Headline
RHSA-2023:5043: Red Hat Security Advisory: flac security update
An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-11
Updated:
2023-09-11
RHSA-2023:5043 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: flac security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.
Security Fix(es):
- flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
flac-1.3.2-9.el8_2.1.src.rpm
SHA-256: 1e9539e36eab4b4b99dac3dbe38171099d161fcb29855cad1e22c05fe2ab1459
x86_64
flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm
SHA-256: a7d089774dc5550163de6117abfde85d0fb4607ddea8133f123d4d8c88cf4475
flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: a8eb591fc570d168ff4ffb48d96b88dd20dd3f692141fbf572b8457ed236823e
flac-debugsource-1.3.2-9.el8_2.1.i686.rpm
SHA-256: d17ab6e4ab1303c0828f9de40ac1807e056d8a112df6a71bb8e3e1399c9e70d4
flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: e06b2442e6bbc48598b79a7028227066b29483740612f2c0f2772c2f2da4a330
flac-libs-1.3.2-9.el8_2.1.i686.rpm
SHA-256: 1b434255b08ff7e707f1f260655ea43d0dcbab4acc5686f9ac68dd791d6e7dbf
flac-libs-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: 788e53f23a13d2c5f4af12a5b85de2839ece19130eef489d6d16bdd430640285
flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm
SHA-256: 59a6683355afa955bdfe5ccad38d31ac7774e2a530d554ca40d6fa61662f5244
flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: 2ecb337161b44e6f15a4e181202e782617480998f5a3336a1fdf764a716007db
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
flac-1.3.2-9.el8_2.1.src.rpm
SHA-256: 1e9539e36eab4b4b99dac3dbe38171099d161fcb29855cad1e22c05fe2ab1459
x86_64
flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm
SHA-256: a7d089774dc5550163de6117abfde85d0fb4607ddea8133f123d4d8c88cf4475
flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: a8eb591fc570d168ff4ffb48d96b88dd20dd3f692141fbf572b8457ed236823e
flac-debugsource-1.3.2-9.el8_2.1.i686.rpm
SHA-256: d17ab6e4ab1303c0828f9de40ac1807e056d8a112df6a71bb8e3e1399c9e70d4
flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: e06b2442e6bbc48598b79a7028227066b29483740612f2c0f2772c2f2da4a330
flac-libs-1.3.2-9.el8_2.1.i686.rpm
SHA-256: 1b434255b08ff7e707f1f260655ea43d0dcbab4acc5686f9ac68dd791d6e7dbf
flac-libs-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: 788e53f23a13d2c5f4af12a5b85de2839ece19130eef489d6d16bdd430640285
flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm
SHA-256: 59a6683355afa955bdfe5ccad38d31ac7774e2a530d554ca40d6fa61662f5244
flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: 2ecb337161b44e6f15a4e181202e782617480998f5a3336a1fdf764a716007db
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
flac-1.3.2-9.el8_2.1.src.rpm
SHA-256: 1e9539e36eab4b4b99dac3dbe38171099d161fcb29855cad1e22c05fe2ab1459
ppc64le
flac-debuginfo-1.3.2-9.el8_2.1.ppc64le.rpm
SHA-256: b552297f25c41c64a8d8c7c573aee97bbc4bfb2f8056dbc573a2f958dd210ee5
flac-debugsource-1.3.2-9.el8_2.1.ppc64le.rpm
SHA-256: 65204417a7a3bf196a4048c2da1b3b8a552edb43ab526fdc164a727b84d35f03
flac-libs-1.3.2-9.el8_2.1.ppc64le.rpm
SHA-256: d322be181172559bdb9c7f83e4e4cef9f7940e075b97efa1367eb5f6c1dc7662
flac-libs-debuginfo-1.3.2-9.el8_2.1.ppc64le.rpm
SHA-256: c35e92199baba9e811205079f5ed950c3b963c05df4f27b5111a34c84e8932b8
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
flac-1.3.2-9.el8_2.1.src.rpm
SHA-256: 1e9539e36eab4b4b99dac3dbe38171099d161fcb29855cad1e22c05fe2ab1459
x86_64
flac-debuginfo-1.3.2-9.el8_2.1.i686.rpm
SHA-256: a7d089774dc5550163de6117abfde85d0fb4607ddea8133f123d4d8c88cf4475
flac-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: a8eb591fc570d168ff4ffb48d96b88dd20dd3f692141fbf572b8457ed236823e
flac-debugsource-1.3.2-9.el8_2.1.i686.rpm
SHA-256: d17ab6e4ab1303c0828f9de40ac1807e056d8a112df6a71bb8e3e1399c9e70d4
flac-debugsource-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: e06b2442e6bbc48598b79a7028227066b29483740612f2c0f2772c2f2da4a330
flac-libs-1.3.2-9.el8_2.1.i686.rpm
SHA-256: 1b434255b08ff7e707f1f260655ea43d0dcbab4acc5686f9ac68dd791d6e7dbf
flac-libs-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: 788e53f23a13d2c5f4af12a5b85de2839ece19130eef489d6d16bdd430640285
flac-libs-debuginfo-1.3.2-9.el8_2.1.i686.rpm
SHA-256: 59a6683355afa955bdfe5ccad38d31ac7774e2a530d554ca40d6fa61662f5244
flac-libs-debuginfo-1.3.2-9.el8_2.1.x86_64.rpm
SHA-256: 2ecb337161b44e6f15a4e181202e782617480998f5a3336a1fdf764a716007db
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-5155-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.13. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5500-1 - A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code.
Red Hat Security Advisory 2023-5044-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5046-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5047-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5045-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5042-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5043-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
An update for flac is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
An update for flac is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
An update for flac is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run ...
An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.