Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5043: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#rce#aws#buffer_overflow#sap#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-11

Updated:

2023-09-11

RHSA-2023:5043 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: flac security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.

Security Fix(es):

  • flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

flac-1.3.2-9.el8_2.1.src.rpm

SHA-256: 1e9539e36eab4b4b99dac3dbe38171099d161fcb29855cad1e22c05fe2ab1459

x86_64

flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm

SHA-256: a7d089774dc5550163de6117abfde85d0fb4607ddea8133f123d4d8c88cf4475

flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: a8eb591fc570d168ff4ffb48d96b88dd20dd3f692141fbf572b8457ed236823e

flac-debugsource-1.3.2-9.el8_2.1.i686.rpm

SHA-256: d17ab6e4ab1303c0828f9de40ac1807e056d8a112df6a71bb8e3e1399c9e70d4

flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: e06b2442e6bbc48598b79a7028227066b29483740612f2c0f2772c2f2da4a330

flac-libs-1.3.2-9.el8_2.1.i686.rpm

SHA-256: 1b434255b08ff7e707f1f260655ea43d0dcbab4acc5686f9ac68dd791d6e7dbf

flac-libs-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: 788e53f23a13d2c5f4af12a5b85de2839ece19130eef489d6d16bdd430640285

flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm

SHA-256: 59a6683355afa955bdfe5ccad38d31ac7774e2a530d554ca40d6fa61662f5244

flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: 2ecb337161b44e6f15a4e181202e782617480998f5a3336a1fdf764a716007db

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

flac-1.3.2-9.el8_2.1.src.rpm

SHA-256: 1e9539e36eab4b4b99dac3dbe38171099d161fcb29855cad1e22c05fe2ab1459

x86_64

flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm

SHA-256: a7d089774dc5550163de6117abfde85d0fb4607ddea8133f123d4d8c88cf4475

flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: a8eb591fc570d168ff4ffb48d96b88dd20dd3f692141fbf572b8457ed236823e

flac-debugsource-1.3.2-9.el8_2.1.i686.rpm

SHA-256: d17ab6e4ab1303c0828f9de40ac1807e056d8a112df6a71bb8e3e1399c9e70d4

flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: e06b2442e6bbc48598b79a7028227066b29483740612f2c0f2772c2f2da4a330

flac-libs-1.3.2-9.el8_2.1.i686.rpm

SHA-256: 1b434255b08ff7e707f1f260655ea43d0dcbab4acc5686f9ac68dd791d6e7dbf

flac-libs-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: 788e53f23a13d2c5f4af12a5b85de2839ece19130eef489d6d16bdd430640285

flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm

SHA-256: 59a6683355afa955bdfe5ccad38d31ac7774e2a530d554ca40d6fa61662f5244

flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: 2ecb337161b44e6f15a4e181202e782617480998f5a3336a1fdf764a716007db

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

flac-1.3.2-9.el8_2.1.src.rpm

SHA-256: 1e9539e36eab4b4b99dac3dbe38171099d161fcb29855cad1e22c05fe2ab1459

ppc64le

flac-debuginfo-1.3.2-9.el8_2.1.ppc64le.rpm

SHA-256: b552297f25c41c64a8d8c7c573aee97bbc4bfb2f8056dbc573a2f958dd210ee5

flac-debugsource-1.3.2-9.el8_2.1.ppc64le.rpm

SHA-256: 65204417a7a3bf196a4048c2da1b3b8a552edb43ab526fdc164a727b84d35f03

flac-libs-1.3.2-9.el8_2.1.ppc64le.rpm

SHA-256: d322be181172559bdb9c7f83e4e4cef9f7940e075b97efa1367eb5f6c1dc7662

flac-libs-debuginfo-1.3.2-9.el8_2.1.ppc64le.rpm

SHA-256: c35e92199baba9e811205079f5ed950c3b963c05df4f27b5111a34c84e8932b8

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

flac-1.3.2-9.el8_2.1.src.rpm

SHA-256: 1e9539e36eab4b4b99dac3dbe38171099d161fcb29855cad1e22c05fe2ab1459

x86_64

flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm

SHA-256: a7d089774dc5550163de6117abfde85d0fb4607ddea8133f123d4d8c88cf4475

flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: a8eb591fc570d168ff4ffb48d96b88dd20dd3f692141fbf572b8457ed236823e

flac-debugsource-1.3.2-9.el8_2.1.i686.rpm

SHA-256: d17ab6e4ab1303c0828f9de40ac1807e056d8a112df6a71bb8e3e1399c9e70d4

flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: e06b2442e6bbc48598b79a7028227066b29483740612f2c0f2772c2f2da4a330

flac-libs-1.3.2-9.el8_2.1.i686.rpm

SHA-256: 1b434255b08ff7e707f1f260655ea43d0dcbab4acc5686f9ac68dd791d6e7dbf

flac-libs-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: 788e53f23a13d2c5f4af12a5b85de2839ece19130eef489d6d16bdd430640285

flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm

SHA-256: 59a6683355afa955bdfe5ccad38d31ac7774e2a530d554ca40d6fa61662f5244

flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm

SHA-256: 2ecb337161b44e6f15a4e181202e782617480998f5a3336a1fdf764a716007db

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-5155-01

Red Hat Security Advisory 2023-5155-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.13. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5500-1

Debian Linux Security Advisory 5500-1 - A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code.

Red Hat Security Advisory 2023-5044-01

Red Hat Security Advisory 2023-5044-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5046-01

Red Hat Security Advisory 2023-5046-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5047-01

Red Hat Security Advisory 2023-5047-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5045-01

Red Hat Security Advisory 2023-5045-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5042-01

Red Hat Security Advisory 2023-5042-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5043-01

Red Hat Security Advisory 2023-5043-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

RHSA-2023:5046: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

RHSA-2023:5045: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

RHSA-2023:5047: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

RHSA-2023:5044: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run ...

RHSA-2023:5042: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

CVE-2020-22219: wild-addr-write found by fuzz · Issue #215 · xiph/flac

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.