Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Ubuntu 18.04 LTS USN-6360-2 Critical FLAC Denial of Service

ubuntu
Calendar Grey September 22, 2023
Dist Ubuntu Esm H88
The latest Ubuntu Security Update USN-6360-2 addresses a critical flaw in FLAC that may lead to system crashes or unanticipated code execution.
FLAC could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

FLAC could be made to crash or run programs as your login if it opened a

specially crafted file.

Software Description:

- flac: Free Lossless Audio Codec

Details:

USN-6360-1 fixed a vulnerability in FLAC. This update provides the

corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and

Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that FLAC incorrectly handled encoding certain files. A

 remote attacker could use this issue to cause FLAC to crash, resulting

in a

 denial of service, or possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   flac                            1.3.2-1ubuntu0.1+esm1
   libflac8                        1.3.2-1ubuntu0.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   flac                            1.3.1-4ubuntu0.1~esm2
   libflac8                        1.3.1-4ubuntu0.1~esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   flac                            1.3.0-2ubuntu0.14.04.1+esm2
   libflac8                        1.3.0-2ubuntu0.14.04.1+esm2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6360-2

  https://ubuntu.com/security/notices/USN-6360-1

  CVE-2020-22219

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6360-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.