Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE dhcpcd Moderate NULL Pointer Issue Fix 2026-21220-1

opensuse
Calendar Grey July 3, 2026
Dist Opensuse Esm H88
Update for openSUSE dhcpcd addresses moderate flaws to protect network configurations against exploitation.
An update that solves one vulnerability and has one bug fix can now be installed.

Description

This update for dhcpcd fixes the following issue

Update to 10.3.2:

- CVE-2025-70102: NULL pointer dereference in `parse_option()` when processing a specially crafted configuration input

(bsc#1268761).

Changes for dhcpcd:

* options: Ensure ldop is not NULL dereferenced

* DHCP: Don't run double EXPIRE hooks on carrier loss

* DHCP: free the state when dropping on state NONE

* BSD: don't send uninitialised memory using

ps_root_indirectioctl

* Fix fallback_time option

* IPv4: Ignore DHCP state when building routes

* route: Routes may not have an interface assinged

* options: Ensure that an overly long bitflag string does not

crash

* options: Don't assume vsio options have an argument

* common: Cast via uintptr_t rather than unsigned long in UNCONST

* privsep: Ensure we recv for real after a successful recv

MSG_PEEK

* DHCP: Add parentheses to macro definitions

* ipv6nd: empty IPV6RA_EXPIRE eloop queue when dropping

* privsep: enforce message boundaries with MSG_EOR...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

dhcpcd-10.3.2-160000.1.1

References

* bsc#1268761

References:

* https://www.suse.com/security/cve/CVE-2025-70102.html

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21220-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here