[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 99-1] flac security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : flac
Version        : 1.2.1-2+deb6u1
CVE ID         : CVE-2014-8962 CVE-2014-9028

Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of
Red Hat, discovered two issues in flac, a library handling Free
Lossless Audio Codec media: by providing a specially crafted FLAC
file, an attacker could execute arbitrary code.

CVE-2014-8962

     heap-based buffer overflow in stream_decoder.c, allowing
     remote attackers to execute arbitrary code via a specially
     crafted .flac file.


CVE-2014-9028

     stack-based buffer overflow in stream_decoder.c, allowing
     remote attackers to execute arbitrary code via a specially
     crafted .flac file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUgf8PXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH9IEP/iHYKvkyq6ndgFycgNltEdKI
8T474BF0iE+Ex7ey6mWv3mx3JyUKVJOnHsSyTSX/mJpL1UYheNqJ21T29WoE5ytm
0ZOoqQNZBDdIiNaq6C3CwYKAYi0n8KcuZDrVysl/Tcgjea2MyUQ42WUShC/JHuQp
gamCkOFSrbDvj33qmFmjo1bibAmjr5XT1048AESupNLm+5TeklDLp+h19hOChSTc
VcoYefLIYyRABBABdCkOepDMX7E3Vnq6e+EaKwADQILRFYlFEJMI8HQIyAwes9Mw
aRhJDuD83THrhHneJsFU3I51xyuf33tsv8IUzVjp169+2HIyAHHoh+rbPcSZcFRv
5m4i9fF+vHeAMeQgal1YPTXJSiAM+ipImwrJCbnsXO8f+jSwxI1uUPSZcj+Dk6XS
tb8gxHZhvgEz9DxYPUuBhtKb5W527uJ8qRK0NtpW+3A05ZLPRwSbR6mIxC7HHORu
6JzUBkn+FqiaG1hN0EYY7kJsBp74OfSfzbuNDtA9MnyTj2zrvnmRFggWXBVS7J0T
NSEOTTShsq4xKOlk6d+f2wBFup+x61iG1/kkqBcjZ2r6IuiwY5WOUukXVylRVHpQ
WfvIqntx5ASolnj6F5bcTrJgGmsnXqnyLinZbmeCRFtBM6+bNmsNxqRXiFXej6+G
PWHe90Fo+HkBwoVwX/8d
=gXV4
-----END PGP SIGNATURE-----


Reply to: