Advisories ยป MGASA-2016-0235

Updated iperf packages fix security vulnerability

Publication date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4303

Description

A malicious process can connect to an iperf server and, by sending a
malformed message on the control channel, corrupt the server process's
heap area.  This can lead to a crash (and a denial of service), or
theoretically a remote code execution as the user running the iperf
server.  A malicious iperf server could potentially mount a similar
attack on an iperf client (CVE-2016-4303).
                

References

SRPMS

5/core