SUSE-SU-2025:03260-1

Details

This update for net-tools fixes the following issues:

Security issues fixed:

CVE-2025-46836: missing bounds check in get_name may lead to a stack buffer overflow (bsc#1243581).
Avoid unsafe use of memcpy in ifconfig (bsc#1248687).
Prevent overflow in ax25 and netrom (bsc#1248687).
Fix stack buffer overflow in parse_hex (bsc#1248687).
Fix stack buffer overflow in proc_gen_fmt (bsc#1248687).

Other issues fixed:

Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
Fix netrom support.

Affected Packages

net-tools

SUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Micro 5.5

Fixed in:

2.0+git20170221.479bb4a-150000.5.13.1

net-tools-lang

SUSE Linux Enterprise Module for Basesystem 15 SP6SUSE Linux Enterprise Module for Basesystem 15 SP7openSUSE Leap 15.6

Fixed in:

2.0+git20170221.479bb4a-150000.5.13.1

net-tools-deprecated

SUSE Linux Enterprise Module for Legacy 15 SP6SUSE Linux Enterprise Module for Legacy 15 SP7openSUSE Leap 15.6

Fixed in:

2.0+git20170221.479bb4a-150000.5.13.1

References

REPORT