products/SUSE_ALP_Standard
9
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Adding patchinfo patchinfo.20241016085333428745.269002615871826

Browse Source
This commit is contained in:
Adrian Schröter 2024-11-11 14:50:23 +01:00
parent 228d1b0298
commit d41e7c2bde
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
patchinfo.20241016085333428745.269002615871826/_patchinfo Normal file
View File

@ -0,0 +1,39 @@
<patchinfo>
<!-- generated from request(s) 333341 -->
<issue tracker="bnc" id="1224262">VUL-0: CVE-2024-26306: iperf: vulnerable to marvin attack if the authentication option is used</issue>
<issue tracker="cve" id="2024-26306"/>
<packager>dirkmueller</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for iperf</summary>
<description>This update for iperf fixes the following issues:
- update to 3.17.1 (bsc#1224262, CVE-2024-26306):
* BREAKING CHANGE: iperf3's authentication features, when used
with OpenSSL prior to 3.2.0, contain a vulnerability to a
side-channel timing attack. To address this flaw, a change
has been made to the padding applied to encrypted strings.
This change is not backwards compatible with older versions of
iperf3 (before 3.17). To restore
the older (vulnerable) behavior, and hence
backwards-compatibility, use the --use-pkcs1-padding flag. The
iperf3 team thanks Hubert Kario from RedHat for reporting this
issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695)
* iperf3 no longer changes its current working directory in --daemon
mode. This results in more predictable behavior with relative
paths, in particular finding key and credential files for
authentication. (PR#1672)
* A new --json-stream option has been added to enable a streaming
output format, consisting of a series of JSON objects (for the
start of the test, each measurement interval, and the end of the
test) separated by newlines (#444, #923, #1098).
* UDP tests now work correctly between different endian hosts
* The --fq-rate parameter now works for --reverse tests
* The statistics reporting interval is now available in the --json
start test object (#1663).
* A negative time test duration is now properly flagged as an error
(IS#1662 / PR#1666).
</description>
<package>iperf</package>
<seperate_build_arch/>
</patchinfo>