Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2025:20289-1 moderate: iperf segmentation fault fix

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
SUSE has released a patch to tackle a JSON vulnerability found in iperf, which impacts Linux Micro Extras version 6.0.
* bsc#1234705 Cross-References: * CVE-2024-53580

Summary

## This update for iperf fixes the following issues: Update to 3.18 (bsc#1234705, CVE-2024-53580): * SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a JSON type security vulnerability that caused a segmentation fault in the server. (CVE-2024-53580) This has now been fixed. (PR#1810) * UDP packets per second now reports the correct number of packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR errno if no data was sent (#1367/PR#1379). * Several segmentation faults related to threading were fixed. One where `pthread_cancel` was called on an improperly initialized thread (#1801), another where threads were being recycled (#1760/PR#1761), and another where threads were improperly handling signals (#1750/PR#1752). * A segmentation fault from calling `freeaddrinfo` with `NULL` was fixed

References

* bsc#1234705

Cross-

* CVE-2024-53580

CVSS scores:

* CVE-2024-53580 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-53580 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-53580 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Micro Extras 6.0

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2024-53580.html

* https://bugzilla.suse.com/show_bug.cgi?id=1234705

Announcement ID: SUSE-SU-2025:20289-1
Release Date: 2025-04-22T14:08:15Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here