Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.5335
flac security update
19 September 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: flac
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2020-22219
Original Bulletin:
https://lists.debian.org/debian-security-announce/2023/msg00193.html
Comment: CVSS (Max): 7.8 CVE-2020-22219 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NIST
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5500-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2023 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : flac
CVE ID : CVE-2020-22219
A buffer overflow was discovered in flac, a library handling Free
Lossless Audio Codec media, which could potentially result in the
execution of arbitrary code.
For the oldstable distribution (bullseye), this problem has been fixed
in version 1.3.3-2+deb11u2.
We recommend that you upgrade your flac packages.
For the detailed security status of flac please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flac
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUIw3gACgkQEMKTtsN8
TjZhfRAAubN5dEvz/eKusOF3HXn+tE0AyurV+DtBkgSrG5UjazGWBjjx9Hg47Tbc
fHYm2RCV6M/EqL3MYDnbqU8djuB1AmxpWzQnj9cziO5QDCQE/4kCVV0WmzJkc9OT
wXsTkwgz+M/Nr+T9NbORE9u5RyR4XO0PflXo1nySPzG1QKBUFzuuEXBO8Yzhp16i
5UAxfPKEOtdy8yhoOg/bgW9iOKlonXZ0GsXkpipeY0nzPQ0KxpkPc/AutYA6Kw93
pN9Eh1t5rDMXYJzeM23q3BwUnEiRgW1i+zRHuSApHd/D3TondhlNqIlm27gj5RBe
iVose/T8tkFlbjXGJCVIOpGKfZEdx5dLlAYT4RcgH88Uc6YoqECn8L0DoyslUyMt
WSql1Rb4OHavr86MTEF8M8YOIHCxNK6TaBiMBiiCZZtsrXlGVihV+tfuzxcJb/XR
1TTL+T+BZCERoNPvJiQLWARdhT9NMX30l/5nQkaHBdpYmxjSZB5hZOUTwVxiDfeu
eD+TQk+GkPmTZNd/GlDeyAJRFjaHetGYKUlVDRLZedfUNXfSozUwajVbBd59xoYr
x8Q17MoctRvXX4Jq5MEuB/zCzbcdc/gHQ0OZhsZtp4jmy6g/RqxPr9gQhQ1M5YmL
aotJJK4+T6f8wWB+ADKjDlVfGnXl2gNF/LA+9X+J9cAJNWe0pPA=
=QEw5
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZQj4s8kNZI30y1K9AQhpgg/+KvYbp/Ye+UX3WHzfn5Eaq/jdDh7kPHbU
5sZLqbkFZdUaUAidAyqegoQRSFVhYQjx8jsh5ilMcLpyHMAwphtB+MBV/Q3uu8Kd
mN7tdmAVhKK6C9r0+CW3g6r493NVOLSma3SGbWnBZCcw+W9PBVxgI4uJbvAVzHU+
lXQHLv/eyUFKMGGkx7naZnSa3IHrkpbSB1rvOhMeWQr4GV0dVNlYhhx47LfnAgfT
ivZ265Isa6VYcftIp2we/LLdoI7A6TUtc4kuej60Ckb5KA2+7Mslv4jlYyh0//Ct
/GyJu9IFw7ev4MQ+q1wiBEsBVJ0cdMTEQ5ROlMfynfFZL8/Y4h4WHQW/R7JUpMX/
xc7HWTdBAY9KjvHS/fw+pR4EhMxb7Et829h2KpL91wRosZHvIvcrTN7Nz6UZyUNE
08bb5J7m67UrvMAvts6Y7KhGSbYxMVGJcvXVvMbfqHyvVyaV0K7F1KoExMCyXp20
OJZXJeuVjtRWeSL7RdIeHBFtVweKstROb4pCd63nDiPxeRqcfNi3gpV8T/0/kpV0
ueMCToOZ/Vy4ss5gnaro/400Bd9cSoUGmyrmw4NFf4r4CqMNxkqbw5zY9ct8Jbpf
GiF4xebF8IpoJbDiiLVPuG7gjYHIhZiM+XpCGRv2+rEK00lKu4yFUpn+bTiunSo2
XYnc4Fxi19g=
=hbAG
-----END PGP SIGNATURE-----