Headline
RHSA-2022:8078: Red Hat Security Advisory: flac security update
An update for flac is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-0561: flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8078 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: flac security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for flac is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.
Security Fix(es):
- flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c (CVE-2021-0561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2057776 - CVE-2021-0561 flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
flac-1.3.3-10.el9.src.rpm
SHA-256: 038a49c5c7ea095362c39e9505d1b40235fae1fa605e98c34d2fdc4e459c2ce9
x86_64
flac-debuginfo-1.3.3-10.el9.i686.rpm
SHA-256: 9912cdd8b43cfb353dbb006d203b27929f7d1aae98f040d1bc35ba560fd56aa4
flac-debuginfo-1.3.3-10.el9.x86_64.rpm
SHA-256: d73b3ac398644e41263b1a602e5540396b7b6f1f560e03ee8e57c2db6708a67d
flac-debugsource-1.3.3-10.el9.i686.rpm
SHA-256: c50cd986cdcb899484ca047bad15eb3af9fad07bc4afc7dbc61dd3683478a238
flac-debugsource-1.3.3-10.el9.x86_64.rpm
SHA-256: d8447daee750edf8b1cb05928db03d5abba75090e1944994cae91ec09166a89f
flac-libs-1.3.3-10.el9.i686.rpm
SHA-256: 603b0c482144af5ca4f7f52819ed8f1e315244a39479900449e920203e23a1a7
flac-libs-1.3.3-10.el9.x86_64.rpm
SHA-256: 2a8fa380a0fe3ac7ea22e1a7ffa3c9531863784502714930b0af1146a8ec8fa4
flac-libs-debuginfo-1.3.3-10.el9.i686.rpm
SHA-256: 91b20c4b6eb17e8fdec5ad3c15cb131902a892b3ca0236f26c4542eae3045102
flac-libs-debuginfo-1.3.3-10.el9.x86_64.rpm
SHA-256: 022778b79df34c7958fadbf0bd3278f81847694f508072985e2d5e68c419e9c7
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
flac-1.3.3-10.el9.src.rpm
SHA-256: 038a49c5c7ea095362c39e9505d1b40235fae1fa605e98c34d2fdc4e459c2ce9
s390x
flac-debuginfo-1.3.3-10.el9.s390x.rpm
SHA-256: e48b500d8e96246db29ad3c517f4cbe61a4c9de3e7062e8c4cc92e167901e98b
flac-debugsource-1.3.3-10.el9.s390x.rpm
SHA-256: 2c5de6dd5630bc0b3580b72a464d75da296fcf4c95f3c112818b68c0a8af9cf6
flac-libs-1.3.3-10.el9.s390x.rpm
SHA-256: 4821fb6605f87155d614f3f0f945677aaa801da0710d68621dbd8844c54ee79c
flac-libs-debuginfo-1.3.3-10.el9.s390x.rpm
SHA-256: 2151acee0d7cc3d9f522e40ea7221d547a6cf5bc0c716f6c04a41ffda72d0982
Red Hat Enterprise Linux for Power, little endian 9
SRPM
flac-1.3.3-10.el9.src.rpm
SHA-256: 038a49c5c7ea095362c39e9505d1b40235fae1fa605e98c34d2fdc4e459c2ce9
ppc64le
flac-debuginfo-1.3.3-10.el9.ppc64le.rpm
SHA-256: d4cc636d3ff26cd1efda1e9f81e2fa1f6ead8c571ab52fc6faf8325df2f3c568
flac-debugsource-1.3.3-10.el9.ppc64le.rpm
SHA-256: 6fa51e4e313b9e55f211882ccf819eb2c801a4b364c9bea8c7f0e07c054f6ed1
flac-libs-1.3.3-10.el9.ppc64le.rpm
SHA-256: 8d2894fccea21bff16dafe6921452aaaa5224d3b91aaaf43b1cc4bc783641b49
flac-libs-debuginfo-1.3.3-10.el9.ppc64le.rpm
SHA-256: 62d9550c158b4e869ee0227a14f16521da23abde04a9e477ea3014f3219065aa
Red Hat Enterprise Linux for ARM 64 9
SRPM
flac-1.3.3-10.el9.src.rpm
SHA-256: 038a49c5c7ea095362c39e9505d1b40235fae1fa605e98c34d2fdc4e459c2ce9
aarch64
flac-debuginfo-1.3.3-10.el9.aarch64.rpm
SHA-256: d652ebfdb458b42843ed09f2b38602acbc4ec1b483b4c6e135bdcf6f998000ac
flac-debugsource-1.3.3-10.el9.aarch64.rpm
SHA-256: d8c5c182b47a106abf18862de3458469a9274333e24b0b3a6194e69709fe1763
flac-libs-1.3.3-10.el9.aarch64.rpm
SHA-256: e8b6143e183ece54c6ccc50dffce139266b723a984cb64e0fa0fb645d0858178
flac-libs-debuginfo-1.3.3-10.el9.aarch64.rpm
SHA-256: 45686173f99d6724974457e27759e48261d44755f24c9f1f911fbe1ff9525e5c
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
flac-1.3.3-10.el9.x86_64.rpm
SHA-256: 3c599b864e10763321436acf24b3fdc1bc639456efe34fc79c189695526742c0
flac-debuginfo-1.3.3-10.el9.i686.rpm
SHA-256: 9912cdd8b43cfb353dbb006d203b27929f7d1aae98f040d1bc35ba560fd56aa4
flac-debuginfo-1.3.3-10.el9.x86_64.rpm
SHA-256: d73b3ac398644e41263b1a602e5540396b7b6f1f560e03ee8e57c2db6708a67d
flac-debugsource-1.3.3-10.el9.i686.rpm
SHA-256: c50cd986cdcb899484ca047bad15eb3af9fad07bc4afc7dbc61dd3683478a238
flac-debugsource-1.3.3-10.el9.x86_64.rpm
SHA-256: d8447daee750edf8b1cb05928db03d5abba75090e1944994cae91ec09166a89f
flac-devel-1.3.3-10.el9.i686.rpm
SHA-256: 7074b8dcd6d7f6782ff44826d1162305c9b51bfca6fd3c30a7bc4e2bfe38c3a7
flac-devel-1.3.3-10.el9.x86_64.rpm
SHA-256: 0cf7423e09d9e98d6b47613c253892c3b24c737a4f514f502b36bfe7a933384b
flac-libs-debuginfo-1.3.3-10.el9.i686.rpm
SHA-256: 91b20c4b6eb17e8fdec5ad3c15cb131902a892b3ca0236f26c4542eae3045102
flac-libs-debuginfo-1.3.3-10.el9.x86_64.rpm
SHA-256: 022778b79df34c7958fadbf0bd3278f81847694f508072985e2d5e68c419e9c7
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
flac-1.3.3-10.el9.ppc64le.rpm
SHA-256: fc5748c045662b232e29cce72c59c50f20453238078ab9a8a6644414478fc47b
flac-debuginfo-1.3.3-10.el9.ppc64le.rpm
SHA-256: d4cc636d3ff26cd1efda1e9f81e2fa1f6ead8c571ab52fc6faf8325df2f3c568
flac-debugsource-1.3.3-10.el9.ppc64le.rpm
SHA-256: 6fa51e4e313b9e55f211882ccf819eb2c801a4b364c9bea8c7f0e07c054f6ed1
flac-devel-1.3.3-10.el9.ppc64le.rpm
SHA-256: 16a9ba790d3fc857cc13cb91ca323735c98d4e25bc6a08f7cf34379af267384d
flac-libs-debuginfo-1.3.3-10.el9.ppc64le.rpm
SHA-256: 62d9550c158b4e869ee0227a14f16521da23abde04a9e477ea3014f3219065aa
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
flac-1.3.3-10.el9.aarch64.rpm
SHA-256: 02df14674f5f6cb1676ae9a4547f6550358c362fbfa1cff00f2659b9d2fb774c
flac-debuginfo-1.3.3-10.el9.aarch64.rpm
SHA-256: d652ebfdb458b42843ed09f2b38602acbc4ec1b483b4c6e135bdcf6f998000ac
flac-debugsource-1.3.3-10.el9.aarch64.rpm
SHA-256: d8c5c182b47a106abf18862de3458469a9274333e24b0b3a6194e69709fe1763
flac-devel-1.3.3-10.el9.aarch64.rpm
SHA-256: c4ea2d47efac4b64499cdbba7bbb262aef17083957e7b71ab0e90f58c1d4d928
flac-libs-debuginfo-1.3.3-10.el9.aarch64.rpm
SHA-256: 45686173f99d6724974457e27759e48261d44755f24c9f1f911fbe1ff9525e5c
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
flac-1.3.3-10.el9.s390x.rpm
SHA-256: ce961c46a6edbbaff9d85d491c2b1d4c3c1fc64c9929ed57ed34ead0e4a4d688
flac-debuginfo-1.3.3-10.el9.s390x.rpm
SHA-256: e48b500d8e96246db29ad3c517f4cbe61a4c9de3e7062e8c4cc92e167901e98b
flac-debugsource-1.3.3-10.el9.s390x.rpm
SHA-256: 2c5de6dd5630bc0b3580b72a464d75da296fcf4c95f3c112818b68c0a8af9cf6
flac-devel-1.3.3-10.el9.s390x.rpm
SHA-256: 0fab9533996d0850bfaf183d23571194e7c23a4ddf39bc103efbeab2c8bb7feb
flac-libs-debuginfo-1.3.3-10.el9.s390x.rpm
SHA-256: 2151acee0d7cc3d9f522e40ea7221d547a6cf5bc0c716f6c04a41ffda72d0982
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
Ubuntu Security Notice 5733-1 - It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. It was discovered that FLAC was not properly performing bounds checking operations when decoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683