Amazon Linux 1 Security Advisory: ALAS-2015-505
Advisory Release Date: 2015-04-15 21:48 Pacific
Advisory Updated Date: 2015-04-15 22:16 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028)
A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962)
Affected Packages:
flac
Issue Correction:
Run yum update flac to update your system.
i686:
flac-1.2.1-7.7.amzn1.i686
flac-devel-1.2.1-7.7.amzn1.i686
flac-debuginfo-1.2.1-7.7.amzn1.i686
src:
flac-1.2.1-7.7.amzn1.src
x86_64:
flac-devel-1.2.1-7.7.amzn1.x86_64
flac-1.2.1-7.7.amzn1.x86_64
flac-debuginfo-1.2.1-7.7.amzn1.x86_64