ELA-1505-1 iperf3 security update

two vulnerabilities

2025-08-24

Package	iperf3
Version	3.9-1+deb11u3~deb9u1 (stretch), 3.9-1+deb11u3~deb10u1 (buster)
Related CVEs	CVE-2025-54349 CVE-2025-54350

Two vulnerabilities have been fixed in the IP bandwidth measuring tool iperf3.

CVE-2025-54349

heap buffer overflow

CVE-2025-54350

reachable assert

For Debian 10 buster, these problems have been fixed in version 3.9-1+deb11u3~deb10u1.

For Debian 9 stretch, these problems have been fixed in version 3.9-1+deb11u3~deb9u1.

We recommend that you upgrade your iperf3 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.