Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0028
flac security update
5 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: flac
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Existing Account
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-0499 CVE-2017-6888
Reference: ESB-2021.0005
ESB-2019.1209
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2514
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2514-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
January 04, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : flac
Version : 1.3.2-2+deb9u1
CVE ID : CVE-2017-6888 CVE-2020-0499
Debian Bug : 897015 977764
Two vulnerabilities were fixed in flac, the library for the
Free Lossless Audio Codec.
CVE-2017-6888
Memory leak via a specially crafted FLAC file
CVE-2020-0499
Out of bounds read due to a heap buffer overflow
For Debian 9 stretch, these problems have been fixed in version
1.3.2-2+deb9u1.
We recommend that you upgrade your flac packages.
For the detailed security status of flac please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flac
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/yvxQACgkQiNJCh6LY
mLHBSQ//cODr3VnDq7p/H/g3KP3F4fzZBEhCGDsz79vklKvlIyod+YsELDoWixM1
Yt7VJRFdoeWL0D2Y6ftEocs6ttiSBnN5FHVDMroQUd+MG98/Cw4QvIWI0ZXvWYIn
5/dI78zNvVcCllpp2DolC9Ozjc0LgCha0o1cja5Pej3ybf5hSMFKdjvZp6L2Y5YO
68jWVoutY07wcTk1/q/AhxTB9RyYn6kpxUzGWNT0quqky93MaUf023R1eHXUsATv
QCiBbfCTBLMRzF9ueSDL5xC9Pvo51ugSoJNKIc/6Vt/g9wKFlshodO38aN3+iEZj
0RdVqqR7BHsc0CPsk4gVIsvmLamFJDuZDw/Cwwl5djWlj2BgGpwGc0aw2fIkG28O
yzNUck4Wwt9Tg261qot3LW29wgeKVryBhi6570XVRJT3HmJmAURib31zOSxr8Hfb
hr1dmXd3uwmXg5cSsTwJ6ICBOJ/GhWCRefei9paRVGaNLsf1i6XRv1HNbcDYJTnH
Vq2DYq3tbgQV7gwuEAo/nzY9AIlFlKgAWdA/BhZ74QV/+x1QKElA39VUBIlXChQe
Oh1w/h07EP9+RISJ8gSsID0tLXIcX7aQADtGHAqKuOJZWbT5FcGZOmufxAkxm+eo
y9GVJIhtHo3eDGxH2eNZO/XHE39kRY5llz6yhU67hPFjEEW5O5U=
=KOLi
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX/O+WONLKJtyKPYoAQg5pBAAqwKJysGPWfSzEQ3N218/dIaO8DJEtaBb
Mx58LizQwjL0BzPE1mGvIuTHhjqBdqcNWe+IMlsPLMIdcL24Re2P0gwwAQaRENaf
JoTQiPPCs/R/mL/cB3lcH3CLRmlY3EAUsCazx75zTd2LkYjbhtrE9dFnroSv1ril
h3l5Wz8pHGjQyiSGx2J9yt3gurts+v/QLAljT7PgR3iq6sCblHcF2PFNj9efznQY
96cGUpM8nTYfc1PpAF3EY2Q3xIoGgi3JfkRysR+igLS7Szvl/H2xAkKjADl0Db0B
VtEcK8ElCoTi8TUql2RuAKTAKS5Im74fj34+Yq5TEB3VM+cDsSVKZzGqThQ78WgC
DgOim6WaOmLbwi5LfwRITfvBnG++FFaaKWjJciRPK1gI2XeuI1ixUhtHGODOkjT6
4t2atTBnV2tHNH5Z1PHKls2puURRFgR6McQElferb6IOfTitYt8m/pKlGOrt/s7h
VU4Q42qTdI93e/ZXgjkkOP+qbDFt7lCY+uAr0r2ct1oE2aRF0Z3uK/pAzrddDNAH
175VE4HqNHh4oDr0QN0IPRv3t17rPeaYeI7Chl8t4vz+rAwNYWitaB0xqwuKXKqE
eMGvgvwhjd/TKpb8PeGrZaR/d3u5UPydBNJWYoI795EquX/qOFCFBvAt/8Xmm16p
NF3ivjtPxWQ=
=31BK
-----END PGP SIGNATURE-----