Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Scientific Linux: SLSA-2015:0767-1 Critical: flac Buffer Overflow

Scientific Large Esm H446
Important: flac security update
Date: Wed, 1 Apr 2015 14:06:20 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: flac on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: flac security update
Advisory ID: SLSA-2015:0767-1
Issue Date: 2015-04-01
CVE Numbers: CVE-2014-8962
 CVE-2014-9028
--

A buffer overflow flaw was found in the way flac decoded FLAC audio files.
An attacker could create a specially crafted FLAC audio file that could
cause an application using the flac library to crash or execute arbitrary
code when the file was read. (CVE-2014-9028)

A buffer over-read flaw was found in the way flac processed certain ID3v2
metadata. An attacker could create a specially crafted FLAC audio file
that could cause an application using the flac library to crash when the
file was read. (CVE-2014-8962)

After installing the update, all applications linked against the flac
library must be restarted for this update to take effect.
--

SL6
 x86_64
 flac-1.2.1-7.el6_6.i686.rpm
 flac-1.2.1-7.el6_6.x86_64.rpm
 flac-debuginfo-1.2.1-7.el6_6.i686.rpm
 flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm
 flac-devel-1.2.1-7.el6_6.i686.rpm
 flac-devel-1.2.1-7.el6_6.x86_64.rpm
 i386
 flac-1.2.1-7.el6_6.i686.rpm
 flac-debuginfo-1.2.1-7.el6_6.i686.rpm
 flac-devel-1.2.1-7.el6_6.i686.rpm
SL7
 x86_64
 flac-debuginfo-1.3.0-5.el7_1.i686.rpm
 flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm
 flac-libs-1.3.0-5.el7_1.i686.rpm
 flac-libs-1.3.0-5.el7_1.x86_64.rpm
 flac-1.3.0-5.el7_1.x86_64.rpm
 flac-devel-1.3.0-5.el7_1.i686.rpm
 flac-devel-1.3.0-5.el7_1.x86_64.rpm

- Scientific Linux Development Team