File _patchinfo of Package patchinfo.39631

<patchinfo incident="39631">
  <issue tracker="bnc" id="142461">L3: ifconfig can fail to list aliases due to get_name() induced stack corruption</issue>
  <issue tracker="bnc" id="1243581">VUL-0: CVE-2025-46836: net-tools: the absence of bound check may lead to a stack buffer overflow</issue>
  <issue tracker="bnc" id="1246608">net-tools update for SLES 12 SP5: net-stat update causes segmentation faults</issue>
  <issue tracker="bnc" id="1248687">VUL-0: net-tools: stack buffer overflow in parse_hex</issue>
  <issue tracker="bnc" id="1248410">[Build 129.5] ltp test if4-addr-addlarge_ifconfig fails when adding an alias interface using ifconfig</issue>
  <issue tracker="cve" id="2025-46836"/>
  <packager>sbrabec</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for net-tools</summary>
  <description>This update for net-tools fixes the following issues:

Security issues fixed:

- CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581).
- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).    
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).   
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).
    
Other issues fixed:

- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
- Fix netrom support.
</description>
</patchinfo>