Headline
RHSA-2023:5044: Red Hat Security Advisory: flac security update
An update for flac is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-11
Updated:
2023-09-11
RHSA-2023:5044 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: flac security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for flac is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.
Security Fix(es):
- flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
flac-1.3.2-9.el8_4.1.src.rpm
SHA-256: 36020c499f123d48b1cd8a8b0dc7c47cdef63acb97f22fc0b2129a6967a17345
x86_64
flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm
SHA-256: ebb4cdbc4c08256ae20b60e9c4da3b5f98c2dfaa05b8c14d84b6ae74eef4f030
flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: 87d838180e6194236f0cf3f8b8be51d37ace1a3b633bf88793f2040ea0c31761
flac-debugsource-1.3.2-9.el8_4.1.i686.rpm
SHA-256: d2989a84d7b6b086508e689ca786370753a1cb75f1fa5ff0cf9aa1a17cbc4994
flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: b93b4b1d65c0657f2f40e9c182ac5ef0f2366ae188abb6ef2b05c7dc3eca5987
flac-libs-1.3.2-9.el8_4.1.i686.rpm
SHA-256: 249dad97ad611031a8dabd1c69c696b988a9658b541955beaf3e534c6c33a057
flac-libs-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: cb1aec6ceafa6307ec6b7ae7fbd3f6f1763b092d107b6ca21316ffa5beddc0ec
flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm
SHA-256: dbe450bd0f00581845487429072982a3b37e4b923b89aa877610adf49c565ec0
flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: ca8f6b3da14fa757366ea94c0eed33e5052d4a0ef21a8b146ded5323e4752148
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
flac-1.3.2-9.el8_4.1.src.rpm
SHA-256: 36020c499f123d48b1cd8a8b0dc7c47cdef63acb97f22fc0b2129a6967a17345
x86_64
flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm
SHA-256: ebb4cdbc4c08256ae20b60e9c4da3b5f98c2dfaa05b8c14d84b6ae74eef4f030
flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: 87d838180e6194236f0cf3f8b8be51d37ace1a3b633bf88793f2040ea0c31761
flac-debugsource-1.3.2-9.el8_4.1.i686.rpm
SHA-256: d2989a84d7b6b086508e689ca786370753a1cb75f1fa5ff0cf9aa1a17cbc4994
flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: b93b4b1d65c0657f2f40e9c182ac5ef0f2366ae188abb6ef2b05c7dc3eca5987
flac-libs-1.3.2-9.el8_4.1.i686.rpm
SHA-256: 249dad97ad611031a8dabd1c69c696b988a9658b541955beaf3e534c6c33a057
flac-libs-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: cb1aec6ceafa6307ec6b7ae7fbd3f6f1763b092d107b6ca21316ffa5beddc0ec
flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm
SHA-256: dbe450bd0f00581845487429072982a3b37e4b923b89aa877610adf49c565ec0
flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: ca8f6b3da14fa757366ea94c0eed33e5052d4a0ef21a8b146ded5323e4752148
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
flac-1.3.2-9.el8_4.1.src.rpm
SHA-256: 36020c499f123d48b1cd8a8b0dc7c47cdef63acb97f22fc0b2129a6967a17345
ppc64le
flac-debuginfo-1.3.2-9.el8_4.1.ppc64le.rpm
SHA-256: 5e7c3b43c2d4dc34d035f1e776b5f5249b035595b105a8fd96c85f8144243aac
flac-debugsource-1.3.2-9.el8_4.1.ppc64le.rpm
SHA-256: f4b99f0156a4a206192ea20a1d81ff31362aa92b3de1c8e8a700c18e5600943d
flac-libs-1.3.2-9.el8_4.1.ppc64le.rpm
SHA-256: 8bf2b5b4c92fdef6d4b89bd7855e0a76e48b54005efd7461d504e2e1126ea110
flac-libs-debuginfo-1.3.2-9.el8_4.1.ppc64le.rpm
SHA-256: 4720754f53c3c809357faf0fee2d761a10675dd7a79a794b75abd1edf080cc2a
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
flac-1.3.2-9.el8_4.1.src.rpm
SHA-256: 36020c499f123d48b1cd8a8b0dc7c47cdef63acb97f22fc0b2129a6967a17345
x86_64
flac-debuginfo-1.3.2-9.el8_4.1.i686.rpm
SHA-256: ebb4cdbc4c08256ae20b60e9c4da3b5f98c2dfaa05b8c14d84b6ae74eef4f030
flac-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: 87d838180e6194236f0cf3f8b8be51d37ace1a3b633bf88793f2040ea0c31761
flac-debugsource-1.3.2-9.el8_4.1.i686.rpm
SHA-256: d2989a84d7b6b086508e689ca786370753a1cb75f1fa5ff0cf9aa1a17cbc4994
flac-debugsource-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: b93b4b1d65c0657f2f40e9c182ac5ef0f2366ae188abb6ef2b05c7dc3eca5987
flac-libs-1.3.2-9.el8_4.1.i686.rpm
SHA-256: 249dad97ad611031a8dabd1c69c696b988a9658b541955beaf3e534c6c33a057
flac-libs-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: cb1aec6ceafa6307ec6b7ae7fbd3f6f1763b092d107b6ca21316ffa5beddc0ec
flac-libs-debuginfo-1.3.2-9.el8_4.1.i686.rpm
SHA-256: dbe450bd0f00581845487429072982a3b37e4b923b89aa877610adf49c565ec0
flac-libs-debuginfo-1.3.2-9.el8_4.1.x86_64.rpm
SHA-256: ca8f6b3da14fa757366ea94c0eed33e5052d4a0ef21a8b146ded5323e4752148
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Debian Linux Security Advisory 5500-1 - A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code.
Ubuntu Security Notice 6360-1 - It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-5044-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5046-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5048-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5042-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5043-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
An update for flac is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code vi...
An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.