SUSE-SU-2025:03260-1

Details

Description of the patch:

This update for net-tools fixes the following issues:

Security issues fixed:

CVE-2025-46836: missing bounds check in get_name may lead to a stack buffer overflow (bsc#1243581).
Avoid unsafe use of memcpy in ifconfig (bsc#1248687).
Prevent overflow in ax25 and netrom (bsc#1248687).
Fix stack buffer overflow in parse_hex (bsc#1248687).
Fix stack buffer overflow in proc_gen_fmt (bsc#1248687).

Other issues fixed:

Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
Fix netrom support.

Affected Packages

net-tools

SUSE Linux Enterprise Desktop 15 SP6SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP6SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Micro 5.1

Fixed in:

2.0+git20170221.479bb4a-150000.5.13.1

net-tools-lang

SUSE Linux Enterprise Desktop 15 SP6SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP6SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Basesystem 15 SP6

Fixed in:

2.0+git20170221.479bb4a-150000.5.13.1

net-tools-deprecated

SUSE Linux Enterprise Module for Legacy 15 SP6SUSE Linux Enterprise Module for Legacy 15 SP7openSUSE Leap 15.6

Fixed in:

2.0+git20170221.479bb4a-150000.5.13.1

References

ADVISORY

https://bugzilla.suse.com/1243581

ADVISORY

https://bugzilla.suse.com/1246608

ADVISORY