RHSA-2007:0975-02 Important: flac security update
Posted on: 10/22/2007 08:05 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: flac security update
Advisory ID: RHSA-2007:0975-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0975.html
Issue date: 2007-10-22
Updated on: 2007-10-22
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-4619
- ---------------------------------------------------------------------

1. Summary:

An updated flac package to correct a security issue is now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC
encoder and decoder in library form, a program to encode and decode FLAC
files, a metadata editor for FLAC files and input plugins for various music
players.

A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)

Users of flac are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

331991 - CVE-2007-4619 FLAC Integer overflows

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/flac-1.1.0-7.el4_5.2.src.rpm
d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm

i386:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm
7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm

ia64:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm
9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm
5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm

ppc:
184b7fafd7a5ed2e2b334d737b9dad90 flac-1.1.0-7.el4_5.2.ppc.rpm
f78edb2aeb440f8b8640c4fbddf2710b flac-1.1.0-7.el4_5.2.ppc64.rpm
9276d16e87e9e550d83ce782db34c52e flac-debuginfo-1.1.0-7.el4_5.2.ppc.rpm
27f02a41c8f78e6ca4c6057484a3fc28 flac-debuginfo-1.1.0-7.el4_5.2.ppc64.rpm
57baef335123034cb0d09c748bc986ce flac-devel-1.1.0-7.el4_5.2.ppc.rpm
041129c822241a9f05f48db18dd4444e xmms-flac-1.1.0-7.el4_5.2.ppc.rpm

s390:
0577eff8b7303a9a311a9ab5821e99c7 flac-1.1.0-7.el4_5.2.s390.rpm
80bae29006433c509abd79056455d2b5 flac-debuginfo-1.1.0-7.el4_5.2.s390.rpm
72a11ace1105cc3c4caf0302a573d100 flac-devel-1.1.0-7.el4_5.2.s390.rpm
83e98de9ed7257deccf64bfeadf9e955 xmms-flac-1.1.0-7.el4_5.2.s390.rpm

s390x:
0577eff8b7303a9a311a9ab5821e99c7 flac-1.1.0-7.el4_5.2.s390.rpm
b9f0b84374b5d552728b1d6cb47f0ef8 flac-1.1.0-7.el4_5.2.s390x.rpm
80bae29006433c509abd79056455d2b5 flac-debuginfo-1.1.0-7.el4_5.2.s390.rpm
7d6031748d452b7259a60fa0af21d4bf flac-debuginfo-1.1.0-7.el4_5.2.s390x.rpm
8738d7b7b2c251cef2f791e1cd846483 flac-devel-1.1.0-7.el4_5.2.s390x.rpm
8ecf0e7c96034cc9742c9b90a6de8258 xmms-flac-1.1.0-7.el4_5.2.s390x.rpm

x86_64:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm
3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm
984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/flac-1.1.0-7.el4_5.2.src.rpm
d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm

i386:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm
7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm

x86_64:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm
3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm
984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/flac-1.1.0-7.el4_5.2.src.rpm
d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm

i386:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm
7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm

ia64:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm
9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm
5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm

x86_64:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm
3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm
984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/flac-1.1.0-7.el4_5.2.src.rpm
d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm

i386:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm
7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm

ia64:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm
9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm
5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm

x86_64:
00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm
2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm
d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm
9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm
3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm
984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/flac-1.1.2-28.el5_0.1.src.rpm
3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm

i386:
62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm
0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm

x86_64:
62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm
9b95c3d9efb3abcf828fa1b2e769027b flac-1.1.2-28.el5_0.1.x86_64.rpm
0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm
153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/flac-1.1.2-28.el5_0.1.src.rpm
3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm

i386:
0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm
75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm

x86_64:
0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm
153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm
75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm
62e04b284340920f8660d7262f1a4036 flac-devel-1.1.2-28.el5_0.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/flac-1.1.2-28.el5_0.1.src.rpm
3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm

i386:
62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm
0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm
75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm

ia64:
fd01db6b4d0945e884cab6e6258d82d2 flac-1.1.2-28.el5_0.1.ia64.rpm
e82680450bf807e4b5b4cc71ce72e2b8 flac-debuginfo-1.1.2-28.el5_0.1.ia64.rpm
30ad312b0e269d377f350fba71d861be flac-devel-1.1.2-28.el5_0.1.ia64.rpm

ppc:
5b3943171819aa7879796cb622383209 flac-1.1.2-28.el5_0.1.ppc.rpm
2e8bdcb5d2f178dab798a37b315a3081 flac-1.1.2-28.el5_0.1.ppc64.rpm
8fc3a5070be7271696e28b9836dd84db flac-debuginfo-1.1.2-28.el5_0.1.ppc.rpm
03997f954c1f2fb1baeb6ce76016441a flac-debuginfo-1.1.2-28.el5_0.1.ppc64.rpm
279c295c7365c4e5ccd333a04c2bb206 flac-devel-1.1.2-28.el5_0.1.ppc.rpm
e24423a67f8d97857ada252378e3c501 flac-devel-1.1.2-28.el5_0.1.ppc64.rpm

s390x:
fc2b06b6529e0c0ea3aaa5c6bb8f8a60 flac-1.1.2-28.el5_0.1.s390.rpm
312afc68d82be827607cc4bc9709993c flac-1.1.2-28.el5_0.1.s390x.rpm
c7c60e89d26de29498b0afc2457418f7 flac-debuginfo-1.1.2-28.el5_0.1.s390.rpm
161d8f9a624f1898fe583e4a360f6bbe flac-debuginfo-1.1.2-28.el5_0.1.s390x.rpm
89a33fd0e6a5eaa8ed8608731830d06a flac-devel-1.1.2-28.el5_0.1.s390.rpm
47551c0d545ee9e7ba19e5659b2e4c6d flac-devel-1.1.2-28.el5_0.1.s390x.rpm

x86_64:
62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm
9b95c3d9efb3abcf828fa1b2e769027b flac-1.1.2-28.el5_0.1.x86_64.rpm
0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm
153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm
75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm
62e04b284340920f8660d7262f1a4036 flac-devel-1.1.2-28.el5_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHHMaLXlSAg2UNWIIRAsv9AJ92kKFR1oO3HvLU48yy345oSzux8ACgqpBp
2LoPfiGhja1pQYAgNNfs1ps=
=dzcs
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070975_02_important_flac_security_update.html)