Overview

File _patchinfo of Package patchinfo.40435

<patchinfo incident="40435">
  <issue tracker="cve" id="2025-46836"/>
  <issue tracker="bnc" id="1248687">VUL-0: net-tools: stack buffer overflow in parse_hex</issue>
  <issue tracker="bnc" id="1243581">VUL-0: CVE-2025-46836: net-tools: the absence of bound check may lead to a stack buffer overflow</issue>
  <issue tracker="bnc" id="1248410">[Build 129.5] ltp test if4-addr-addlarge_ifconfig fails when adding an alias interface using ifconfig</issue>
  <packager>sbrabec</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for net-tools</summary>
  <description>This update for net-tools fixes the following issues:

Security issues fixed:

- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).    
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).   
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).

Other issues fixed:

- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places