{"id": "SECURITYVULNS:VULN:14107", "bulletinFamily": "software", "title": "flac memory corruptions", "description": "Buffer overflows on audio files parsing.", "published": "2014-11-30T00:00:00", "modified": "2014-11-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14107", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31408", "https://vulners.com/securityvulns/securityvulns:doc:31402"], "cvelist": ["CVE-2014-9028", "CVE-2014-8962"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "6f94a22a4974ca5db31b93f16e6eba50"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "acee6edfc7b5add27a08c06075b77b9c"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "75cf8f56a0dd1020da49c9c493a13e57"}, {"key": "href", "hash": "f076dc83aeb5fa4b00cb42e23b33c92d"}, {"key": "modified", "hash": "df798bf2aaedabce5d56bfbcb8e3593b"}, {"key": "published", "hash": "df798bf2aaedabce5d56bfbcb8e3593b"}, {"key": "references", "hash": "8fbb70cc26d57f4b292468d51aedd567"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "392b84b500f4e2777f3be936a16280e1"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "ad9dfdb523b29604e366c31b848072539f7272c9e2ceff75fa2d4f5aa4b2a16d", "viewCount": 2, "enchantments": {"score": {"value": 10.0, "vector": "NONE", "modified": "2018-08-31T11:09:58"}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17301056"]}, {"type": "cve", "idList": ["CVE-2014-8962", "CVE-2014-9028"]}, {"type": "nessus", "idList": ["FEDORA_2014-16258.NASL", "MANDRIVA_MDVSA-2015-188.NASL", "SUSE_11_FLAC-141201.NASL", "FEDORA_2015-13145.NASL", "FEDORA_2015-13353.NASL", "FEDORA_2014-16272.NASL", "FEDORA_2014-16251.NASL", "UBUNTU_USN-2426-1.NASL", "FEDORA_2014-16270.NASL", "FEDORA_2014-16148.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-99-1:94510", "DEBIAN:DSA-3082-1:2081C"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0767"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310869872", "OPENVAS:1361412562310868621", "OPENVAS:703082", "OPENVAS:1361412562310882152", "OPENVAS:1361412562310868760", "OPENVAS:1361412562310868653", "OPENVAS:1361412562310123145", "OPENVAS:1361412562310120372", "OPENVAS:1361412562310868588", "OPENVAS:1361412562310868592"]}, {"type": "amazon", "idList": ["ALAS-2015-505"]}, {"type": "redhat", "idList": ["RHSA-2015:0767"]}, {"type": "freebsd", "idList": ["A33ADDF6-74E6-11E4-A615-F8B156B6DCC8"]}, {"type": "ubuntu", "idList": ["USN-2426-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31408", "SECURITYVULNS:DOC:31402"]}, {"type": "archlinux", "idList": ["ASA-201411-30"]}, {"type": "centos", "idList": ["CESA-2015:0767"]}, {"type": "gentoo", "idList": ["GLSA-201412-40"]}], "modified": "2018-08-31T11:09:58"}, "vulnersScore": 10.0}, "objectVersion": "1.3", "affectedSoftware": [{"name": "libFLAC", "operator": "eq", "version": "1.3"}]}

{"f5": [{"lastseen": "2017-08-03T22:23:38", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-07-19T21:00:00", "published": "2017-07-19T21:00:00", "href": "https://support.f5.com/csp/article/K17301056", "id": "F5:K17301056", "title": "libFLAC vulnerabilities CVE-2014-8962 and CVE-2014-9028", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2018-10-10T11:05:24", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.", "modified": "2018-10-09T15:54:54", "published": "2014-11-26T10:59:08", "id": "CVE-2014-9028", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9028", "title": "CVE-2014-9028", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-10T11:05:24", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.", "modified": "2018-10-09T15:54:52", "published": "2014-11-26T10:59:07", "id": "CVE-2014-8962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8962", "title": "CVE-2014-8962", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:20:23", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-12-07T00:00:00", "id": "FEDORA_2014-16258.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79792", "title": "Fedora 20 : flac-1.3.1-1.fc20 (2014-16258)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16258.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79792);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_bugtraq_id(71280, 71282);\n script_xref(name:\"FEDORA\", value:\"2014-16258\");\n\n script_name(english:\"Fedora 20 : flac-1.3.1-1.fc20 (2014-16258)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145728.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57404630\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flac package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"flac-1.3.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:13", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in flac :\n\nHeap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1\nallows remote attackers to execute arbitrary code via a crafted .flac\nfile (CVE-2014-9028).\n\nStack-based buffer overflow in stream_decoder.c in libFLAC before\n1.3.1 allows remote attackers to execute arbitrary code via a crafted\n.flac file (CVE-2014-8962).\n\nThe updated packages provides a solution for these security issues.", "modified": "2018-11-15T00:00:00", "published": "2015-04-03T00:00:00", "id": "MANDRIVA_MDVSA-2015-188.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82559", "title": "Mandriva Linux Security Advisory : flac (MDVSA-2015:188)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:188. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82559);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"MDVSA\", value:\"2015:188\");\n\n script_name(english:\"Mandriva Linux Security Advisory : flac (MDVSA-2015:188)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in flac :\n\nHeap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1\nallows remote attackers to execute arbitrary code via a crafted .flac\nfile (CVE-2014-9028).\n\nStack-based buffer overflow in stream_decoder.c in libFLAC before\n1.3.1 allows remote attackers to execute arbitrary code via a crafted\n.flac file (CVE-2014-8962).\n\nThe updated packages provides a solution for these security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0767\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64flac++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64flac++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64flac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64flac8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"flac-1.3.0-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64flac++-devel-1.3.0-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64flac++6-1.3.0-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64flac-devel-1.3.0-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64flac8-1.3.0-3.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:40", "bulletinFamily": "scanner", "description": "flac was updated to fix two security issues :\n\n - Stack overflow may result in arbitrary code execution.\n (CVE-2014-8962)\n\n - Heap overflow via specially crafted .flac files.\n (CVE-2014-9028)", "modified": "2014-12-06T00:00:00", "published": "2014-12-06T00:00:00", "id": "SUSE_11_FLAC-141201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79761", "title": "SuSE 11.3 Security Update : flac (SAT Patch Number 10029)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79761);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/12/06 16:28:19 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n\n script_name(english:\"SuSE 11.3 Security Update : flac (SAT Patch Number 10029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flac was updated to fix two security issues :\n\n - Stack overflow may result in arbitrary code execution.\n (CVE-2014-8962)\n\n - Heap overflow via specially crafted .flac files.\n (CVE-2014-9028)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=906831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8962.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9028.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10029.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libFLAC++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libFLAC8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libFLAC8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libFLAC++6-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libFLAC8-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libFLAC++6-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libFLAC8-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libFLAC8-32bit-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libFLAC++6-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libFLAC8-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libFLAC8-32bit-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libFLAC8-32bit-1.2.1-68.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:15", "bulletinFamily": "scanner", "description": "Update flac to fix security issue in xmms-flac plugin (previously an\nindependent subpackage that was out of date).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2015-08-17T00:00:00", "id": "FEDORA_2015-13145.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85424", "title": "Fedora 22 : flac-1.3.1-5.fc22 (2015-13145)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-13145.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85424);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:57:25 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2015-13145\");\n\n script_name(english:\"Fedora 22 : flac-1.3.1-5.fc22 (2015-13145)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update flac to fix security issue in xmms-flac plugin (previously an\nindependent subpackage that was out of date).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163868.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d0aa58aa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flac package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"flac-1.3.1-5.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:17", "bulletinFamily": "scanner", "description": "Update flac to fix security issue in xmms-flac plugin (previously an\nindependent subpackage that was out of date).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2015-08-18T00:00:00", "id": "FEDORA_2015-13353.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85479", "title": "Fedora 23 : flac-1.3.1-5.fc23 (2015-13353)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-13353.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85479);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:57:25 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2015-13353\");\n\n script_name(english:\"Fedora 23 : flac-1.3.1-5.fc23 (2015-13353)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update flac to fix security issue in xmms-flac plugin (previously an\nindependent subpackage that was out of date).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164009.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61c34459\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flac package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"flac-1.3.1-5.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:29", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-12-22T00:00:00", "id": "FEDORA_2014-16272.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80131", "title": "Fedora 19 : flac-1.3.1-1.fc19 (2014-16272)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16272.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80131);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2014-16272\");\n\n script_name(english:\"Fedora 19 : flac-1.3.1-1.fc19 (2014-16272)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146545.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?844f4746\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flac package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"flac-1.3.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:25", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-12-15T00:00:00", "id": "FEDORA_2014-16251.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79925", "title": "Fedora 19 : mingw-flac-1.3.1-1.fc19 (2014-16251)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16251.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79925);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2014-16251\");\n\n script_name(english:\"Fedora 19 : mingw-flac-1.3.1-1.fc19 (2014-16251)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146152.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10eeba71\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-flac package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mingw-flac-1.3.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:20", "bulletinFamily": "scanner", "description": "Michele Spagnuolo discovered that FLAC incorrectly handled certain\nmalformed audio files. An attacker could use this issue to cause FLAC\nto crash, resulting in a denial of service, or possibly execute\narbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2014-11-28T00:00:00", "id": "UBUNTU_USN-2426-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79622", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : flac vulnerabilities (USN-2426-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2426-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79622);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_bugtraq_id(71280, 71282);\n script_xref(name:\"USN\", value:\"2426-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : flac vulnerabilities (USN-2426-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michele Spagnuolo discovered that FLAC incorrectly handled certain\nmalformed audio files. An attacker could use this issue to cause FLAC\nto crash, resulting in a denial of service, or possibly execute\narbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2426-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libflac++6 and / or libflac8 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libflac++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libflac8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libflac++6\", pkgver:\"1.2.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libflac8\", pkgver:\"1.2.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libflac++6\", pkgver:\"1.2.1-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libflac8\", pkgver:\"1.2.1-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libflac++6\", pkgver:\"1.3.0-2ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libflac8\", pkgver:\"1.3.0-2ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libflac++6\", pkgver:\"1.3.0-2ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libflac8\", pkgver:\"1.3.0-2ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libflac++6 / libflac8\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:25", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-12-15T00:00:00", "id": "FEDORA_2014-16270.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79929", "title": "Fedora 20 : mingw-flac-1.3.1-1.fc20 (2014-16270)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16270.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79929);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2014-16270\");\n\n script_name(english:\"Fedora 20 : mingw-flac-1.3.1-1.fc20 (2014-16270)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146154.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61c519e3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-flac package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mingw-flac-1.3.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:25", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2014-12-15T00:00:00", "id": "FEDORA_2014-16148.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79916", "title": "Fedora 21 : mingw-flac-1.3.1-1.fc21 (2014-16148)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16148.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79916);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:29 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2014-16148\");\n\n script_name(english:\"Fedora 21 : mingw-flac-1.3.1-1.fc21 (2014-16148)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5886f3e1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-flac package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-flac-1.3.1-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:03", "bulletinFamily": "unix", "description": "Package : flac\nVersion : 1.2.1-2+deb6u1\nCVE ID : CVE-2014-8962 CVE-2014-9028\n\nMichele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of\nRed Hat, discovered two issues in flac, a library handling Free\nLossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.\n\nCVE-2014-8962\n\n heap-based buffer overflow in stream_decoder.c, allowing\n remote attackers to execute arbitrary code via a specially\n crafted .flac file.\n\n\nCVE-2014-9028\n\n stack-based buffer overflow in stream_decoder.c, allowing\n remote attackers to execute arbitrary code via a specially\n crafted .flac file.\n", "modified": "2014-12-05T19:00:39", "published": "2014-12-05T19:00:39", "id": "DEBIAN:DLA-99-1:94510", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00002.html", "title": "[SECURITY] [DLA 99-1] flac security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:48:30", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3082-1 security@debian.org\nhttp://www.debian.org/security/ Sebastien Delafond\nNovember 30, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : flac\nCVE ID : CVE-2014-8962 CVE-2014-9028\nDebian Bug : 770918\n\nMichele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of\nRed Hat, discovered two issues in flac, a library handling Free\nLossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.1-6+deb7u1.\n\nFor the testing distribution (jessie) and unstable distribution (sid),\nthese problems have been fixed in version 1.3.0-3.\n\nWe recommend that you upgrade your flac packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-11-30T13:37:02", "published": "2014-11-30T13:37:02", "id": "DEBIAN:DSA-3082-1:2081C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00272.html", "title": "[SECURITY] [DSA 3082-1] flac security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:00", "bulletinFamily": "unix", "description": "[1.3.0-5]\n- fix buffer overflow when processing ID3v2 metadata (CVE-2014-8962)\n- fix buffer overflow with invalid blocksize (CVE-2014-9028)", "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "ELSA-2015-0767", "href": "http://linux.oracle.com/errata/ELSA-2015-0767.html", "title": "flac security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:49:57", "bulletinFamily": "scanner", "description": "Check the version of flac", "modified": "2017-07-10T00:00:00", "published": "2015-08-15T00:00:00", "id": "OPENVAS:1361412562310869872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869872", "title": "Fedora Update for flac FEDORA-2015-13145", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2015-13145\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869872\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-15 05:04:45 +0200 (Sat, 15 Aug 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flac FEDORA-2015-13145\");\n script_tag(name: \"summary\", value: \"Check the version of flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec.\nGrossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC\nproject consists of the stream format, reference encoders and decoders in\nlibrary form, flac, a command-line program to encode and decode FLAC files,\nmetaflac, a command-line metadata editor for FLAC files and input plugins for\nvarious music players.\n\nThis package contains the command-line tools and documentation.\n\");\n script_tag(name: \"affected\", value: \"flac on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-13145\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163868.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~5.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:33", "bulletinFamily": "scanner", "description": "Check the version of flac", "modified": "2017-07-14T00:00:00", "published": "2014-12-21T00:00:00", "id": "OPENVAS:1361412562310868621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868621", "title": "Fedora Update for flac FEDORA-2014-16272", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2014-16272\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868621\");\n script_version(\"$Revision: 6724 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-21 05:57:36 +0100 (Sun, 21 Dec 2014)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for flac FEDORA-2014-16272\");\n script_tag(name: \"summary\", value: \"Check the version of flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC\nis similar to Ogg Vorbis, but lossless. The FLAC project consists of\nthe stream format, reference encoders and decoders in library form,\nflac, a command-line program to encode and decode FLAC files, metaflac,\na command-line metadata editor for FLAC files and input plugins for\nvarious music players.\n\nThis package contains the command-line tools and documentation.\n\");\n script_tag(name: \"affected\", value: \"flac on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16272\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146545.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-31T10:49:07", "bulletinFamily": "scanner", "description": "Michele Spagnuolo, of Google Security\nTeam, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library\nhandling Free Lossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.", "modified": "2017-07-14T00:00:00", "published": "2014-11-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703082", "id": "OPENVAS:703082", "title": "Debian Security Advisory DSA 3082-1 (flac - security update)", "type": "openvas", "sourceData": "###########################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3082.nasl 6724 2017-07-14 09:57:17Z teissa $\n# Auto-generated from advisory DSA 3082-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n##############################################################################\n\nif(description)\n{\n script_id(703082);\n script_version(\"$Revision: 6724 $\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_name(\"Debian Security Advisory DSA 3082-1 (flac - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-11-30 00:00:00 +0100 (Sun, 30 Nov 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3082.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"flac on Debian Linux\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio\nCodec. Grossly oversimplified, FLAC is similar to MP3, but lossless. The FLAC\nproject consists of:\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.2.1-6+deb7u1.\n\nFor the testing distribution (jessie) and unstable distribution (sid),\nthese problems have been fixed in version 1.3.0-3.\n\nWe recommend that you upgrade your flac packages.\");\n script_tag(name: \"summary\", value: \"Michele Spagnuolo, of Google Security\nTeam, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library\nhandling Free Lossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"flac\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac++-dev\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac++6\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac-dev\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac-doc\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac8\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:39", "bulletinFamily": "scanner", "description": "Check the version of flac", "modified": "2017-07-10T00:00:00", "published": "2015-04-02T00:00:00", "id": "OPENVAS:1361412562310882152", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882152", "title": "CentOS Update for flac CESA-2015:0767 centos7 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for flac CESA-2015:0767 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882152\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-02 07:11:12 +0200 (Thu, 02 Apr 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for flac CESA-2015:0767 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The flac packages contain a decoder and an encoder for the FLAC (Free\nLossless Audio Codec) audio file format.\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files.\nAn attacker could create a specially crafted FLAC audio file that could\ncause an application using the flac library to crash or execute arbitrary\ncode when the file was read. (CVE-2014-9028)\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2\nmetadata. An attacker could create a specially crafted FLAC audio file that\ncould cause an application using the flac library to crash when the file\nwas read. (CVE-2014-8962)\n\nAll flac users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications linked against the flac library must be restarted\nfor this update to take effect.\n\");\n script_tag(name: \"affected\", value: \"flac on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0767\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021045.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.0~5.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flac-devel\", rpm:\"flac-devel~1.3.0~5.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flac-libs\", rpm:\"flac-libs~1.3.0~5.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:31", "bulletinFamily": "scanner", "description": "Check the version of mingw-flac", "modified": "2017-07-10T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868760", "title": "Fedora Update for mingw-flac FEDORA-2014-16148", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-flac FEDORA-2014-16148\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868760\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:50:12 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mingw-flac FEDORA-2014-16148\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC\nis similar to Ogg Vorbis, but lossless. The FLAC project consists of\nthe stream format, reference encoders and decoders in library form,\nflac, a command-line program to encode and decode FLAC files, metaflac,\na command-line metadata editor for FLAC files and input plugins for\nvarious music players.\n\");\n script_tag(name: \"affected\", value: \"mingw-flac on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16148\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146167.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-flac\", rpm:\"mingw-flac~1.3.1~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:24", "bulletinFamily": "scanner", "description": "Check the version of flac", "modified": "2017-07-10T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868653", "title": "Fedora Update for flac FEDORA-2014-16175", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2014-16175\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868653\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:39:14 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for flac FEDORA-2014-16175\");\n script_tag(name: \"summary\", value: \"Check the version of flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC\nis similar to Ogg Vorbis, but lossless. The FLAC project consists of\nthe stream format, reference encoders and decoders in library form,\nflac, a command-line program to encode and decode FLAC files, metaflac,\na command-line metadata editor for FLAC files and input plugins for\nvarious music players.\n\nThis package contains the command-line tools and documentation.\n\");\n script_tag(name: \"affected\", value: \"flac on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16175\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146056.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:10", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-0767", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123145", "title": "Oracle Linux Local Check: ELSA-2015-0767", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0767.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123145\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0767\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0767 - flac security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0767\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0767.html\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.0~5.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"flac-devel\", rpm:\"flac-devel~1.3.0~5.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"flac-libs\", rpm:\"flac-libs~1.3.0~5.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.2.1~7.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"flac-devel\", rpm:\"flac-devel~1.2.1~7.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:31:16", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120372", "title": "Amazon Linux Local Check: ALAS-2015-505", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-505.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120372\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:24:54 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-505\");\n script_tag(name:\"insight\", value:\"A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028 )A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962 )\");\n script_tag(name:\"solution\", value:\"Run yum update flac to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-505.html\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.2.1~7.7.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"flac-devel\", rpm:\"flac-devel~1.2.1~7.7.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"flac-debuginfo\", rpm:\"flac-debuginfo~1.2.1~7.7.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:00", "bulletinFamily": "scanner", "description": "Check the version of mingw-flac", "modified": "2017-07-18T00:00:00", "published": "2014-12-14T00:00:00", "id": "OPENVAS:1361412562310868588", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868588", "title": "Fedora Update for mingw-flac FEDORA-2014-16270", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-flac FEDORA-2014-16270\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868588\");\n script_version(\"$Revision: 6750 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 06:03:12 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mingw-flac FEDORA-2014-16270\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC\nis similar to Ogg Vorbis, but lossless. The FLAC project consists of\nthe stream format, reference encoders and decoders in library form,\nflac, a command-line program to encode and decode FLAC files, metaflac,\na command-line metadata editor for FLAC files and input plugins for\nvarious music players.\n\");\n script_tag(name: \"affected\", value: \"mingw-flac on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16270\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146154.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-flac\", rpm:\"mingw-flac~1.3.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:34", "bulletinFamily": "scanner", "description": "Check the version of mingw-flac", "modified": "2017-07-14T00:00:00", "published": "2014-12-14T00:00:00", "id": "OPENVAS:1361412562310868592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868592", "title": "Fedora Update for mingw-flac FEDORA-2014-16251", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-flac FEDORA-2014-16251\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868592\");\n script_version(\"$Revision: 6724 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 06:03:51 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mingw-flac FEDORA-2014-16251\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC\nis similar to Ogg Vorbis, but lossless. The FLAC project consists of\nthe stream format, reference encoders and decoders in library form,\nflac, a command-line program to encode and decode FLAC files, metaflac,\na command-line metadata editor for FLAC files and input plugins for\nvarious music players.\n\");\n script_tag(name: \"affected\", value: \"mingw-flac on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16251\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146152.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-flac\", rpm:\"mingw-flac~1.3.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:07", "bulletinFamily": "unix", "description": "The flac packages contain a decoder and an encoder for the FLAC (Free\nLossless Audio Codec) audio file format.\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files.\nAn attacker could create a specially crafted FLAC audio file that could\ncause an application using the flac library to crash or execute arbitrary\ncode when the file was read. (CVE-2014-9028)\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2\nmetadata. An attacker could create a specially crafted FLAC audio file that\ncould cause an application using the flac library to crash when the file\nwas read. (CVE-2014-8962)\n\nAll flac users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications linked against the flac library must be restarted\nfor this update to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2015-03-31T04:00:00", "id": "RHSA-2015:0767", "href": "https://access.redhat.com/errata/RHSA-2015:0767", "type": "redhat", "title": "(RHSA-2015:0767) Important: flac security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:09", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. ([CVE-2014-9028 __](<https://access.redhat.com/security/cve/CVE-2014-9028>))\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. ([CVE-2014-8962 __](<https://access.redhat.com/security/cve/CVE-2014-8962>))\n\n \n**Affected Packages:** \n\n\nflac\n\n \n**Issue Correction:** \nRun _yum update flac_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n flac-1.2.1-7.7.amzn1.i686 \n flac-devel-1.2.1-7.7.amzn1.i686 \n flac-debuginfo-1.2.1-7.7.amzn1.i686 \n \n src: \n flac-1.2.1-7.7.amzn1.src \n \n x86_64: \n flac-devel-1.2.1-7.7.amzn1.x86_64 \n flac-1.2.1-7.7.amzn1.x86_64 \n flac-debuginfo-1.2.1-7.7.amzn1.x86_64 \n \n \n", "modified": "2015-04-15T22:16:00", "published": "2015-04-15T22:16:00", "id": "ALAS-2015-505", "href": "https://alas.aws.amazon.com/ALAS-2015-505.html", "title": "Important: flac", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:32", "bulletinFamily": "unix", "description": "Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.", "modified": "2014-11-27T00:00:00", "published": "2014-11-27T00:00:00", "id": "USN-2426-1", "href": "https://usn.ubuntu.com/2426-1/", "title": "FLAC vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:46", "bulletinFamily": "unix", "description": "\nErik de Castro Lopo reports:\n\nGoogle Security Team member, Michele Spagnuolo, recently\n\t found two potential problems in the FLAC code base. They are:\n\nCVE-2014-9028: Heap buffer write overflow.\nCVE-2014-8962: Heap buffer read overflow.\n\n\n", "modified": "2015-07-15T00:00:00", "published": "2014-11-25T00:00:00", "id": "A33ADDF6-74E6-11E4-A615-F8B156B6DCC8", "href": "https://vuxml.freebsd.org/freebsd/a33addf6-74e6-11e4-a615-f8b156b6dcc8.html", "title": "flac -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-04-10T05:08:24", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0767\n\n\nThe flac packages contain a decoder and an encoder for the FLAC (Free\nLossless Audio Codec) audio file format.\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files.\nAn attacker could create a specially crafted FLAC audio file that could\ncause an application using the flac library to crash or execute arbitrary\ncode when the file was read. (CVE-2014-9028)\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2\nmetadata. An attacker could create a specially crafted FLAC audio file that\ncould cause an application using the flac library to crash when the file\nwas read. (CVE-2014-8962)\n\nAll flac users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications linked against the flac library must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021045.html\n\n**Affected packages:**\nflac\nflac-devel\nflac-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0767.html", "modified": "2015-04-01T04:28:23", "published": "2015-04-01T04:28:23", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021045.html", "id": "CESA-2015:0767", "title": "flac security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "description": "A stack overflow and a heap overflow condition have been found in\nlibFLAC when parsing a maliciously crafted .flac file, which may result\nin arbitrary code execution.", "modified": "2014-11-26T00:00:00", "published": "2014-11-26T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html", "id": "ASA-201411-30", "title": "flac: arbitrary code execution", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2426-1\r\nNovember 27, 2014\r\n\r\nflac vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nFLAC could be made to crash or run programs as your login if it opened a\r\nspecially crafted file.\r\n\r\nSoftware Description:\r\n- flac: Free Lossless Audio Codec\r\n\r\nDetails:\r\n\r\nMichele Spagnuolo discovered that FLAC incorrectly handled certain\r\nmalformed audio files. An attacker could use this issue to cause FLAC to\r\ncrash, resulting in a denial of service, or possibly execute arbitrary\r\ncode.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n libflac++6 1.3.0-2ubuntu0.14.10.1\r\n libflac8 1.3.0-2ubuntu0.14.10.1\r\n\r\nUbuntu 14.04 LTS:\r\n libflac++6 1.3.0-2ubuntu0.14.04.1\r\n libflac8 1.3.0-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libflac++6 1.2.1-6ubuntu0.1\r\n libflac8 1.2.1-6ubuntu0.1\r\n\r\nUbuntu 10.04 LTS:\r\n libflac++6 1.2.1-2ubuntu0.1\r\n libflac8 1.2.1-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2426-1\r\n CVE-2014-8962, CVE-2014-9028\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu0.14.10.1\r\n https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/flac/1.2.1-6ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/flac/1.2.1-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2014-11-30T00:00:00", "published": "2014-11-30T00:00:00", "id": "SECURITYVULNS:DOC:31402", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31402", "title": "[USN-2426-1] FLAC vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n\r\nDescription:\r\n\r\nFLAC is an open source lossless audio codec supported by several software\r\nand music players.\r\n\r\nThe libFLAC project, an open source library implementing reference\r\nencoders and decoders for native FLAC and Ogg FLAC audio content,\r\nsuffers from multiple implementation issues.\r\n\r\nIn particular, a stack overflow and a heap overflow condition, which may\r\nresult in arbitrary code execution, can be triggered by passing a maliciously\r\ncrafted .flac file to the libFLAC decoder.\r\n\r\nAffected version:\r\n\r\nlibFLAC &lt;= 1.3.0\r\n\r\nThe following packages were identified as affected as they statically\r\ninclude libFLAC in their own packages.\r\n\r\nMax &lt;= 0.9.1\r\nCog &lt;= 0.07\r\ncinelerra &lt;= 4.6\r\nJUCE &lt;= 3.1.0 &#40;juce_audio_formats module&#41;\r\n\r\nFixed version:\r\n\r\nlibFLAC &gt;= 1.3.1\r\n\r\nMax N/A\r\nCog N/A\r\ncinelerra N/A\r\nJUCE N/A\r\n\r\nCredit: vulnerability report from Michele Spagnuolo of Google Security Team &lt;mikispag AT google.com&gt;\r\n\r\nCVE:\r\n\r\nCVE-2014-8962 &#40;stack overflow&#41;\r\nCVE-2014-9028 &#40;heap overflow&#41;\r\n\r\nTimeline:\r\n\r\n2014-11-12: heap overflow report received\r\n2014-11-12: contacted maintainer\r\n2014-11-14: patch provided by maintainer\r\n2014-11-17: reporter confirms patch\r\n2014-11-20: stack overflow vulnerability reported\r\n2014-11-21: assigned CVE &#40;heap overflow&#41;\r\n2014-11-22: contacted affected vendors\r\n2014-11-23: contacted additional affected vendors\r\n2014-11-25: advisory release\r\n\r\nReferences:\r\n\r\nhttps://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e\r\nhttps://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85\r\n\r\nPermalink:\r\n\r\nhttp://www.ocert.org/advisories/ocert-2014-008.html\r\n\r\n--\r\n Daniele Bianco Open Source Computer Security Incident Response Team\r\n &lt;danbia@ocert.org&gt; http://www.ocert.org\r\n\r\n GPG Key 0x9544A497\r\n GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497\r\n\r\n", "modified": "2014-11-30T00:00:00", "published": "2014-11-30T00:00:00", "id": "SECURITYVULNS:DOC:31408", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31408", "title": "[oCERT 2014-008] libFLAC multiple issues", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:08", "bulletinFamily": "unix", "description": "### Background\n\nThe Free Lossless Audio Codec (FLAC) library is the reference implementation of the FLAC audio file format. \n\n### Description\n\nA stack-based buffer overflow flaw has been discovered in FLAC.\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted .flac file using an application linked against FLAC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FLAC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/flac-1.3.1-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "modified": "2014-12-26T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-40", "href": "https://security.gentoo.org/glsa/201412-40", "type": "gentoo", "title": "FLAC: User-assisted execution of arbitrary code", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}