Security update for libpcap SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0062-1 Final 1 1 2026-01-08T09:36:12Z current 2026-01-08T09:36:12Z 2026-01-08T09:36:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libpcap This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-62,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-62 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260062-1/ Link for SUSE-SU-2026:0062-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023703.html E-Mail link for SUSE-SU-2026:0062-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1255765 SUSE Bug 1255765 https://www.suse.com/security/cve/CVE-2025-11961/ SUSE CVE CVE-2025-11961 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libpcap-devel-1.8.1-10.9.1 libpcap-devel-32bit-1.8.1-10.9.1 libpcap-devel-64bit-1.8.1-10.9.1 libpcap-devel-static-1.8.1-10.9.1 libpcap1-1.8.1-10.9.1 libpcap1-32bit-1.8.1-10.9.1 libpcap1-64bit-1.8.1-10.9.1 libpcap-devel-1.8.1-10.9.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libpcap1-1.8.1-10.9.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer. CVE-2025-11961 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpcap-devel-1.8.1-10.9.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpcap1-1.8.1-10.9.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260062-1/ https://www.suse.com/security/cve/CVE-2025-11961.html CVE-2025-11961 https://bugzilla.suse.com/1255765 SUSE Bug 1255765