iperf3: Fix CVE-2024-26306 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2025-09-26 17:14:29 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-26 15:12:59 +0200
commit	b8333d7c6f794b314a6ea09645aff4be6c32b6d9 (patch)
tree	a17a326ecb6336e2320cc5a6a34ba4d95e7a8fec /meta-python/recipes-devtools/python/python-scrypt/0001-py-scrypt-remove-the-hard-coded-include-paths.patch
parent	0a0ba8f46745c8743bb1979e3250aa1fa932f643 (diff)
download	meta-openembedded-b8333d7c6f794b314a6ea09645aff4be6c32b6d9.tar.gz

iperf3: Fix CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. References: https://nvd.nist.gov/vuln/detail/CVE-2024-26306 https://security-tracker.debian.org/tracker/CVE-2024-26306 Upstream patch: https://github.com/esnet/iperf/commit/299b356df6939f71619bf45bf7a7d2222e17d840 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-scrypt/0001-py-scrypt-remove-the-hard-coded-include-paths.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: