Explore top 10 tips to secure your open-source projects now. Read More
×Important: flac security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:5048", "synopsis": "Important: flac security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for flac.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.\n\nSecurity Fix(es):\n\n* flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2235489", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2235489", "description": ""}], "cves": [{"name": "CVE-2020-22219", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22219", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-120"}], "references": [], "publishedAt": "2026-06-25T12:03:37.665962Z", "rpms": {"Rocky Linux 9": {"nvras": ["flac-0:1.3.3-10.el9_2.1.aarch64.rpm", "flac-0:1.3.3-10.el9_2.1.ppc64le.rpm", "flac-0:1.3.3-10.el9_2.1.s390x.rpm", "flac-0:1.3.3-10.el9_2.1.src.rpm", "flac-0:1.3.3-10.el9_2.1.x86_64.rpm", "flac-debuginfo-0:1.3.3-10.el9_2.1.aarch64.rpm", "flac-debuginfo-0:1.3.3-10.el9_2.1.i686.rpm", "flac-debuginfo-0:1.3.3-10.el9_2.1.ppc64le.rpm", "flac-debuginfo-0:1.3.3-10.el9_2.1.s390x.rpm","flac-debuginfo-0:1.3.3-10.el9_2.1.x86_64.rpm", "flac-debugsource-0:1.3.3-10.el9_2.1.aarch64.rpm", "flac-debugsource-0:1.3.3-10.el9_2.1.i686.rpm", "flac-debugsource-0:1.3.3-10.el9_2.1.ppc64le.rpm", "flac-debugsource-0:1.3.3-10.el9_2.1.s390x.rpm", "flac-debugsource-0:1.3.3-10.el9_2.1.x86_64.rpm", "flac-devel-0:1.3.3-10.el9_2.1.aarch64.rpm", "flac-devel-0:1.3.3-10.el9_2.1.i686.rpm", "flac-devel-0:1.3.3-10.el9_2.1.ppc64le.rpm", "flac-devel-0:1.3.3-10.el9_2.1.s390x.rpm", "flac-devel-0:1.3.3-10.el9_2.1.x86_64.rpm", "flac-libs-0:1.3.3-10.el9_2.1.aarch64.rpm", "flac-libs-0:1.3.3-10.el9_2.1.i686.rpm", "flac-libs-0:1.3.3-10.el9_2.1.ppc64le.rpm", "flac-libs-0:1.3.3-10.el9_2.1.s390x.rpm", "flac-libs-0:1.3.3-10.el9_2.1.x86_64.rpm", "flac-libs-debuginfo-0:1.3.3-10.el9_2.1.aarch64.rpm", "flac-libs-debuginfo-0:1.3.3-10.el9_2.1.i686.rpm", "flac-libs-debuginfo-0:1.3.3-10.el9_2.1.ppc64le.rpm", "flac-libs-debuginfo-0:1.3.3-10.el9_2.1.s390x.rpm", "flac-libs-debuginfo-0:1.3.3-10.el9_2.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important flac security update for Rocky Linux 9 addresses remote code execution risk due to crafted input.. flac security update, Rocky Linux 9, remote code execution, CVE-2020-22219, security advisory. . Severity: Important. LinuxSecurity.com Team
The updated packages fix a security vulnerability: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. (CVE-2020-22219) . MGASA-2023-0277 - Updated flac packages fix security vulnerability Publication date: 30 Sep 2023 URL: https://advisories.mageia.org/MGASA-2023-0277.html Type: security Affected Mageia releases: 8 CVE: CVE--2020-22219 The updated packages fix a security vulnerability: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. (CVE-2020-22219) References: - https://bugs.mageia.org/show_bug.cgi?id=32283 - https://www.cve.org/CVERecord?id=CVE-2020-22219 - - https://www.cve.org/CVERecord?id=CVE--2020-22219 SRPMS: - 8/core/flac-1.3.3-3.2.mga8 . Mageia has released updated flac packages to mitigate buffer overflow vulnerabilities, which could enable potential remote code execution.. Mageia Security Advisory, Buffer Overflow, flac Update. . LinuxSecurity.com Team
FLAC could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6360-2 September 22, 2023 flac vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: FLAC could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - flac: Free Lossless Audio Codec Details: USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): flac 1.3.2-1ubuntu0.1+esm1 libflac8 1.3.2-1ubuntu0.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): flac 1.3.1-4ubuntu0.1~esm2 libflac8 1.3.1-4ubuntu0.1~esm2 Ubuntu 14.04 LTS (Available with Ubuntu Pro): flac 1.3.0-2ubuntu0.14.04.1+esm2 libflac8 1.3.0-2ubuntu0.14.04.1+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6360-2 https://ubuntu.com/security/notices/USN-6360-1 CVE-2020-22219 . The latest Ubuntu Security Update USN-6360-2 addresses a critical flaw in FLAC that may lead to system crashes or unanticipated code execution.. Ubuntu Security, FLAC Threat, Denial of Service, Audio Codec Security, System Updates. . Severity: Critical. LinuxSecurity.com Team
A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5500-1
An update for flac is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: flac security update Advisory ID: RHSA-2023:5044-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5044 Issue date: 2023-09-11 CVE Names: CVE-2020-22219 ===================================================================== 1. Summary: An update for flac is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64 Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Security Fix(es): * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219) For more details about the security issue(s), includingthe impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder 6. Package List: Red Hat Enterprise Linux AppStream AUS (v.8.4): Source: flac-1.3.2-9.el8_4.1.src.rpm x86_64: flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_4.1.i686.rpm flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm flac-libs-1.3.2-9.el8_4.1.i686.rpm flac-libs-1.3.2-9.el8_4.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v.8.4): Source: flac-1.3.2-9.el8_4.1.src.rpm aarch64: flac-debuginfo-1.3.2-9.el8_4.1.aarch64.rpm flac-debugsource-1.3.2-9.el8_4.1.aarch64.rpm flac-libs-1.3.2-9.el8_4.1.aarch64.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.aarch64.rpm ppc64le: flac-debuginfo-1.3.2-9.el8_4.1.ppc64le.rpm flac-debugsource-1.3.2-9.el8_4.1.ppc64le.rpm flac-libs-1.3.2-9.el8_4.1.ppc64le.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.ppc64le.rpm s390x: flac-debuginfo-1.3.2-9.el8_4.1.s390x.rpm flac-debugsource-1.3.2-9.el8_4.1.s390x.rpm flac-libs-1.3.2-9.el8_4.1.s390x.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.s390x.rpm x86_64: flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_4.1.i686.rpm flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm flac-libs-1.3.2-9.el8_4.1.i686.rpm flac-libs-1.3.2-9.el8_4.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm Red Hat Enterprise Linux AppStream TUS(v.8.4): Source: flac-1.3.2-9.el8_4.1.src.rpm aarch64: flac-debuginfo-1.3.2-9.el8_4.1.aarch64.rpm flac-debugsource-1.3.2-9.el8_4.1.aarch64.rpm flac-libs-1.3.2-9.el8_4.1.aarch64.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.aarch64.rpm ppc64le: flac-debuginfo-1.3.2-9.el8_4.1.ppc64le.rpm flac-debugsource-1.3.2-9.el8_4.1.ppc64le.rpm flac-libs-1.3.2-9.el8_4.1.ppc64le.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.ppc64le.rpm s390x: flac-debuginfo-1.3.2-9.el8_4.1.s390x.rpm flac-debugsource-1.3.2-9.el8_4.1.s390x.rpm flac-libs-1.3.2-9.el8_4.1.s390x.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.s390x.rpm x86_64: flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_4.1.i686.rpm flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm flac-libs-1.3.2-9.el8_4.1.i686.rpm flac-libs-1.3.2-9.el8_4.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-22219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk/2W5AAoJENzjgjWX9erEy50QAISb8CpgPUNYU8ybv8HOXyd2 zOobdkPMEEmO3u4WvblNG0yIseXoyv8rcFWbn8IhVZ6tVMNHoY/vBmO50X5QEG1Y nLqqkomXuHwsBhBt3DXSz7eivpWOkmO880loiFTR2aODwjoL/dCt69DZAjauUOn6 vitjIf5sEJsoXcEpfmapqSpZejSE57iFltOvtfbbvqxXd3Np53oXYKyncVlq51tX epYiHnLo+YW95Loarf0Jt7EbioAx2BZYWELjOzp2DHNzeiZ4/SlJqYbnA+LDhgWa 0Q9oTOZ89Q5tGGjyXvtDe40QMRViOYk5JdFrq+hVVgVgMJpeh18wp5hCx+PZKov8 5F/I34ESOBuQ7ougC110ix2UI8bbNHvvo8npe2/33M7pH/Cb8VG1nc0FYTWErLgN SWDj9au0Y4BhNaqsanY37x/xLk67fo1tU2mVRjwKZL03lXHCz9AWmLEB0Wak1Yif unwDJ6bec9D7XDStsiqGwZ2m0B8Xoe6tr6EQyAMZsPl/ilxWy6zf9Mmwr7+3KiC+ VlOvY80uTIn+Rjg7VYbFhQl3en8i7ZiHGi7mMUdoeQRuMyqH3gaKjETczUSsdzkq xAG6wYH9ITw5Z95m6JErhho2FYqTZ7D4JokXvK8tP9n62KDsWa8FriKV6c/KF1Wh 27vs6ppW6a2e7eFW7v7u =5ZBF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: flac security update Advisory ID: RHSA-2023:5046-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5046 Issue date: 2023-09-11 CVE Names: CVE-2020-22219 ===================================================================== 1. Summary: An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Security Fix(es): * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, whichincludes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: flac-1.3.2-9.el8_8.1.src.rpm aarch64: flac-debuginfo-1.3.2-9.el8_8.1.aarch64.rpm flac-debugsource-1.3.2-9.el8_8.1.aarch64.rpm flac-libs-1.3.2-9.el8_8.1.aarch64.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.aarch64.rpm ppc64le: flac-debuginfo-1.3.2-9.el8_8.1.ppc64le.rpm flac-debugsource-1.3.2-9.el8_8.1.ppc64le.rpm flac-libs-1.3.2-9.el8_8.1.ppc64le.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.ppc64le.rpm s390x: flac-debuginfo-1.3.2-9.el8_8.1.s390x.rpm flac-debugsource-1.3.2-9.el8_8.1.s390x.rpm flac-libs-1.3.2-9.el8_8.1.s390x.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.s390x.rpm x86_64: flac-debuginfo-1.3.2-9.el8_8.1.i686.rpm flac-debuginfo-1.3.2-9.el8_8.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_8.1.i686.rpm flac-debugsource-1.3.2-9.el8_8.1.x86_64.rpm flac-libs-1.3.2-9.el8_8.1.i686.rpm flac-libs-1.3.2-9.el8_8.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.x86_64.rpm Red Hat Enterprise Linux CRB (v.8): aarch64: flac-1.3.2-9.el8_8.1.aarch64.rpm flac-debuginfo-1.3.2-9.el8_8.1.aarch64.rpm flac-debugsource-1.3.2-9.el8_8.1.aarch64.rpm flac-devel-1.3.2-9.el8_8.1.aarch64.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.aarch64.rpm ppc64le: flac-1.3.2-9.el8_8.1.ppc64le.rpm flac-debuginfo-1.3.2-9.el8_8.1.ppc64le.rpm flac-debugsource-1.3.2-9.el8_8.1.ppc64le.rpm flac-devel-1.3.2-9.el8_8.1.ppc64le.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.ppc64le.rpm s390x: flac-1.3.2-9.el8_8.1.s390x.rpm flac-debuginfo-1.3.2-9.el8_8.1.s390x.rpm flac-debugsource-1.3.2-9.el8_8.1.s390x.rpm flac-devel-1.3.2-9.el8_8.1.s390x.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.s390x.rpm x86_64: flac-1.3.2-9.el8_8.1.x86_64.rpm flac-debuginfo-1.3.2-9.el8_8.1.i686.rpm flac-debuginfo-1.3.2-9.el8_8.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_8.1.i686.rpm flac-debugsource-1.3.2-9.el8_8.1.x86_64.rpm flac-devel-1.3.2-9.el8_8.1.i686.rpm flac-devel-1.3.2-9.el8_8.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-22219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk/2WzAAoJENzjgjWX9erEd9gP/jJhB0S9tuNx2+FuV7xFuXo5 rWEQ9lVv/6JsImQUYgY2LjaftH4xnIHATGFFKlD9a3beieFBTBCLlCcZS1Hj6hXP LIvcLWsaMtjp2h2vMSv18Lgbcm3Zuo0JoWeOf7FbOVLlalOvTOuZR3nMtiWomUfk vaPHhBymCLhrWkk4PSrUysSz9rl7MWcPTylo0tB1rr3VAxIToSty+JbQ3qmOiUbE FuNqnP1n5k4Web+cMlqTFQpMCW+myIhv3iMuQOT1gZ1GldPlpsmYUH3JZ4GsdT++ 48KjjmQmAhxqVpTUmsukFdNM+4VxaEse6GLp8yvW4gT0kdUbxSIBflgWtYwTKCou yhBtzUDlnlGnsnqnedDfUTbB60gJ3zuiwUmL9qBbVk5v+FzDm/3ltrgjVV8eeaPh TlkWqENYfHiMRUowCfv/Pp0Gx1Lc0jbZtA9ZPUKB5KJmarSYL/kfOdyg0KKsBO5V 8ypSnFccmVf971cQziId2J1dAtE30qrcr4ZhiphQ3CCurwWy4v8lzCBWtt5J2qNE +WGcJ92O+39OISdS7/lwFR69B4ok90H6COME4eWcA2owO3PszhQX4YL7X4IurmUp NfuZYi9ntCOc8VhvEFYhBfqEY76wC+l4OoweCQ//4M4m2FJHGBmryxNhM4yLGLlt 18vkKbOjfL4CxSxATfJi =7pXT -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: flac security update Advisory ID: RHSA-2023:5042-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5042 Issue date: 2023-09-11 CVE Names: CVE-2020-22219 ===================================================================== 1. Summary: An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Security Fix(es): * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.1): Source: flac-1.3.2-9.el8_1.1.src.rpm aarch64: flac-debuginfo-1.3.2-9.el8_1.1.aarch64.rpm flac-debugsource-1.3.2-9.el8_1.1.aarch64.rpm flac-libs-1.3.2-9.el8_1.1.aarch64.rpm flac-libs-debuginfo-1.3.2-9.el8_1.1.aarch64.rpm ppc64le: flac-debuginfo-1.3.2-9.el8_1.1.ppc64le.rpm flac-debugsource-1.3.2-9.el8_1.1.ppc64le.rpm flac-libs-1.3.2-9.el8_1.1.ppc64le.rpm flac-libs-debuginfo-1.3.2-9.el8_1.1.ppc64le.rpm s390x: flac-debuginfo-1.3.2-9.el8_1.1.s390x.rpm flac-debugsource-1.3.2-9.el8_1.1.s390x.rpm flac-libs-1.3.2-9.el8_1.1.s390x.rpm flac-libs-debuginfo-1.3.2-9.el8_1.1.s390x.rpm x86_64: flac-debuginfo-1.3.2-9.el8_1.1.i686.rpm flac-debuginfo-1.3.2-9.el8_1.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_1.1.i686.rpm flac-debugsource-1.3.2-9.el8_1.1.x86_64.rpm flac-libs-1.3.2-9.el8_1.1.i686.rpm flac-libs-1.3.2-9.el8_1.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_1.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-22219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk/xFnAAoJENzjgjWX9erEcnQP/0QR7/ZLFsp7p/VirDNWtz60 z+/leRB+FmKqEJgMU6Lo0P3DDQTO5Le4l+D9/7R927QlgMZTkj1Qsjwb+d7gB6D7 h7MTJO7QgzQJLcT9TTsRPkxKFBGM/rn7QoIBCUau6TLk5kNLS/O81s3Xv6sCNWUq xw896/+IFEtlp+ekLavhGyC3POenAt+/XvfP6a9aXpBlEnYHM2WSjJRNuyKe/X4p 8D0w7Ing8nBlsNC4uv5EvjYXDvt4WiehGFCBvrQdQP0saMeOpDlyaiLFjg5swlug joG/tK+8pBGL4BvDqC7jWUYWTNOFlTvLEqt1u+xk5no2s+4dKAiXFGd3/HuFAufK hdesqAyaZS13UQ/3VmjFfF/ijWBs6yLssisb/kAtsILbiY1PKIkanbnlat6hfM4u JAuO7KCkDoxZAcRrF52b9JW8LnSQ2shrTYL4NTNzJmWBfwbleUk7wzyrjUoeJsvU 1PYL1NUML4+Qh8S908gJ8shhF+WQhY3eIVm0Yc2k9fUGc1BschZ5yOd4ME6QchCF hDSSNBTvDT51f50fvW6n79ZtY23mSnPiGSUNa0MbrKZM7DQNqT1lzhU3EvJ4yYqX zyJP9HjEaq1C5EqmikhdwhSDPc0UuDYX2tbIKjKonrrGONWGufze1LtdzOMfmy3D IXrvjZH87iAcQjpMj6/E =INkl -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: flac security update Advisory ID: RHSA-2023:5043-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5043 Issue date: 2023-09-11 CVE Names: CVE-2020-22219 ===================================================================== 1. Summary: An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64 3. Description: FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Security Fix(es): * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information,refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder 6. Package List: Red Hat Enterprise Linux AppStream AUS (v. 8.2): Source: flac-1.3.2-9.el8_2.1.src.rpm x86_64: flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_2.1.i686.rpm flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm flac-libs-1.3.2-9.el8_2.1.i686.rpm flac-libs-1.3.2-9.el8_2.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v. 8.2): Source: flac-1.3.2-9.el8_2.1.src.rpm ppc64le: flac-debuginfo-1.3.2-9.el8_2.1.ppc64le.rpm flac-debugsource-1.3.2-9.el8_2.1.ppc64le.rpm flac-libs-1.3.2-9.el8_2.1.ppc64le.rpm flac-libs-debuginfo-1.3.2-9.el8_2.1.ppc64le.rpm x86_64: flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_2.1.i686.rpm flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm flac-libs-1.3.2-9.el8_2.1.i686.rpm flac-libs-1.3.2-9.el8_2.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v. 8.2): Source: flac-1.3.2-9.el8_2.1.src.rpm x86_64: flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm flac-debugsource-1.3.2-9.el8_2.1.i686.rpm flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm flac-libs-1.3.2-9.el8_2.1.i686.rpm flac-libs-1.3.2-9.el8_2.1.x86_64.rpm flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-22219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIbBAEBCAAGBQJk/xFeAAoJENzjgjWX9erEMJgP+Jr3NcfoP3BMbMKMc9vkhaC4 9MU8mqRl5PPKyehjlKbKjKVwfc1bHfwTqkDecioyAvD7LbnMnUHEA+lLdvmNQQXQ 1Ui8GhGsSZf1J7cuM5BKiVAu3PrKUE8XTjJ8r6xxZ9CR0xodBh4xjAG8uo+icZ9F hWVcgcNmQKx8oWc7xStdTF99sQYD12nbjQCYuJLR1gWScOiC9R38uFBTEVQIbqRc 9Y2aa8rQtNbX04LmF2y4WiSvkijCkxodWmCgHWCn6/n+G8jvUsbe5n0LpewEXAB6 HJ42xkQuY7QCnEehqpfiPGU/TEN+IH3wDQgmmjB3F9QbtMVzKfabi8lOhlDYjomZ F3SZVZSsRARAiuOLZQ/qcdhQxjCmPcZjhDanydlDsoCO1R/RDAfEEiAhr9Xs/9Eh RTWNlosQV+pLRPPCvnLVNHtvtjnfFyvN4iOSfxW6QQoIseKB03kMzHGbjJahNAxC NxMfy8d7k4Pt9p/FIei8wBtI3qRXeGwSezqpv5pav4WWYN7v/5yl0eWvixGGCUZ+ SZDtbyXhSlMT+/9Zdjiey0f2ekTSa6tNNw76GCfwjSMLdauODBGm6newh/CmzZMs b0jDyGDjpACfXN6pKfkfPJrtkEMbzJD39qpCqmwUE85CzzIBgijHnmJ3pQIKSbK9 hCb9w8YSGXKwZQxZb5E= =Xzw/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.