openSUSE Security Update: Security update for pngcheck ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10154-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pngcheck fixes the following issues: pngcheck was updated to 3.0.3: Version 3.0.1: * fixed a crash bug (and probable vulnerability) in large (MNG) LOOP chunks Version 3.0.2: * fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data (found by "chiba of topsec alpha lab") Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10154=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): pngcheck-3.0.3-bp154.2.3.1 References: