Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 38: FEDORA-2023-bf8433b473 High: FLAC Code Injection Vulnerability

fedora
Calendar Grey September 16, 2023
Dist Fedora Esm H88
Security enhancement release for FLAC in Fedora 37 tackling RCE vulnerabilities stemming from CVE-2020-22219 alongside enhancements in memory handling.
Security fix for CVE-2020-22219

Summary

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC

is similar to Ogg Vorbis, but lossless. The FLAC project consists of

the stream format, reference encoders and decoders in library form,

flac, a command-line program to encode and decode FLAC files, metaflac,

a command-line metadata editor for FLAC files and input plugins for

various music players.

This package contains the command-line tools and documentation.

Update Information:

Security fix for CVE-2020-22219

Change Log

* Thu Aug 31 2023 Miroslav Lichvar 1.3.4-3 - don't free memory that is still used after realloc() error (CVE-2020-22219)

References


[ 1 ] Bug #2235580 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235580

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-bf8423a373' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: flac
Product: Fedora 37
Version: 1.3.4
Release: 3.fc37
Summary: An encoder/decoder for the Free Lossless Audio Codec

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here