Security update for iperf

Announcement ID:	SUSE-SU-2025:02749-1
Release Date:	2025-08-11T07:06:51Z
Rating:	important
References:	bsc#1247519 bsc#1247520 bsc#1247522
Cross-References:	CVE-2025-54349 CVE-2025-54350 CVE-2025-54351
CVSS scores:	CVE-2025-54349 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2025-54349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2025-54349 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2025-54350 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2025-54350 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-54350 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-54351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-54351 ( NVD ): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L CVE-2025-54351 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:	openSUSE Leap 15.6 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Package Hub 15 15-SP6 SUSE Package Hub 15 15-SP7

An update that solves three vulnerabilities can now be installed.

Description:

This update for iperf fixes the following issues:

• update to 3.19.1:
• CVE-2025-54351: Fixed buffer overflow in net.c (bsc#1247522)
• CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt (bsc#1247520)

• CVE-2025-54349: Fixed off-by-one error and resultant heap-based buffer overflow (bsc#1247519)

• update to 3.19:

• iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the -m or --mptcp flag. (PR #1661)
• iperf3 now supports a --cntl-ka option to enable TCP keepalives on the control connection. (#812, #835, PR #1423)
• iperf3 now supports the MSG_TRUNC receive option, specified by the --skip-rx-copy. This theoretically improves the rated throughput of tests at high bitrates by not delivering network payload data to userspace. (#1678, PR #1717)
• A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848)
• The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812)
• iperf3 now exits with a non-error 0 exit code if exiting via a SIGTERM, SIGHUP, or SIGINT. (#1009, PR# 1829)
• The current behavior of iperf3 with respect to the -n and -k options is now documented as correct. (#1768, #1775, #596, PR #1800)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Package Hub 15 15-SP7
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2749=1
• SUSE Enterprise Storage 7.1
  zypper in -t patch SUSE-Storage-7.1-2025-2749=1
• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2025-2749=1
• SUSE Package Hub 15 15-SP6
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2749=1

Package List:

• SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
  • iperf-3.19.1-150000.3.15.1
  • libiperf0-debuginfo-3.19.1-150000.3.15.1
  • iperf-devel-3.19.1-150000.3.15.1
  • iperf-debuginfo-3.19.1-150000.3.15.1
  • libiperf0-3.19.1-150000.3.15.1
  • iperf-debugsource-3.19.1-150000.3.15.1
• SUSE Enterprise Storage 7.1 (aarch64 x86_64)
  • iperf-3.19.1-150000.3.15.1
  • libiperf0-debuginfo-3.19.1-150000.3.15.1
  • iperf-debuginfo-3.19.1-150000.3.15.1
  • libiperf0-3.19.1-150000.3.15.1
  • iperf-debugsource-3.19.1-150000.3.15.1
• openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
  • iperf-3.19.1-150000.3.15.1
  • libiperf0-debuginfo-3.19.1-150000.3.15.1
  • iperf-devel-3.19.1-150000.3.15.1
  • iperf-debuginfo-3.19.1-150000.3.15.1
  • libiperf0-3.19.1-150000.3.15.1
  • iperf-debugsource-3.19.1-150000.3.15.1
• SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
  • iperf-3.19.1-150000.3.15.1
  • libiperf0-debuginfo-3.19.1-150000.3.15.1
  • iperf-devel-3.19.1-150000.3.15.1
  • iperf-debuginfo-3.19.1-150000.3.15.1
  • libiperf0-3.19.1-150000.3.15.1
  • iperf-debugsource-3.19.1-150000.3.15.1

References:

• https://www.suse.com/security/cve/CVE-2025-54349.html
• https://www.suse.com/security/cve/CVE-2025-54350.html
• https://www.suse.com/security/cve/CVE-2025-54351.html
• https://bugzilla.suse.com/show_bug.cgi?id=1247519
• https://bugzilla.suse.com/show_bug.cgi?id=1247520
• https://bugzilla.suse.com/show_bug.cgi?id=1247522