Synopsis: Important: flac security update Advisory ID: SLSA-2015:0767-1 Issue Date: 2015-04-01 CVE Numbers: CVE-2014-8962 CVE-2014-9028 -- A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028) A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962) After installing the update, all applications linked against the flac library must be restarted for this update to take effect. -- SL6 x86_64 flac-1.2.1-7.el6_6.i686.rpm flac-1.2.1-7.el6_6.x86_64.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm flac-devel-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.x86_64.rpm i386 flac-1.2.1-7.el6_6.i686.rpm flac-debuginfo-1.2.1-7.el6_6.i686.rpm flac-devel-1.2.1-7.el6_6.i686.rpm SL7 x86_64 flac-debuginfo-1.3.0-5.el7_1.i686.rpm flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm flac-libs-1.3.0-5.el7_1.i686.rpm flac-libs-1.3.0-5.el7_1.x86_64.rpm flac-1.3.0-5.el7_1.x86_64.rpm flac-devel-1.3.0-5.el7_1.i686.rpm flac-devel-1.3.0-5.el7_1.x86_64.rpm - Scientific Linux Development Team