This update for dhcpcd fixes the following issue
Update to 10.3.2:
- CVE-2025-70102: NULL pointer dereference in `parse_option()` when processing a specially crafted configuration input
(bsc#1268761).
Changes for dhcpcd:
* options: Ensure ldop is not NULL dereferenced
* DHCP: Don't run double EXPIRE hooks on carrier loss
* DHCP: free the state when dropping on state NONE
* BSD: don't send uninitialised memory using
ps_root_indirectioctl
* Fix fallback_time option
* IPv4: Ignore DHCP state when building routes
* route: Routes may not have an interface assinged
* options: Ensure that an overly long bitflag string does not
crash
* options: Don't assume vsio options have an argument
* common: Cast via uintptr_t rather than unsigned long in UNCONST
* privsep: Ensure we recv for real after a successful recv
MSG_PEEK
* DHCP: Add parentheses to macro definitions
* ipv6nd: empty IPV6RA_EXPIRE eloop queue when dropping
* privsep: enforce message boundaries with MSG_EOR...
Read the Full Advisory- openSUSE Leap 16.0:
dhcpcd-10.3.2-160000.1.1
* bsc#1268761
References:
* https://www.suse.com/security/cve/CVE-2025-70102.html
Get the latest Linux and open source security news straight to your inbox.