SUSE Linux Micro 6.0 iperf Moderate Timing Attack Vuln 2025-20286-1
suse
February 13, 2026
An update that solves one vulnerability can now be installed.
Summary
## This update for iperf fixes the following issues: * update to 3.17.1 (bsc#1224262, CVE-2024-26306): * BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore the older (vulnerable) behavior, and hence backwards-compatibility, use the --use-pkcs1-padding flag. The iperf3 team thanks Hubert Kario from RedHat for reporting this issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695) * iperf3 no longer changes its current working directory in --daemon mode.
Topics Covered
References
* bsc#1224262
Cross-
* CVE-2024-26306
CVSS scores:
* CVE-2024-26306 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26306 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* SUSE Linux Micro 6.0
* SUSE Linux Micro Extras 6.0
An update that solves one vulnerability can now be installed.
##
* https://www.suse.com/security/cve/CVE-2024-26306.html
* https://bugzilla.suse.com/show_bug.cgi?id=1224262
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2026:20286-1
Release Date: 2025-02-03T09:04:33Z
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!