Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0028 flac security update 5 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: flac Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Existing Account Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-0499 CVE-2017-6888 Reference: ESB-2021.0005 ESB-2019.1209 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2514 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2514-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk January 04, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : flac Version : 1.3.2-2+deb9u1 CVE ID : CVE-2017-6888 CVE-2020-0499 Debian Bug : 897015 977764 Two vulnerabilities were fixed in flac, the library for the Free Lossless Audio Codec. CVE-2017-6888 Memory leak via a specially crafted FLAC file CVE-2020-0499 Out of bounds read due to a heap buffer overflow For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u1. We recommend that you upgrade your flac packages. For the detailed security status of flac please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flac Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/yvxQACgkQiNJCh6LY mLHBSQ//cODr3VnDq7p/H/g3KP3F4fzZBEhCGDsz79vklKvlIyod+YsELDoWixM1 Yt7VJRFdoeWL0D2Y6ftEocs6ttiSBnN5FHVDMroQUd+MG98/Cw4QvIWI0ZXvWYIn 5/dI78zNvVcCllpp2DolC9Ozjc0LgCha0o1cja5Pej3ybf5hSMFKdjvZp6L2Y5YO 68jWVoutY07wcTk1/q/AhxTB9RyYn6kpxUzGWNT0quqky93MaUf023R1eHXUsATv QCiBbfCTBLMRzF9ueSDL5xC9Pvo51ugSoJNKIc/6Vt/g9wKFlshodO38aN3+iEZj 0RdVqqR7BHsc0CPsk4gVIsvmLamFJDuZDw/Cwwl5djWlj2BgGpwGc0aw2fIkG28O yzNUck4Wwt9Tg261qot3LW29wgeKVryBhi6570XVRJT3HmJmAURib31zOSxr8Hfb hr1dmXd3uwmXg5cSsTwJ6ICBOJ/GhWCRefei9paRVGaNLsf1i6XRv1HNbcDYJTnH Vq2DYq3tbgQV7gwuEAo/nzY9AIlFlKgAWdA/BhZ74QV/+x1QKElA39VUBIlXChQe Oh1w/h07EP9+RISJ8gSsID0tLXIcX7aQADtGHAqKuOJZWbT5FcGZOmufxAkxm+eo y9GVJIhtHo3eDGxH2eNZO/XHE39kRY5llz6yhU67hPFjEEW5O5U= =KOLi - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX/O+WONLKJtyKPYoAQg5pBAAqwKJysGPWfSzEQ3N218/dIaO8DJEtaBb Mx58LizQwjL0BzPE1mGvIuTHhjqBdqcNWe+IMlsPLMIdcL24Re2P0gwwAQaRENaf JoTQiPPCs/R/mL/cB3lcH3CLRmlY3EAUsCazx75zTd2LkYjbhtrE9dFnroSv1ril h3l5Wz8pHGjQyiSGx2J9yt3gurts+v/QLAljT7PgR3iq6sCblHcF2PFNj9efznQY 96cGUpM8nTYfc1PpAF3EY2Q3xIoGgi3JfkRysR+igLS7Szvl/H2xAkKjADl0Db0B VtEcK8ElCoTi8TUql2RuAKTAKS5Im74fj34+Yq5TEB3VM+cDsSVKZzGqThQ78WgC DgOim6WaOmLbwi5LfwRITfvBnG++FFaaKWjJciRPK1gI2XeuI1ixUhtHGODOkjT6 4t2atTBnV2tHNH5Z1PHKls2puURRFgR6McQElferb6IOfTitYt8m/pKlGOrt/s7h VU4Q42qTdI93e/ZXgjkkOP+qbDFt7lCY+uAr0r2ct1oE2aRF0Z3uK/pAzrddDNAH 175VE4HqNHh4oDr0QN0IPRv3t17rPeaYeI7Chl8t4vz+rAwNYWitaB0xqwuKXKqE eMGvgvwhjd/TKpb8PeGrZaR/d3u5UPydBNJWYoI795EquX/qOFCFBvAt/8Xmm16p NF3ivjtPxWQ= =31BK -----END PGP SIGNATURE-----