Amazon Linux 1 (EOL) Security Advisory: ALAS-2015-505
Advisory Released Date: 2015-04-15
Advisory Updated Date: 2015-04-15
Severity:
Important
References:
CVE-2014-8962
CVE-2014-9028
RHSA-2015-0767
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028)
A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962)
Affected Packages:
flac
Issue Correction:
Run yum update flac to update your system.
New Packages:
i686:
flac-1.2.1-7.7.amzn1.i686
flac-devel-1.2.1-7.7.amzn1.i686
flac-debuginfo-1.2.1-7.7.amzn1.i686
src:
flac-1.2.1-7.7.amzn1.src
x86_64:
flac-devel-1.2.1-7.7.amzn1.x86_64
flac-1.2.1-7.7.amzn1.x86_64
flac-debuginfo-1.2.1-7.7.amzn1.x86_64