openSUSE Security Update: Security update for gifsicle ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0160-1 Rating: important References: #1212645 Cross-References: CVE-2023-36193 CVSS scores: CVE-2023-36193 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP4 openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gifsicle fixes the following issues: - Update to version 1.94: * Fix some bugs, including fix for CVE-2023-36193: heap buffer overflow (read) via the ambiguity_error component at /src/clp.c (boo#1212645). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-160=1 - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-160=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): gifsicle-1.94-bp155.3.3.1 gifsicle-debuginfo-1.94-bp155.3.3.1 gifsicle-debugsource-1.94-bp155.3.3.1 - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): gifsicle-1.94-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-36193.html https://bugzilla.suse.com/1212645