Synopsis:          Important: flac security update
Advisory ID:       SLSA-2015:0767-1
Issue Date:        2015-04-01
CVE Numbers:       CVE-2014-8962
                   CVE-2014-9028
--

A buffer overflow flaw was found in the way flac decoded FLAC audio files.
An attacker could create a specially crafted FLAC audio file that could
cause an application using the flac library to crash or execute arbitrary
code when the file was read. (CVE-2014-9028)

A buffer over-read flaw was found in the way flac processed certain ID3v2
metadata. An attacker could create a specially crafted FLAC audio file
that could cause an application using the flac library to crash when the
file was read. (CVE-2014-8962)

After installing the update, all applications linked against the flac
library must be restarted for this update to take effect.
--

SL6
  x86_64
    flac-1.2.1-7.el6_6.i686.rpm
    flac-1.2.1-7.el6_6.x86_64.rpm
    flac-debuginfo-1.2.1-7.el6_6.i686.rpm
    flac-debuginfo-1.2.1-7.el6_6.x86_64.rpm
    flac-devel-1.2.1-7.el6_6.i686.rpm
    flac-devel-1.2.1-7.el6_6.x86_64.rpm
  i386
    flac-1.2.1-7.el6_6.i686.rpm
    flac-debuginfo-1.2.1-7.el6_6.i686.rpm
    flac-devel-1.2.1-7.el6_6.i686.rpm
SL7
  x86_64
    flac-debuginfo-1.3.0-5.el7_1.i686.rpm
    flac-debuginfo-1.3.0-5.el7_1.x86_64.rpm
    flac-libs-1.3.0-5.el7_1.i686.rpm
    flac-libs-1.3.0-5.el7_1.x86_64.rpm
    flac-1.3.0-5.el7_1.x86_64.rpm
    flac-devel-1.3.0-5.el7_1.i686.rpm
    flac-devel-1.3.0-5.el7_1.x86_64.rpm

- Scientific Linux Development Team