ALAS-2015-505


Amazon Linux AMI Security Advisory: ALAS-2015-505
Advisory Release Date: 2015-04-15 22:16 Pacific
Severity: Important

Issue Overview:

A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028 )

A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962 )


Affected Packages:

flac


Issue Correction:
Run yum update flac to update your system.

New Packages:
i686:
    flac-1.2.1-7.7.amzn1.i686
    flac-devel-1.2.1-7.7.amzn1.i686
    flac-debuginfo-1.2.1-7.7.amzn1.i686

src:
    flac-1.2.1-7.7.amzn1.src

x86_64:
    flac-devel-1.2.1-7.7.amzn1.x86_64
    flac-1.2.1-7.7.amzn1.x86_64
    flac-debuginfo-1.2.1-7.7.amzn1.x86_64