Tumbleweed update triggers router firewall warning

Today’s massive 2300+ package tumbleweed update caused my router firewall (GigaSpire ProtectIQ) to warn about blocking something I haven’t seen before:

Microsoft Windows GDI+PNG heap overflow attempt was blocked

It was updating kernel-default to 5.19.2-1.4

False trigger?

Did you see that message running “zypper dup”?

I see have to run the update: 3753 packages to upgrade, 2 new, 2 to remove. Overall download size: 4.88 GiB

If you see it was triggered updating kernel-default you can see if it is reproducible:

sudo zypper in --download-only --force kernel-default

or alternatively:

wget https://download.opensuse.org/tumbleweed/repo/oss/x86_64/kernel-default-5.19.2-1.4.x86_64.rpm