Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5044: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#rce#aws#buffer_overflow#sap#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-11

Updated:

2023-09-11

RHSA-2023:5044 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: flac security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for flac is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.

Security Fix(es):

  • flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

flac-1.3.2-9.el8_4.1.src.rpm

SHA-256: 36020c499f123d48b1cd8a8b0dc7c47cdef63acb97f22fc0b2129a6967a17345

x86_64

flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm

SHA-256: ebb4cdbc4c08256ae20b60e9c4da3b5f98c2dfaa05b8c14d84b6ae74eef4f030

flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: 87d838180e6194236f0cf3f8b8be51d37ace1a3b633bf88793f2040ea0c31761

flac-debugsource-1.3.2-9.el8_4.1.i686.rpm

SHA-256: d2989a84d7b6b086508e689ca786370753a1cb75f1fa5ff0cf9aa1a17cbc4994

flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: b93b4b1d65c0657f2f40e9c182ac5ef0f2366ae188abb6ef2b05c7dc3eca5987

flac-libs-1.3.2-9.el8_4.1.i686.rpm

SHA-256: 249dad97ad611031a8dabd1c69c696b988a9658b541955beaf3e534c6c33a057

flac-libs-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: cb1aec6ceafa6307ec6b7ae7fbd3f6f1763b092d107b6ca21316ffa5beddc0ec

flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm

SHA-256: dbe450bd0f00581845487429072982a3b37e4b923b89aa877610adf49c565ec0

flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: ca8f6b3da14fa757366ea94c0eed33e5052d4a0ef21a8b146ded5323e4752148

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

flac-1.3.2-9.el8_4.1.src.rpm

SHA-256: 36020c499f123d48b1cd8a8b0dc7c47cdef63acb97f22fc0b2129a6967a17345

x86_64

flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm

SHA-256: ebb4cdbc4c08256ae20b60e9c4da3b5f98c2dfaa05b8c14d84b6ae74eef4f030

flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: 87d838180e6194236f0cf3f8b8be51d37ace1a3b633bf88793f2040ea0c31761

flac-debugsource-1.3.2-9.el8_4.1.i686.rpm

SHA-256: d2989a84d7b6b086508e689ca786370753a1cb75f1fa5ff0cf9aa1a17cbc4994

flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: b93b4b1d65c0657f2f40e9c182ac5ef0f2366ae188abb6ef2b05c7dc3eca5987

flac-libs-1.3.2-9.el8_4.1.i686.rpm

SHA-256: 249dad97ad611031a8dabd1c69c696b988a9658b541955beaf3e534c6c33a057

flac-libs-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: cb1aec6ceafa6307ec6b7ae7fbd3f6f1763b092d107b6ca21316ffa5beddc0ec

flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm

SHA-256: dbe450bd0f00581845487429072982a3b37e4b923b89aa877610adf49c565ec0

flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: ca8f6b3da14fa757366ea94c0eed33e5052d4a0ef21a8b146ded5323e4752148

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

flac-1.3.2-9.el8_4.1.src.rpm

SHA-256: 36020c499f123d48b1cd8a8b0dc7c47cdef63acb97f22fc0b2129a6967a17345

ppc64le

flac-debuginfo-1.3.2-9.el8_4.1.ppc64le.rpm

SHA-256: 5e7c3b43c2d4dc34d035f1e776b5f5249b035595b105a8fd96c85f8144243aac

flac-debugsource-1.3.2-9.el8_4.1.ppc64le.rpm

SHA-256: f4b99f0156a4a206192ea20a1d81ff31362aa92b3de1c8e8a700c18e5600943d

flac-libs-1.3.2-9.el8_4.1.ppc64le.rpm

SHA-256: 8bf2b5b4c92fdef6d4b89bd7855e0a76e48b54005efd7461d504e2e1126ea110

flac-libs-debuginfo-1.3.2-9.el8_4.1.ppc64le.rpm

SHA-256: 4720754f53c3c809357faf0fee2d761a10675dd7a79a794b75abd1edf080cc2a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

flac-1.3.2-9.el8_4.1.src.rpm

SHA-256: 36020c499f123d48b1cd8a8b0dc7c47cdef63acb97f22fc0b2129a6967a17345

x86_64

flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm

SHA-256: ebb4cdbc4c08256ae20b60e9c4da3b5f98c2dfaa05b8c14d84b6ae74eef4f030

flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: 87d838180e6194236f0cf3f8b8be51d37ace1a3b633bf88793f2040ea0c31761

flac-debugsource-1.3.2-9.el8_4.1.i686.rpm

SHA-256: d2989a84d7b6b086508e689ca786370753a1cb75f1fa5ff0cf9aa1a17cbc4994

flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: b93b4b1d65c0657f2f40e9c182ac5ef0f2366ae188abb6ef2b05c7dc3eca5987

flac-libs-1.3.2-9.el8_4.1.i686.rpm

SHA-256: 249dad97ad611031a8dabd1c69c696b988a9658b541955beaf3e534c6c33a057

flac-libs-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: cb1aec6ceafa6307ec6b7ae7fbd3f6f1763b092d107b6ca21316ffa5beddc0ec

flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm

SHA-256: dbe450bd0f00581845487429072982a3b37e4b923b89aa877610adf49c565ec0

flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm

SHA-256: ca8f6b3da14fa757366ea94c0eed33e5052d4a0ef21a8b146ded5323e4752148

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Debian Security Advisory 5500-1

Debian Linux Security Advisory 5500-1 - A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code.

Ubuntu Security Notice USN-6360-1

Ubuntu Security Notice 6360-1 - It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-5044-01

Red Hat Security Advisory 2023-5044-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5046-01

Red Hat Security Advisory 2023-5046-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5048-01

Red Hat Security Advisory 2023-5048-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5042-01

Red Hat Security Advisory 2023-5042-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5043-01

Red Hat Security Advisory 2023-5043-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

RHSA-2023:5046: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

RHSA-2023:5045: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

RHSA-2023:5043: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code vi...

RHSA-2023:5042: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

CVE-2020-22219: wild-addr-write found by fuzz · Issue #215 · xiph/flac

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.