Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE Linux Micro Extras 6.0: 2025:20288-1 moderate: iperf timing issue

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
A fresh patch for SUSE Linux Micro Extras 6.0 addresses vulnerabilities from iperf timing attacks, including detailed installation instructions and changes made
* bsc#1224262 Cross-References: * CVE-2024-26306

Summary

## This update for iperf fixes the following issues: * update to 3.17.1 (bsc#1224262, CVE-2024-26306): * BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore the older (vulnerable) behavior, and hence backwards-compatibility, use the --use-pkcs1-padding flag. The iperf3 team thanks Hubert Kario from RedHat for reporting this issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695) * iperf3 no longer changes its current working directory in --daemon mode.

References

* bsc#1224262

Cross-

* CVE-2024-26306

CVSS scores:

* CVE-2024-26306 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-26306 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* SUSE Linux Micro Extras 6.0

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2024-26306.html

* https://bugzilla.suse.com/show_bug.cgi?id=1224262

Announcement ID: SUSE-SU-2025:20288-1
Release Date: 2025-02-03T09:04:33Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here