Security update for libpcap SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20075-1 Final 1 1 2026-01-22T10:13:12Z current 2026-01-22T10:13:12Z 2026-01-22T10:13:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libpcap This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-164 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1255765 SUSE Bug 1255765 https://www.suse.com/security/cve/CVE-2025-11961/ SUSE CVE CVE-2025-11961 page openSUSE Leap 16.0 libpcap-devel-1.10.5-160000.4.1 libpcap-devel-static-1.10.5-160000.4.1 libpcap1-1.10.5-160000.4.1 libpcap-devel-1.10.5-160000.4.1 as a component of openSUSE Leap 16.0 libpcap-devel-static-1.10.5-160000.4.1 as a component of openSUSE Leap 16.0 libpcap1-1.10.5-160000.4.1 as a component of openSUSE Leap 16.0 pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer. CVE-2025-11961 openSUSE Leap 16.0:libpcap-devel-1.10.5-160000.4.1 openSUSE Leap 16.0:libpcap-devel-static-1.10.5-160000.4.1 openSUSE Leap 16.0:libpcap1-1.10.5-160000.4.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-11961.html CVE-2025-11961 https://bugzilla.suse.com/1255765 SUSE Bug 1255765