Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Ubuntu 14.10: 2426-1 Critical: Flac Remote Code Execution Advisory

Calendar Nov 27, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical remote code execution Ubuntu flac crash
FLAC could be made to crash or run programs as your login if it opened a specially crafted file. 
=========================================================================Ubuntu Security Notice USN-2426-1
November 27, 2014

flac vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

FLAC could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- flac: Free Lossless Audio Codec

Details:

Michele Spagnuolo discovered that FLAC incorrectly handled certain
malformed audio files. An attacker could use this issue to cause FLAC to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libflac++6                      1.3.0-2ubuntu0.14.10.1
  libflac8                        1.3.0-2ubuntu0.14.10.1

Ubuntu 14.04 LTS:
  libflac++6                      1.3.0-2ubuntu0.14.04.1
  libflac8                        1.3.0-2ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  libflac++6                      1.2.1-6ubuntu0.1
  libflac8                        1.2.1-6ubuntu0.1

Ubuntu 10.04 LTS:
  libflac++6                      1.2.1-2ubuntu0.1
  libflac8                        1.2.1-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  
  CVE-2014-8962, CVE-2014-9028

Package Information:
  https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu0.14.10.1
  https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu0.14.04.1
  https://launchpad.net/ubuntu/+source/flac/1.2.1-6ubuntu0.1
  https://launchpad.net/ubuntu/+source/flac/1.2.1-2ubuntu0.1

Ubuntu 14.10: 2426-1 Critical: Flac Remote Code Execution Advisory

ubuntu
Calendar Grey November 27, 2014
Dist Ubuntu Esm H88
New FLAC security issues found in Ubuntu. Guidance for updates across multiple releases shared on November 27, 2014.
FLAC could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical remote code execution Ubuntu flac crash

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libflac++6 1.3.0-2ubuntu0.14.10.1 libflac8 1.3.0-2ubuntu0.14.10.1 Ubuntu 14.04 LTS: libflac++6 1.3.0-2ubuntu0.14.04.1 libflac8 1.3.0-2ubuntu0.14.04.1 Ubuntu 12.04 LTS: libflac++6 1.2.1-6ubuntu0.1 libflac8 1.2.1-6ubuntu0.1 Ubuntu 10.04 LTS: libflac++6 1.2.1-2ubuntu0.1 libflac8 1.2.1-2ubuntu0.1 In general, a standard system update will make all the necessary changes.

References

CVE-2014-8962, CVE-2014-9028

Severity
critical
Lowest
Low
Medium
High
Critical

November 27, 2014

Topics%20covered

Topics Covered

security advisory denial of service critical remote code execution Ubuntu flac crash

Package Information

https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu0.14.10.1 https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/flac/1.2.1-6ubuntu0.1 https://launchpad.net/ubuntu/+source/flac/1.2.1-2ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here