SUSE has announced an important security update for the iperf packages across various versions of openSUSE Leap and SUSE Linux Enterprise. The update, designated as SUSE-SU-2025:02749-1, was released on August 11, 2025, and addresses multiple vulnerabilities that could potentially compromise system security.
- Vulnerabilities Addressed:
- CVE-2025-54349: Fixed an off-by-one error leading to a heap-based buffer overflow.
- CVE-2025-54350: Resolved an assertion failure related to Base64 decoding, which could crash the application upon receiving malformed authentication attempts.
- CVE-2025-54351: Corrected a buffer overflow issue in the net.c file.
- Support for Multi-Path TCP (MPTCPv1) with the new `--mptcp` flag.
- A `--cntl-ka` option to enable TCP keepalives on control connections.
- Improved throughput handling with the `MSG_TRUNC` receive option.
- Fixed bugs related to bitrate settings and congestion control protocols.
Key Details:
- Affected Products: The update impacts several versions, including openSUSE Leap 15.6, SUSE Linux Enterprise Desktop (SP6 and SP7), SUSE Linux Enterprise Server (SP3, SP6, and SP7), and others within the SUSE Package Hub.- Vulnerabilities Addressed:
- CVE-2025-54349: Fixed an off-by-one error leading to a heap-based buffer overflow.
- CVE-2025-54350: Resolved an assertion failure related to Base64 decoding, which could crash the application upon receiving malformed authentication attempts.
- CVE-2025-54351: Corrected a buffer overflow issue in the net.c file.
New Features:
In addition to security fixes, iperf has been updated to version 3.19.1, introducing several enhancements:- Support for Multi-Path TCP (MPTCPv1) with the new `--mptcp` flag.
- A `--cntl-ka` option to enable TCP keepalives on control connections.
- Improved throughput handling with the `MSG_TRUNC` receive option.
- Fixed bugs related to bitrate settings and congestion control protocols.
Installation Instructions:
Users are encouraged to apply the update using SUSE's recommended methods, such as YaST online_update or the command line tool `zypper`. Specific command lines for installation based on the product version are provided in the announcement.Package Information:
The update includes multiple packages such as `iperf-3.19.1`, `libiperf0`, and associated debug and development packages for various architectures including aarch64, ppc64le, s390x, and x86_64.Further References:
For a complete understanding of the vulnerabilities and their implications, users can consult the provided CVE links and bug reports, which detail the security issues and resolutions.Conclusion:
This update is crucial for maintaining the security and performance of systems running SUSE Linux. Users should prioritize applying this patch to safeguard against potential threats and take advantage of the new iperf featuresIperf update for SUSE
Updated iperf packages have been released for openSUSE Leap and SUSE Linux Enterprise to address multiple security issues:
SUSE-SU-2025:02749-1: important: Security update for iperf
