Explore top 10 tips to secure your open-source projects now. Read More
×
This update for net-tools fixes the following issues:
- Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq-cmw2-cq59).
- Avoid unsafe memcpy in ifconfig (bsc#1248687).
- Prevent overflow in ax25 and netrom (bsc#1248687)
- Keep possibility to enter long interface names, even if they are
not accepted by the kernel, because it was always possible up to
CVE-2025-46836 fix. But issue a warning about an interface name
concatenation (bsc#1248410).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-454=1
- openSUSE Leap 16.0:
net-tools-2.10-160000.3.1
net-tools-deprecated-2.10-160000.3.1
net-tools-lang-2.10-160000.3.1
* bsc#1243581
* bsc#1248410
* bsc#1248687
* bsc#142461
* bsc#430864
* bsc#544339
References:
* https://www.suse.com/security/cve/CVE-2025-46836.html
Get the latest Linux and open source security news straight to your inbox.