Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 1 Apr 2015 14:06:20 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: flac on SL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: flac security update Advisory ID: SLSA-2015:0767-1 Issue Date: 2015-04-01 CVE Numbers: CVE-2014-8962 CVE-2014-9028 -- A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028) A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962) After installing the update, all applications linked against the flac library must be restarted for this update to take effect. -- SL6 x86_64 flac-1.2.1-7.el6_6.i686.rpm flac-1.2.1-7.el6_6.x86_64.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm flac-devel-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.x86_64.rpm i386 flac-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.i686.rpm SL7 x86_64 flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-libs-1.3.0-5.el7_1.i686.rpm flac-libs-1.3.0-5.el7_1.x86_64.rpm flac-1.3.0-5.el7_1.x86_64.rpm flac-devel-1.3.0-5.el7_1.i686.rpm flac-devel-1.3.0-5.el7_1.x86_64.rpm - Scientific Linux Development Team