[SECURITY] Fedora 36 Update: advancecomp-2.4-1.fc36

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-6225445e2b 2022-12-03 01:41:59.480412 -------------------------------------------------------------------------------- Name : advancecomp Product : Fedora 36 Version : 2.4 Release : 1.fc36 URL : https://www.advancemame.it/ Summary : Recompression utilities for .png, .mng, .zip and .gz files Description : AdvanceCOMP contains recompression utilities for your .zip archives, .png images, .mng video clips and .gz files. The official site of AdvanceCOMP is: https://www.advancemame.it This package contains: advzip - Recompression and test utility for zip files advpng - Recompression utility for png files advmng - Recompression utility for mng files advdef - Recompression utility for deflate streams in .png, .mng and .gz files -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net&gt; 2.4-1 - Update to 2.4 (close RHBZ#2145023) - Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020 * Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net&gt; 2.3-5 - Identify bundled 7-Zip as ���7zip��� rather than ���7z��� * Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net&gt; 2.3-4 - Add a comment about upstream tests * Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net&gt; 2.3-3 - Stricter file globs -------------------------------------------------------------------------------- References: [ 1 ] Bug #2127376 - CVE-2022-35014 advancecomp: SEGV via invalid read address https://bugzilla.redhat.com/show_bug.cgi?id=2127376 [ 2 ] Bug #2127378 - CVE-2022-35015 advancecomp: heap-buffer-overflow in le_uint32_read() in lib/endianrw.h https://bugzilla.redhat.com/show_bug.cgi?id=2127378 [ 3 ] Bug #2127380 - CVE-2022-35016 advancecomp: heap buffer overflow in data_dup() in data.cc https://bugzilla.redhat.com/show_bug.cgi?id=2127380 [ 4 ] Bug #2127383 - CVE-2022-35017 advancecomp: heap-buffer-overflow in mng_delta_addition() in mng.c https://bugzilla.redhat.com/show_bug.cgi?id=2127383 [ 5 ] Bug #2127386 - CVE-2022-35018 advancecomp: SEGV via invalid read memory access https://bugzilla.redhat.com/show_bug.cgi?id=2127386 [ 6 ] Bug #2127389 - CVE-2022-35019 advancecomp: SEGV via invalid write memory access https://bugzilla.redhat.com/show_bug.cgi?id=2127389 [ 7 ] Bug #2127394 - CVE-2022-35020 advancecomp: heap buffer overflow via the component inflate() https://bugzilla.redhat.com/show_bug.cgi?id=2127394 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-6225445e2b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------