Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
100
security advisorymoderatesecurity updateSUSE Linux Micro iperf Moderate Security Update CVE-2024-53580
An update that solves one vulnerability can now be installed.. # Security update for iperf Announcement ID: SUSE-SU-2026:20403-1 Release Date: 2025-04-22T13:46:21Z Rating: moderate References: * bsc#1234705 Cross-References: * CVE-2024-53580 CVSS scores: * CVE-2024-53580 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53580 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53580 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for iperf fixes the following issues: * CVE-2024-53580: Fixed segmentation violation via the iperf_exchange_parameters() function (bsc#1234705). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-78=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * iperf-3.17.1-slfo.1.1_2.1 * libiperf0-debuginfo-3.17.1-slfo.1.1_2.1 * iperf-debuginfo-3.17.1-slfo.1.1_2.1 * libiperf0-3.17.1-slfo.1.1_2.1 * iperf-debugsource-3.17.1-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-53580.html * https://bugzilla.suse.com/show_bug.cgi?id=1234705 . SUSE security update for iperf addresses CVE-2024-53580 with moderate severity. Install patch for optimal protection.. iperf security update, SUSE Linux Micro, CVE-2024-53580, iperf patch. . LinuxSecurity.com Team
Feb 17, 2026
SuSE
100
security advisorybuffer overflowSuSESUSE Linux Micro 6.1 Security Update for iperf Important Buffer Overflow
An update that solves three vulnerabilities can now be installed.. # Security update for iperf Announcement ID: SUSE-SU-2026:20413-1 Release Date: 2025-09-19T07:54:22Z Rating: important References: * bsc#1247519 * bsc#1247520 * bsc#1247522 Cross-References: * CVE-2025-54349 * CVE-2025-54350 * CVE-2025-54351 CVSS scores: * CVE-2025-54349 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-54350 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54350 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54350 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-54351 ( NVD ): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2025-54351 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for iperf fixes the following issues: * updated to 3.19.1: * CVE-2025-54349: Fixed off-by-one error heap based buffer overflow in iperf_auth.c (bsc#1247519) * CVE-2025-54350: Fixed Base64Decode assertion failure in iperf_auth.c (bsc#1247520) * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used in net.c (bsc#1247522) * updated to 3.19 * iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the `-m` or `--mptcp` flag. (PR #1661) * iperf3 now supports a `--cntl-ka` option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) * iperf3 now supports the `MSG_TRUNC` receive option, specified by the `--skip-rx-copy`. This theoretically improves the rated throughput of tests at highbitrates by not delivering network payload data to userspace. (#1678, PR #1717) * A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) * The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) * iperf3 now exits with a non-error 0 exit code if exiting via a `SIGTERM`, `SIGHUP`, or `SIGINT`. (#1009, PR# 1829) * The current behavior of iperf3 with respect to the `-n` and `-k` options is now documented as correct. (#1768, #1775, #596, PR #1800) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-269=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * libiperf0-3.19.1-slfo.1.1_1.1 * libiperf0-debuginfo-3.19.1-slfo.1.1_1.1 * iperf-debuginfo-3.19.1-slfo.1.1_1.1 * iperf-debugsource-3.19.1-slfo.1.1_1.1 * iperf-3.19.1-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54349.html * https://www.suse.com/security/cve/CVE-2025-54350.html * https://www.suse.com/security/cve/CVE-2025-54351.html * https://bugzilla.suse.com/show_bug.cgi?id=1247519 * https://bugzilla.suse.com/show_bug.cgi?id=1247520 * https://bugzilla.suse.com/show_bug.cgi?id=1247522 . SUSE's important update for iperf addresses critical issues like buffer overflow and Base64Decode assertion failure.. iperf security update, SUSE important patch, buffer overflow fix. . Severity: Important. LinuxSecurity.com Team
Feb 17, 2026
•Important
SuSE
100
security advisorymoderateupdateSUSE Linux Micro 6.0 iperf Moderate Timing Attack Vuln 2025-20286-1
An update that solves one vulnerability can now be installed.. # Security update for iperf Announcement ID: SUSE-SU-2026:20286-1 Release Date: 2025-02-03T09:04:33Z Rating: moderate References: * bsc#1224262 Cross-References: * CVE-2024-26306 CVSS scores: * CVE-2024-26306 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26306 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for iperf fixes the following issues: * update to 3.17.1 (bsc#1224262, CVE-2024-26306): * BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore the older (vulnerable) behavior, and hence backwards-compatibility, use the --use-pkcs1-padding flag. The iperf3 team thanks Hubert Kario from RedHat for reporting this issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695) * iperf3 no longer changes its current working directory in --daemon mode. This results in more predictable behavior with relative paths, in particular finding key and credential files for authentication. (PR#1672) * A new --json-stream option has been added to enable a streaming output format, consisting of a series of JSON objects (for the start of the test, each measurement interval, and the end of the test) separated by newlines (#444, #923, #1098). * UDP tests now work correctly between different endian hosts * The --fq-rate parameter now works for --reverse tests * The statistics reporting interval is now available in the --json start test object (#1663). * A negative time test durationis now properly flagged as an error (IS#1662 / PR#1666). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-92=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.17.1-1.1 * iperf-3.17.1-1.1 * libiperf0-3.17.1-1.1 * libiperf0-debuginfo-3.17.1-1.1 * iperf-debugsource-3.17.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-26306.html * https://bugzilla.suse.com/show_bug.cgi?id=1224262 . A moderate security update for iperf resolves a side-channel attack in SUSE Linux Micro 6.0. Update your system now.. iperf update,SUSE Linux security,timing attack resolution,moderate vulnerability fix. . LinuxSecurity.com Team
Feb 13, 2026
SuSE
100
security advisorymoderateSuSESUSE Linux Micro iperf Moderate Fix for Segmentation Fault 2024-53580
An update that solves one vulnerability can now be installed.. # Security update for iperf Announcement ID: SUSE-SU-2026:20295-1 Release Date: 2025-04-22T14:08:15Z Rating: moderate References: * bsc#1234705 Cross-References: * CVE-2024-53580 CVSS scores: * CVE-2024-53580 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53580 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53580 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for iperf fixes the following issues: Update to 3.18 (bsc#1234705, CVE-2024-53580): * SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a JSON type security vulnerability that caused a segmentation fault in the server. (CVE-2024-53580) This has now been fixed. (PR#1810) * UDP packets per second now reports the correct number of packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR errno if no data was sent (#1367/PR#1379). * Several segmentation faults related to threading were fixed. One where `pthread_cancel` was called on an improperly initialized thread (#1801), another where threads were being recycled (#1760/PR#1761), and another where threads were improperly handling signals (#1750/PR#1752). * A segmentation fault from calling `freeaddrinfo` with `NULL` was fixed (PR#1755). * Some JSON options were fixed, including checking the size for `json_read` (PR#1709), but the size limit was removed for received server output (PR#1779). * A rcv-timeout error has been fixed. The Nread timeout was hardcoded and timed out before the `--rcv-timeout` option * There is no longer a limit on the omit time period * Fixed an output crash under 32-bit big-endian systems * An issue was fixed where CPU utilization was unexpectedly highduring limited baud rate tests. The `--pacing-timer` option was removed, but it is still available in the library * Add SCTP information to `--json` output and fixed compile error when SCTP is not supported (#1731). * `--fq-rate` was changed from a uint to a uint64 to allow pacing above 32G. Not yet tested on big-endian systems * Build with OpenSSL for key based authentication support ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-296=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 ppc64le s390x x86_64) * libiperf0-debuginfo-3.18-1.1 * iperf-debugsource-3.18-1.1 * libiperf0-3.18-1.1 * iperf-debuginfo-3.18-1.1 * iperf-3.18-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-53580.html * https://bugzilla.suse.com/show_bug.cgi?id=1234705 . Mitigate the JSON security flaw in iperf with this crucial SUSE update. Ensure system reliability and performance improvements.. iperf update,SUSE patch,security flaw resolution,network performance fix,SUSE Linux Micro. . LinuxSecurity.com Team
Feb 13, 2026
SuSE
100
security advisorybuffer overflowimportantSUSE Linux Micro iperf Security Alert SUSE-SU-2026-20315-3
An update that solves three vulnerabilities can now be installed.. # Security update for iperf Announcement ID: SUSE-SU-2026:20311-1 Release Date: 2025-09-05T12:57:05Z Rating: important References: * bsc#1247519 * bsc#1247520 * bsc#1247522 Cross-References: * CVE-2025-54349 * CVE-2025-54350 * CVE-2025-54351 CVSS scores: * CVE-2025-54349 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-54350 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54350 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54350 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-54351 ( NVD ): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2025-54351 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for iperf fixes the following issues: Update to 3.19.1: * CVE-2025-54349: Fixed off-by-one error and resultant heap-based buffer overflow (bsc#1247519). * CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt (bsc#1247520). * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv) (bsc#1247522). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-448=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 ppc64le s390x x86_64) *libiperf0-debuginfo-3.19.1-1.1 * iperf-3.19.1-1.1 * libiperf0-3.19.1-1.1 * iperf-debuginfo-3.19.1-1.1 * iperf-debugsource-3.19.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54349.html * https://www.suse.com/security/cve/CVE-2025-54350.html * https://www.suse.com/security/cve/CVE-2025-54351.html * https://bugzilla.suse.com/show_bug.cgi?id=1247519 * https://bugzilla.suse.com/show_bug.cgi?id=1247520 * https://bugzilla.suse.com/show_bug.cgi?id=1247522 . Update for iperf fixes several important issues including buffer overflows and application exit flaws. Essential for security.. iperf update,SUSE security,linux patch,buffer overflow fix,application exit flaw. . Severity: Important. LinuxSecurity.com Team
Feb 13, 2026
•Important
SuSE
203
security advisorybuffer overflowimportantMageia 9 iperf Important Buffer Overflow Auth Failure Vuln 2026-0021
MGASA-2026-0021 - Updated iperf packages fix security vulnerabilities. MGASA-2026-0021 - Updated iperf packages fix security vulnerabilities Publication date: 27 Jan 2026 URL: https://advisories.mageia.org/MGASA-2026-0021.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-54349, CVE-2025-54350 Description: In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. (CVE-2025-54349) In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. (CVE-2025-54350) References: - https://bugs.mageia.org/show_bug.cgi?id=35047 - https://ubuntu.com/security/notices/USN-7970-1 - https://www.cve.org/CVERecord?id=CVE-2025-54349 - https://www.cve.org/CVERecord?id=CVE-2025-54350 SRPMS: - 9/core/iperf-3.18-1.1.mga9 . Updated iperf packages in Mageia fix critical security issues including buffer overflows and authentication errors.. iperf security update,mageia vulnerability patch,buffer overflow fix,authentication error patch. . Severity: Important. LinuxSecurity.com Team
Jan 27, 2026
•Important
Mageia
100
security advisorybuffer overflowSuSESUSE: iperf Important Network Security Update 2025:20795-1 (CVE-2025-54349)
* bsc#1247519 * bsc#1247520 * bsc#1247522 Cross-References: . # Security update for iperf Announcement ID: SUSE-SU-2025:20795-1 Release Date: 2025-09-19T07:54:22Z Rating: important References: * bsc#1247519 * bsc#1247520 * bsc#1247522 Cross-References: * CVE-2025-54349 * CVE-2025-54350 * CVE-2025-54351 CVSS scores: * CVE-2025-54349 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-54350 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54350 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54350 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-54351 ( NVD ): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2025-54351 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro Extras 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for iperf fixes the following issues: * updated to 3.19.1: * CVE-2025-54349: Fixed off-by-one error heap based buffer overflow in iperf_auth.c (bsc#1247519) * CVE-2025-54350: Fixed Base64Decode assertion failure in iperf_auth.c (bsc#1247520) * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used in net.c (bsc#1247522) * updated to 3.19 * iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the `-m` or `--mptcp` flag. (PR #1661) * iperf3 now supports a `--cntl-ka` option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) * iperf3 now supports the `MSG_TRUNC` receive option, specified by the `--skip-rx-copy`. This theoretically improves the rated throughput of tests at high bitrates by not delivering networkpayload data to userspace. (#1678, PR #1717) * A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) * The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) * iperf3 now exits with a non-error 0 exit code if exiting via a `SIGTERM`, `SIGHUP`, or `SIGINT`. (#1009, PR# 1829) * The current behavior of iperf3 with respect to the `-n` and `-k` options is now documented as correct. (#1768, #1775, #596, PR #1800) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-269=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.19.1-slfo.1.1_1.1 * libiperf0-3.19.1-slfo.1.1_1.1 * iperf-3.19.1-slfo.1.1_1.1 * iperf-debugsource-3.19.1-slfo.1.1_1.1 * libiperf0-debuginfo-3.19.1-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54349.html * https://www.suse.com/security/cve/CVE-2025-54350.html * https://www.suse.com/security/cve/CVE-2025-54351.html * https://bugzilla.suse.com/show_bug.cgi?id=1247519 * https://bugzilla.suse.com/show_bug.cgi?id=1247520 * https://bugzilla.suse.com/show_bug.cgi?id=1247522 . Important security update for iperf resolves multiple vulnerabilities, enhancing system protection and network efficiency.. iperf update, SUSE security advisory, network performance fixes, system vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Sep 26, 2025
•Important
SuSE
100
security advisorybuffer overflowSuSESUSE: iperf Important Buffer Overflow Fix Advisory SUSE-SU-2025:20658-1
* bsc#1247519 * bsc#1247520 * bsc#1247522 Cross-References: . # Security update for iperf Announcement ID: SUSE-SU-2025:20658-1 Release Date: 2025-09-05T12:57:05Z Rating: important References: * bsc#1247519 * bsc#1247520 * bsc#1247522 Cross-References: * CVE-2025-54349 * CVE-2025-54350 * CVE-2025-54351 CVSS scores: * CVE-2025-54349 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-54349 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-54350 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54350 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54350 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-54351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-54351 ( NVD ): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2025-54351 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro Extras 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for iperf fixes the following issues: Update to 3.19.1: * CVE-2025-54349: Fixed off-by-one error and resultant heap-based buffer overflow (bsc#1247519). * CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt (bsc#1247520). * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv) (bsc#1247522). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-448=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * iperf-debuginfo-3.19.1-1.1 *libiperf0-3.19.1-1.1 * iperf-debugsource-3.19.1-1.1 * iperf-3.19.1-1.1 * libiperf0-debuginfo-3.19.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54349.html * https://www.suse.com/security/cve/CVE-2025-54350.html * https://www.suse.com/security/cve/CVE-2025-54351.html * https://bugzilla.suse.com/show_bug.cgi?id=1247519 * https://bugzilla.suse.com/show_bug.cgi?id=1247520 * https://bugzilla.suse.com/show_bug.cgi?id=1247522 . SUSE releases a vital security patch for nmap, tackling several threats, featuring significant buffer overflow risks.. SUSE Linux iperf patch buffer overflow security fix. . Severity: Important. LinuxSecurity.com Team
Sep 10, 2025
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!