Synopsis: Important: flac security update
Advisory ID: SLSA-2015:0767-1
Issue Date: 2015-04-01
CVE Numbers: CVE-2014-8962
CVE-2014-9028
—
A buffer overflow flaw was found in the way flac decoded FLAC audio files.
An attacker could create a specially crafted FLAC audio file that could
cause an application using the flac library to crash or execute arbitrary
code when the file was read. (CVE-2014-9028)
A buffer over-read flaw was found in the way flac processed certain ID3v2
metadata. An attacker could create a specially crafted FLAC audio file
that could cause an application using the flac library to crash when the
file was read. (CVE-2014-8962)
After installing the update, all applications linked against the flac
library must be restarted for this update to take effect.
—
SL6
x86_64
flac-1.2.1-7.el6_6.i686.rpm
flac-1.2.1-7.el6_6.x86_64.rpm
flac-debuginfo-1.2.1-7.el6_6.i686.rpm
flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm
flac-devel-1.2.1-7.el6_6.i686.rpm
flac-devel-1.2.1-7.el6_6.x86_64.rpm
i386
flac-1.2.1-7.el6_6.i686.rpm
flac-debuginfo-1.2.1-7.el6_6.i686.rpm
flac-devel-1.2.1-7.el6_6.i686.rpm
SL7
x86_64
flac-debuginfo-1.3.0-5.el7_1.i686.rpm
flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm
flac-libs-1.3.0-5.el7_1.i686.rpm
flac-libs-1.3.0-5.el7_1.x86_64.rpm
flac-1.3.0-5.el7_1.x86_64.rpm
flac-devel-1.3.0-5.el7_1.i686.rpm
flac-devel-1.3.0-5.el7_1.x86_64.rpm
– Scientific Linux Development Team
