Updated iperf packages fix security vulnerability
Publication date: 05 Jul 2016Modification date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4303
Description
A malicious process can connect to an iperf server and, by sending a
malformed message on the control channel, corrupt the server process's
heap area. This can lead to a crash (and a denial of service), or
theoretically a remote code execution as the user running the iperf
server. A malicious iperf server could potentially mount a similar
attack on an iperf client (CVE-2016-4303).
References
- https://bugs.mageia.org/show_bug.cgi?id=18743
- https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4DE6NEEUEC3XI62GE2MB2EK5BUCZ6MCP/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4303
SRPMS
5/core
- iperf-3.0.12-1.mga5