SUSE alert openSUSE-SU-2026:20437-1 (net-tools)
| From: | null@suse.de | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:20437-1: moderate: Security update for net-tools | |
| Date: | Thu, 02 Apr 2026 14:50:21 +0200 | |
| Message-ID: | <20260402125021.D92C2FD12@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE security update: security update for net-tools ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20437-1 Rating: moderate References: * bsc#1243581 * bsc#1248410 * bsc#1248687 * bsc#142461 * bsc#430864 * bsc#544339 Cross-References: * CVE-2025-46836 CVSS scores: * CVE-2025-46836 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-46836 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has 6 bug fixes can now be installed. Description: This update for net-tools fixes the following issues: - Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58). - Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq-cmw2-cq59). - Avoid unsafe memcpy in ifconfig (bsc#1248687). - Prevent overflow in ax25 and netrom (bsc#1248687) - Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-454=1 Package List: - openSUSE Leap 16.0: net-tools-2.10-160000.3.1 net-tools-deprecated-2.10-160000.3.1 net-tools-lang-2.10-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2025-46836.html