Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8078: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-0561: flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:8078 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: flac security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for flac is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.

Security Fix(es):

  • flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c (CVE-2021-0561)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2057776 - CVE-2021-0561 flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

flac-1.3.3-10.el9.src.rpm

SHA-256: 038a49c5c7ea095362c39e9505d1b40235fae1fa605e98c34d2fdc4e459c2ce9

x86_64

flac-debuginfo-1.3.3-10.el9.i686.rpm

SHA-256: 9912cdd8b43cfb353dbb006d203b27929f7d1aae98f040d1bc35ba560fd56aa4

flac-debuginfo-1.3.3-10.el9.x86_64.rpm

SHA-256: d73b3ac398644e41263b1a602e5540396b7b6f1f560e03ee8e57c2db6708a67d

flac-debugsource-1.3.3-10.el9.i686.rpm

SHA-256: c50cd986cdcb899484ca047bad15eb3af9fad07bc4afc7dbc61dd3683478a238

flac-debugsource-1.3.3-10.el9.x86_64.rpm

SHA-256: d8447daee750edf8b1cb05928db03d5abba75090e1944994cae91ec09166a89f

flac-libs-1.3.3-10.el9.i686.rpm

SHA-256: 603b0c482144af5ca4f7f52819ed8f1e315244a39479900449e920203e23a1a7

flac-libs-1.3.3-10.el9.x86_64.rpm

SHA-256: 2a8fa380a0fe3ac7ea22e1a7ffa3c9531863784502714930b0af1146a8ec8fa4

flac-libs-debuginfo-1.3.3-10.el9.i686.rpm

SHA-256: 91b20c4b6eb17e8fdec5ad3c15cb131902a892b3ca0236f26c4542eae3045102

flac-libs-debuginfo-1.3.3-10.el9.x86_64.rpm

SHA-256: 022778b79df34c7958fadbf0bd3278f81847694f508072985e2d5e68c419e9c7

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

flac-1.3.3-10.el9.src.rpm

SHA-256: 038a49c5c7ea095362c39e9505d1b40235fae1fa605e98c34d2fdc4e459c2ce9

s390x

flac-debuginfo-1.3.3-10.el9.s390x.rpm

SHA-256: e48b500d8e96246db29ad3c517f4cbe61a4c9de3e7062e8c4cc92e167901e98b

flac-debugsource-1.3.3-10.el9.s390x.rpm

SHA-256: 2c5de6dd5630bc0b3580b72a464d75da296fcf4c95f3c112818b68c0a8af9cf6

flac-libs-1.3.3-10.el9.s390x.rpm

SHA-256: 4821fb6605f87155d614f3f0f945677aaa801da0710d68621dbd8844c54ee79c

flac-libs-debuginfo-1.3.3-10.el9.s390x.rpm

SHA-256: 2151acee0d7cc3d9f522e40ea7221d547a6cf5bc0c716f6c04a41ffda72d0982

Red Hat Enterprise Linux for Power, little endian 9

SRPM

flac-1.3.3-10.el9.src.rpm

SHA-256: 038a49c5c7ea095362c39e9505d1b40235fae1fa605e98c34d2fdc4e459c2ce9

ppc64le

flac-debuginfo-1.3.3-10.el9.ppc64le.rpm

SHA-256: d4cc636d3ff26cd1efda1e9f81e2fa1f6ead8c571ab52fc6faf8325df2f3c568

flac-debugsource-1.3.3-10.el9.ppc64le.rpm

SHA-256: 6fa51e4e313b9e55f211882ccf819eb2c801a4b364c9bea8c7f0e07c054f6ed1

flac-libs-1.3.3-10.el9.ppc64le.rpm

SHA-256: 8d2894fccea21bff16dafe6921452aaaa5224d3b91aaaf43b1cc4bc783641b49

flac-libs-debuginfo-1.3.3-10.el9.ppc64le.rpm

SHA-256: 62d9550c158b4e869ee0227a14f16521da23abde04a9e477ea3014f3219065aa

Red Hat Enterprise Linux for ARM 64 9

SRPM

flac-1.3.3-10.el9.src.rpm

SHA-256: 038a49c5c7ea095362c39e9505d1b40235fae1fa605e98c34d2fdc4e459c2ce9

aarch64

flac-debuginfo-1.3.3-10.el9.aarch64.rpm

SHA-256: d652ebfdb458b42843ed09f2b38602acbc4ec1b483b4c6e135bdcf6f998000ac

flac-debugsource-1.3.3-10.el9.aarch64.rpm

SHA-256: d8c5c182b47a106abf18862de3458469a9274333e24b0b3a6194e69709fe1763

flac-libs-1.3.3-10.el9.aarch64.rpm

SHA-256: e8b6143e183ece54c6ccc50dffce139266b723a984cb64e0fa0fb645d0858178

flac-libs-debuginfo-1.3.3-10.el9.aarch64.rpm

SHA-256: 45686173f99d6724974457e27759e48261d44755f24c9f1f911fbe1ff9525e5c

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

flac-1.3.3-10.el9.x86_64.rpm

SHA-256: 3c599b864e10763321436acf24b3fdc1bc639456efe34fc79c189695526742c0

flac-debuginfo-1.3.3-10.el9.i686.rpm

SHA-256: 9912cdd8b43cfb353dbb006d203b27929f7d1aae98f040d1bc35ba560fd56aa4

flac-debuginfo-1.3.3-10.el9.x86_64.rpm

SHA-256: d73b3ac398644e41263b1a602e5540396b7b6f1f560e03ee8e57c2db6708a67d

flac-debugsource-1.3.3-10.el9.i686.rpm

SHA-256: c50cd986cdcb899484ca047bad15eb3af9fad07bc4afc7dbc61dd3683478a238

flac-debugsource-1.3.3-10.el9.x86_64.rpm

SHA-256: d8447daee750edf8b1cb05928db03d5abba75090e1944994cae91ec09166a89f

flac-devel-1.3.3-10.el9.i686.rpm

SHA-256: 7074b8dcd6d7f6782ff44826d1162305c9b51bfca6fd3c30a7bc4e2bfe38c3a7

flac-devel-1.3.3-10.el9.x86_64.rpm

SHA-256: 0cf7423e09d9e98d6b47613c253892c3b24c737a4f514f502b36bfe7a933384b

flac-libs-debuginfo-1.3.3-10.el9.i686.rpm

SHA-256: 91b20c4b6eb17e8fdec5ad3c15cb131902a892b3ca0236f26c4542eae3045102

flac-libs-debuginfo-1.3.3-10.el9.x86_64.rpm

SHA-256: 022778b79df34c7958fadbf0bd3278f81847694f508072985e2d5e68c419e9c7

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

flac-1.3.3-10.el9.ppc64le.rpm

SHA-256: fc5748c045662b232e29cce72c59c50f20453238078ab9a8a6644414478fc47b

flac-debuginfo-1.3.3-10.el9.ppc64le.rpm

SHA-256: d4cc636d3ff26cd1efda1e9f81e2fa1f6ead8c571ab52fc6faf8325df2f3c568

flac-debugsource-1.3.3-10.el9.ppc64le.rpm

SHA-256: 6fa51e4e313b9e55f211882ccf819eb2c801a4b364c9bea8c7f0e07c054f6ed1

flac-devel-1.3.3-10.el9.ppc64le.rpm

SHA-256: 16a9ba790d3fc857cc13cb91ca323735c98d4e25bc6a08f7cf34379af267384d

flac-libs-debuginfo-1.3.3-10.el9.ppc64le.rpm

SHA-256: 62d9550c158b4e869ee0227a14f16521da23abde04a9e477ea3014f3219065aa

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

flac-1.3.3-10.el9.aarch64.rpm

SHA-256: 02df14674f5f6cb1676ae9a4547f6550358c362fbfa1cff00f2659b9d2fb774c

flac-debuginfo-1.3.3-10.el9.aarch64.rpm

SHA-256: d652ebfdb458b42843ed09f2b38602acbc4ec1b483b4c6e135bdcf6f998000ac

flac-debugsource-1.3.3-10.el9.aarch64.rpm

SHA-256: d8c5c182b47a106abf18862de3458469a9274333e24b0b3a6194e69709fe1763

flac-devel-1.3.3-10.el9.aarch64.rpm

SHA-256: c4ea2d47efac4b64499cdbba7bbb262aef17083957e7b71ab0e90f58c1d4d928

flac-libs-debuginfo-1.3.3-10.el9.aarch64.rpm

SHA-256: 45686173f99d6724974457e27759e48261d44755f24c9f1f911fbe1ff9525e5c

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

flac-1.3.3-10.el9.s390x.rpm

SHA-256: ce961c46a6edbbaff9d85d491c2b1d4c3c1fc64c9929ed57ed34ead0e4a4d688

flac-debuginfo-1.3.3-10.el9.s390x.rpm

SHA-256: e48b500d8e96246db29ad3c517f4cbe61a4c9de3e7062e8c4cc92e167901e98b

flac-debugsource-1.3.3-10.el9.s390x.rpm

SHA-256: 2c5de6dd5630bc0b3580b72a464d75da296fcf4c95f3c112818b68c0a8af9cf6

flac-devel-1.3.3-10.el9.s390x.rpm

SHA-256: 0fab9533996d0850bfaf183d23571194e7c23a4ddf39bc103efbeab2c8bb7feb

flac-libs-debuginfo-1.3.3-10.el9.s390x.rpm

SHA-256: 2151acee0d7cc3d9f522e40ea7221d547a6cf5bc0c716f6c04a41ffda72d0982

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-29838: WDC-22019 My Cloud Firmware Version 5.25.124 | Western Digital

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

Ubuntu Security Notice USN-5733-1

Ubuntu Security Notice 5733-1 - It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. It was discovered that FLAC was not properly performing bounds checking operations when decoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

CVE-2021-0561: Pixel Update Bulletin—June 2021  |  Android Open Source Project

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683