Moderate: flac security update

2022-11-1500:00:00

errata.almalinux.org

flac

security update

out of bound write

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.

Security Fix(es):

flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c (CVE-2021-0561)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux9i686flac-libs< 1.3.3-10.el9flac-libs-1.3.3-10.el9.i686.rpm
almalinux9ppc64leflac-libs< 1.3.3-10.el9flac-libs-1.3.3-10.el9.ppc64le.rpm
almalinux9x86_64flac-libs< 1.3.3-10.el9flac-libs-1.3.3-10.el9.x86_64.rpm
almalinux9aarch64flac-libs< 1.3.3-10.el9flac-libs-1.3.3-10.el9.aarch64.rpm
almalinux9s390xflac-libs< 1.3.3-10.el9flac-libs-1.3.3-10.el9.s390x.rpm
almalinux9i686flac-devel< 1.3.3-10.el9flac-devel-1.3.3-10.el9.i686.rpm
almalinux9x86_64flac-devel< 1.3.3-10.el9flac-devel-1.3.3-10.el9.x86_64.rpm
almalinux9x86_64flac< 1.3.3-10.el9flac-1.3.3-10.el9.x86_64.rpm
almalinux9aarch64flac< 1.3.3-10.el9flac-1.3.3-10.el9.aarch64.rpm
almalinux9aarch64flac-devel< 1.3.3-10.el9flac-devel-1.3.3-10.el9.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	9	i686	flac-libs	< 1.3.3-10.el9	flac-libs-1.3.3-10.el9.i686.rpm
almalinux	9	ppc64le	flac-libs	< 1.3.3-10.el9	flac-libs-1.3.3-10.el9.ppc64le.rpm
almalinux	9	x86_64	flac-libs	< 1.3.3-10.el9	flac-libs-1.3.3-10.el9.x86_64.rpm
almalinux	9	aarch64	flac-libs	< 1.3.3-10.el9	flac-libs-1.3.3-10.el9.aarch64.rpm
almalinux	9	s390x	flac-libs	< 1.3.3-10.el9	flac-libs-1.3.3-10.el9.s390x.rpm
almalinux	9	i686	flac-devel	< 1.3.3-10.el9	flac-devel-1.3.3-10.el9.i686.rpm
almalinux	9	x86_64	flac-devel	< 1.3.3-10.el9	flac-devel-1.3.3-10.el9.x86_64.rpm
almalinux	9	x86_64	flac	< 1.3.3-10.el9	flac-1.3.3-10.el9.x86_64.rpm
almalinux	9	aarch64	flac	< 1.3.3-10.el9	flac-1.3.3-10.el9.aarch64.rpm
almalinux	9	aarch64	flac-devel	< 1.3.3-10.el9	flac-devel-1.3.3-10.el9.aarch64.rpm