFxaRAeuo9Hzjwsyh5OYeUjcFVY95T/cIM9F0u6id4QWfn7I/ZGpDqcdZ1OhaJ
LtiN6vYWG1glBExGPR26kAdA0DAnkDgtmAgXJOamv7P1q7GUJQcbTdSuJLAWEoMM
l8WwQfdani2lHNQbiHIJHUtggGpzsE5QE0AQa0129thh8bdjeLSJPZDN8bfGtOZX
zWJmbWCMD8LCfaGwNWWVCGsE7OdW9HI7ljlpbu5C7lkaUpbvNb/eX0Qma0Wfd3jk
p0IB+xTcNOGxIGSUz5y7Jrh71dFOAjuvksJK2gUleVXjI/1H6DvH5GQQ3Sc+Yoak
NAi9W7NpD4gLgbVUaQYU93wm7gIOv0WfkW3snwJbAaC6K8PSlU7SKaJ85eg5x8oi
2A7EBcClP08zkUH0GQ+6YY5rvJsFBG1XU8j1gWeTmg2HrnQY4CdV++f0EsHwY1Wb
OdqAW9ZNh8wBMyWBphDs0bPETLZwaWY/D/e20ltvnv8Xf+ZZenh+V1TzOizy6LHk
7VgUROyg4hNUBZXN8GmBJ8DZLsywUw3595mFKrMr8CYy+/SGuZo=
=FXAV
-----END PGP SIGNATURE-----


Reply to: