Security Advisory Important: flac security update

Advisory: RHSA-2007:0975-3
Type: Security Advisory
Severity: Important
Issued on: 2007-10-22
Last updated on: 2007-10-22
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-4619
CVE-2007-6277

Details

An updated flac package to correct a security issue is now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC
encoder and decoder in library form, a program to encode and decode FLAC
files, a metadata editor for FLAC files and input plugins for various music
players.

A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)

Users of flac are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
flac-1.1.2-28.el5_0.1.src.rpm     3f6524fbf21a606c1ba04c7ff95cf524
 
IA-32:
flac-devel-1.1.2-28.el5_0.1.i386.rpm     75ac6b584c270c533ad453043c9d1fc9
 
x86_64:
flac-devel-1.1.2-28.el5_0.1.i386.rpm     75ac6b584c270c533ad453043c9d1fc9
flac-devel-1.1.2-28.el5_0.1.x86_64.rpm     62e04b284340920f8660d7262f1a4036
 
Red Hat Desktop (v. 4)
SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     7df0c17e386da2dbbc84fcf01f34af53
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
flac-1.1.2-28.el5_0.1.src.rpm     3f6524fbf21a606c1ba04c7ff95cf524
 
IA-32:
flac-1.1.2-28.el5_0.1.i386.rpm     62154211d4bac9b4bc253b3c76f6cccb
flac-devel-1.1.2-28.el5_0.1.i386.rpm     75ac6b584c270c533ad453043c9d1fc9
 
IA-64:
flac-1.1.2-28.el5_0.1.ia64.rpm     fd01db6b4d0945e884cab6e6258d82d2
flac-devel-1.1.2-28.el5_0.1.ia64.rpm     30ad312b0e269d377f350fba71d861be
 
PPC:
flac-1.1.2-28.el5_0.1.ppc.rpm     5b3943171819aa7879796cb622383209
flac-1.1.2-28.el5_0.1.ppc64.rpm     2e8bdcb5d2f178dab798a37b315a3081
flac-devel-1.1.2-28.el5_0.1.ppc.rpm     279c295c7365c4e5ccd333a04c2bb206
flac-devel-1.1.2-28.el5_0.1.ppc64.rpm     e24423a67f8d97857ada252378e3c501
 
s390x:
flac-1.1.2-28.el5_0.1.s390.rpm     fc2b06b6529e0c0ea3aaa5c6bb8f8a60
flac-1.1.2-28.el5_0.1.s390x.rpm     312afc68d82be827607cc4bc9709993c
flac-devel-1.1.2-28.el5_0.1.s390.rpm     89a33fd0e6a5eaa8ed8608731830d06a
flac-devel-1.1.2-28.el5_0.1.s390x.rpm     47551c0d545ee9e7ba19e5659b2e4c6d
 
x86_64:
flac-1.1.2-28.el5_0.1.i386.rpm     62154211d4bac9b4bc253b3c76f6cccb
flac-1.1.2-28.el5_0.1.x86_64.rpm     9b95c3d9efb3abcf828fa1b2e769027b
flac-devel-1.1.2-28.el5_0.1.i386.rpm     75ac6b584c270c533ad453043c9d1fc9
flac-devel-1.1.2-28.el5_0.1.x86_64.rpm     62e04b284340920f8660d7262f1a4036
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     5e630db4510212b2d6f3299aaa5ba520
 
PPC:
flac-1.1.0-7.el4_5.2.ppc.rpm     184b7fafd7a5ed2e2b334d737b9dad90
flac-1.1.0-7.el4_5.2.ppc64.rpm     f78edb2aeb440f8b8640c4fbddf2710b
flac-devel-1.1.0-7.el4_5.2.ppc.rpm     57baef335123034cb0d09c748bc986ce
xmms-flac-1.1.0-7.el4_5.2.ppc.rpm     041129c822241a9f05f48db18dd4444e
 
s390:
flac-1.1.0-7.el4_5.2.s390.rpm     0577eff8b7303a9a311a9ab5821e99c7
flac-devel-1.1.0-7.el4_5.2.s390.rpm     72a11ace1105cc3c4caf0302a573d100
xmms-flac-1.1.0-7.el4_5.2.s390.rpm     83e98de9ed7257deccf64bfeadf9e955
 
s390x:
flac-1.1.0-7.el4_5.2.s390.rpm     0577eff8b7303a9a311a9ab5821e99c7
flac-1.1.0-7.el4_5.2.s390x.rpm     b9f0b84374b5d552728b1d6cb47f0ef8
flac-devel-1.1.0-7.el4_5.2.s390x.rpm     8738d7b7b2c251cef2f791e1cd846483
xmms-flac-1.1.0-7.el4_5.2.s390x.rpm     8ecf0e7c96034cc9742c9b90a6de8258
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux AS (v. 4.5.z)
SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     5e630db4510212b2d6f3299aaa5ba520
 
PPC:
flac-1.1.0-7.el4_5.2.ppc.rpm     184b7fafd7a5ed2e2b334d737b9dad90
flac-1.1.0-7.el4_5.2.ppc64.rpm     f78edb2aeb440f8b8640c4fbddf2710b
flac-devel-1.1.0-7.el4_5.2.ppc.rpm     57baef335123034cb0d09c748bc986ce
xmms-flac-1.1.0-7.el4_5.2.ppc.rpm     041129c822241a9f05f48db18dd4444e
 
s390:
flac-1.1.0-7.el4_5.2.s390.rpm     0577eff8b7303a9a311a9ab5821e99c7
flac-devel-1.1.0-7.el4_5.2.s390.rpm     72a11ace1105cc3c4caf0302a573d100
xmms-flac-1.1.0-7.el4_5.2.s390.rpm     83e98de9ed7257deccf64bfeadf9e955
 
s390x:
flac-1.1.0-7.el4_5.2.s390.rpm     0577eff8b7303a9a311a9ab5821e99c7
flac-1.1.0-7.el4_5.2.s390x.rpm     b9f0b84374b5d552728b1d6cb47f0ef8
flac-devel-1.1.0-7.el4_5.2.s390x.rpm     8738d7b7b2c251cef2f791e1cd846483
xmms-flac-1.1.0-7.el4_5.2.s390x.rpm     8ecf0e7c96034cc9742c9b90a6de8258
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
flac-1.1.2-28.el5_0.1.src.rpm     3f6524fbf21a606c1ba04c7ff95cf524
 
IA-32:
flac-1.1.2-28.el5_0.1.i386.rpm     62154211d4bac9b4bc253b3c76f6cccb
 
x86_64:
flac-1.1.2-28.el5_0.1.i386.rpm     62154211d4bac9b4bc253b3c76f6cccb
flac-1.1.2-28.el5_0.1.x86_64.rpm     9b95c3d9efb3abcf828fa1b2e769027b
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     5e630db4510212b2d6f3299aaa5ba520
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux ES (v. 4.5.z)
SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     5e630db4510212b2d6f3299aaa5ba520
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     5e630db4510212b2d6f3299aaa5ba520
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     984c072a9cabd42dcb7d8485e545f877
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

331991 - CVE-2007-4619 FLAC Integer overflows


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6277
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/