Skip to navigation

Security Advisory Important: flac security update

Advisory: RHSA-2007:0975-3
Type: Security Advisory
Severity: Important
Issued on: 2007-10-22
Last updated on: 2007-10-22
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-4619
CVE-2007-6277

Details

An updated flac package to correct a security issue is now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC
encoder and decoder in library form, a program to encode and decode FLAC
files, a metadata editor for FLAC files and input plugins for various music
players.

A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)

Users of flac are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
flac-1.1.2-28.el5_0.1.src.rpm     MD5: 3f6524fbf21a606c1ba04c7ff95cf524
 
IA-32:
flac-devel-1.1.2-28.el5_0.1.i386.rpm     MD5: 75ac6b584c270c533ad453043c9d1fc9
 
x86_64:
flac-devel-1.1.2-28.el5_0.1.i386.rpm     MD5: 75ac6b584c270c533ad453043c9d1fc9
flac-devel-1.1.2-28.el5_0.1.x86_64.rpm     MD5: 62e04b284340920f8660d7262f1a4036
 
Red Hat Desktop (v. 4)

SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     MD5: d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     MD5: 7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 7df0c17e386da2dbbc84fcf01f34af53
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
flac-1.1.2-28.el5_0.1.src.rpm     MD5: 3f6524fbf21a606c1ba04c7ff95cf524
 
IA-32:
flac-1.1.2-28.el5_0.1.i386.rpm     MD5: 62154211d4bac9b4bc253b3c76f6cccb
flac-devel-1.1.2-28.el5_0.1.i386.rpm     MD5: 75ac6b584c270c533ad453043c9d1fc9
 
IA-64:
flac-1.1.2-28.el5_0.1.ia64.rpm     MD5: fd01db6b4d0945e884cab6e6258d82d2
flac-devel-1.1.2-28.el5_0.1.ia64.rpm     MD5: 30ad312b0e269d377f350fba71d861be
 
PPC:
flac-1.1.2-28.el5_0.1.ppc.rpm     MD5: 5b3943171819aa7879796cb622383209
flac-1.1.2-28.el5_0.1.ppc64.rpm     MD5: 2e8bdcb5d2f178dab798a37b315a3081
flac-devel-1.1.2-28.el5_0.1.ppc.rpm     MD5: 279c295c7365c4e5ccd333a04c2bb206
flac-devel-1.1.2-28.el5_0.1.ppc64.rpm     MD5: e24423a67f8d97857ada252378e3c501
 
s390x:
flac-1.1.2-28.el5_0.1.s390.rpm     MD5: fc2b06b6529e0c0ea3aaa5c6bb8f8a60
flac-1.1.2-28.el5_0.1.s390x.rpm     MD5: 312afc68d82be827607cc4bc9709993c
flac-devel-1.1.2-28.el5_0.1.s390.rpm     MD5: 89a33fd0e6a5eaa8ed8608731830d06a
flac-devel-1.1.2-28.el5_0.1.s390x.rpm     MD5: 47551c0d545ee9e7ba19e5659b2e4c6d
 
x86_64:
flac-1.1.2-28.el5_0.1.i386.rpm     MD5: 62154211d4bac9b4bc253b3c76f6cccb
flac-1.1.2-28.el5_0.1.x86_64.rpm     MD5: 9b95c3d9efb3abcf828fa1b2e769027b
flac-devel-1.1.2-28.el5_0.1.i386.rpm     MD5: 75ac6b584c270c533ad453043c9d1fc9
flac-devel-1.1.2-28.el5_0.1.x86_64.rpm     MD5: 62e04b284340920f8660d7262f1a4036
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     MD5: d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     MD5: 7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     MD5: 9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 5e630db4510212b2d6f3299aaa5ba520
 
PPC:
flac-1.1.0-7.el4_5.2.ppc.rpm     MD5: 184b7fafd7a5ed2e2b334d737b9dad90
flac-1.1.0-7.el4_5.2.ppc64.rpm     MD5: f78edb2aeb440f8b8640c4fbddf2710b
flac-devel-1.1.0-7.el4_5.2.ppc.rpm     MD5: 57baef335123034cb0d09c748bc986ce
xmms-flac-1.1.0-7.el4_5.2.ppc.rpm     MD5: 041129c822241a9f05f48db18dd4444e
 
s390:
flac-1.1.0-7.el4_5.2.s390.rpm     MD5: 0577eff8b7303a9a311a9ab5821e99c7
flac-devel-1.1.0-7.el4_5.2.s390.rpm     MD5: 72a11ace1105cc3c4caf0302a573d100
xmms-flac-1.1.0-7.el4_5.2.s390.rpm     MD5: 83e98de9ed7257deccf64bfeadf9e955
 
s390x:
flac-1.1.0-7.el4_5.2.s390.rpm     MD5: 0577eff8b7303a9a311a9ab5821e99c7
flac-1.1.0-7.el4_5.2.s390x.rpm     MD5: b9f0b84374b5d552728b1d6cb47f0ef8
flac-devel-1.1.0-7.el4_5.2.s390x.rpm     MD5: 8738d7b7b2c251cef2f791e1cd846483
xmms-flac-1.1.0-7.el4_5.2.s390x.rpm     MD5: 8ecf0e7c96034cc9742c9b90a6de8258
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     MD5: d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     MD5: 7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     MD5: 9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 5e630db4510212b2d6f3299aaa5ba520
 
PPC:
flac-1.1.0-7.el4_5.2.ppc.rpm     MD5: 184b7fafd7a5ed2e2b334d737b9dad90
flac-1.1.0-7.el4_5.2.ppc64.rpm     MD5: f78edb2aeb440f8b8640c4fbddf2710b
flac-devel-1.1.0-7.el4_5.2.ppc.rpm     MD5: 57baef335123034cb0d09c748bc986ce
xmms-flac-1.1.0-7.el4_5.2.ppc.rpm     MD5: 041129c822241a9f05f48db18dd4444e
 
s390:
flac-1.1.0-7.el4_5.2.s390.rpm     MD5: 0577eff8b7303a9a311a9ab5821e99c7
flac-devel-1.1.0-7.el4_5.2.s390.rpm     MD5: 72a11ace1105cc3c4caf0302a573d100
xmms-flac-1.1.0-7.el4_5.2.s390.rpm     MD5: 83e98de9ed7257deccf64bfeadf9e955
 
s390x:
flac-1.1.0-7.el4_5.2.s390.rpm     MD5: 0577eff8b7303a9a311a9ab5821e99c7
flac-1.1.0-7.el4_5.2.s390x.rpm     MD5: b9f0b84374b5d552728b1d6cb47f0ef8
flac-devel-1.1.0-7.el4_5.2.s390x.rpm     MD5: 8738d7b7b2c251cef2f791e1cd846483
xmms-flac-1.1.0-7.el4_5.2.s390x.rpm     MD5: 8ecf0e7c96034cc9742c9b90a6de8258
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
flac-1.1.2-28.el5_0.1.src.rpm     MD5: 3f6524fbf21a606c1ba04c7ff95cf524
 
IA-32:
flac-1.1.2-28.el5_0.1.i386.rpm     MD5: 62154211d4bac9b4bc253b3c76f6cccb
 
x86_64:
flac-1.1.2-28.el5_0.1.i386.rpm     MD5: 62154211d4bac9b4bc253b3c76f6cccb
flac-1.1.2-28.el5_0.1.x86_64.rpm     MD5: 9b95c3d9efb3abcf828fa1b2e769027b
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     MD5: d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     MD5: 7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     MD5: 9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 5e630db4510212b2d6f3299aaa5ba520
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     MD5: d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     MD5: 7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     MD5: 9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 5e630db4510212b2d6f3299aaa5ba520
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 984c072a9cabd42dcb7d8485e545f877
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
flac-1.1.0-7.el4_5.2.src.rpm     MD5: d41999413949cbca5a305b76bbf41e2e
 
IA-32:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-devel-1.1.0-7.el4_5.2.i386.rpm     MD5: 7c0a7b05c52c59197f56f98628d9a032
xmms-flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 7df0c17e386da2dbbc84fcf01f34af53
 
IA-64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 436095ccdae7eac5a47e509c73013995
flac-devel-1.1.0-7.el4_5.2.ia64.rpm     MD5: 9815d4a455af8153eabcbd0f73ff171d
xmms-flac-1.1.0-7.el4_5.2.ia64.rpm     MD5: 5e630db4510212b2d6f3299aaa5ba520
 
x86_64:
flac-1.1.0-7.el4_5.2.i386.rpm     MD5: 00e519bcf46effa594ee38c0f5062fd6
flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 2f1b825f091ad02398faa6130ca188b6
flac-devel-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 3c0af7f00f16e7504ae5a8c87a44679e
xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm     MD5: 984c072a9cabd42dcb7d8485e545f877
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

331991 - CVE-2007-4619 FLAC Integer overflows


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/