--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-6225445e2b
2022-12-03 01:41:59.480412
--------------------------------------------------------------------------------
Name : advancecomp
Product : Fedora 36
Version : 2.4
Release : 1.fc36
URL :
https://www.advancemame.it/
Summary : Recompression utilities for .png, .mng, .zip and .gz files
Description :
AdvanceCOMP contains recompression utilities for your .zip archives,
.png images, .mng video clips and .gz files.
The official site of AdvanceCOMP is:
https://www.advancemame.it
This package contains:
advzip - Recompression and test utility for zip files
advpng - Recompression utility for png files
advmng - Recompression utility for mng files
advdef - Recompression utility for deflate streams in .png, .mng and .gz files
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.4-1
- Update to 2.4 (close RHBZ#2145023)
- Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016,
CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-5
- Identify bundled 7-Zip as ���7zip��� rather than ���7z���
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-4
- Add a comment about upstream tests
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-3
- Stricter file globs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2127376 - CVE-2022-35014 advancecomp: SEGV via invalid read address
https://bugzilla.redhat.com/show_bug.cgi?id=2127376
[ 2 ] Bug #2127378 - CVE-2022-35015 advancecomp: heap-buffer-overflow in
le_uint32_read() in lib/endianrw.h
https://bugzilla.redhat.com/show_bug.cgi?id=2127378
[ 3 ] Bug #2127380 - CVE-2022-35016 advancecomp: heap buffer overflow in data_dup() in
data.cc
https://bugzilla.redhat.com/show_bug.cgi?id=2127380
[ 4 ] Bug #2127383 - CVE-2022-35017 advancecomp: heap-buffer-overflow in
mng_delta_addition() in mng.c
https://bugzilla.redhat.com/show_bug.cgi?id=2127383
[ 5 ] Bug #2127386 - CVE-2022-35018 advancecomp: SEGV via invalid read memory access
https://bugzilla.redhat.com/show_bug.cgi?id=2127386
[ 6 ] Bug #2127389 - CVE-2022-35019 advancecomp: SEGV via invalid write memory access
https://bugzilla.redhat.com/show_bug.cgi?id=2127389
[ 7 ] Bug #2127394 - CVE-2022-35020 advancecomp: heap buffer overflow via the component
inflate()
https://bugzilla.redhat.com/show_bug.cgi?id=2127394
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-6225445e2b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------