net-tools/net-tools-parse_hex-stack-overflow.patch at factory

SHA256

Files

Stanislav Brabec d854ad294d - Drop old Fedora patch 0006-Allow-interface-stacking.patch. It

provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes
  by the upstream in 2025 in a different way. Revert interferring
  net-tools-CVE-2025-46836.patch back to the upstream version.
- Fix stack buffer overflow in parse_hex (bsc#1248687,
  GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
  GHSA-w7jq-cmw2-cq59,
  net-tools-proc_gen_fmt-buffer-overflow.patch).
- Avoid unsafe memcpy in ifconfig (bsc#1248687,
  net-tools-ifconfig-avoid-unsafe-memcpy.patch).
- Prevent overflow in ax25 and netrom (bsc#1248687, ).
- Keep possibility to enter long interface names, even if they are
  not accepted by the kernel, because it was always possible up to
  CVE-2025-46836 fix. But issue a warning about an interface name
  concatenation.

OBS-URL: https://build.opensuse.org/package/show/network:utilities/net-tools?expand=0&rev=75

2025-08-28 22:58:18 +00:00

1.5 KiB

Raw Permalink Blame History

View Raw

1.5 KiB Raw Permalink Blame History

1.5 KiB

Raw Permalink Blame History