drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberläufe in flac
Name: |
Zahlenüberläufe in flac |
|
ID: |
RHSA-2007:0975-02 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mo, 22. Oktober 2007, 17:51 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619 |
|
Applikationen: |
FLAC |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Important: flac security update Advisory ID: RHSA-2007:0975-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0975.html Issue date: 2007-10-22 Updated on: 2007-10-22 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4619 - ---------------------------------------------------------------------
1. Summary:
An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players.
A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619)
Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
331991 - CVE-2007-4619 FLAC Integer overflows
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: flac-1.1.0-7.el4_5.2.src.rpm d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm
i386: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm 7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm
ia64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm 9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm 5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm
ppc: 184b7fafd7a5ed2e2b334d737b9dad90 flac-1.1.0-7.el4_5.2.ppc.rpm f78edb2aeb440f8b8640c4fbddf2710b flac-1.1.0-7.el4_5.2.ppc64.rpm 9276d16e87e9e550d83ce782db34c52e flac-debuginfo-1.1.0-7.el4_5.2.ppc.rpm 27f02a41c8f78e6ca4c6057484a3fc28 flac-debuginfo-1.1.0-7.el4_5.2.ppc64.rpm 57baef335123034cb0d09c748bc986ce flac-devel-1.1.0-7.el4_5.2.ppc.rpm 041129c822241a9f05f48db18dd4444e xmms-flac-1.1.0-7.el4_5.2.ppc.rpm
s390: 0577eff8b7303a9a311a9ab5821e99c7 flac-1.1.0-7.el4_5.2.s390.rpm 80bae29006433c509abd79056455d2b5 flac-debuginfo-1.1.0-7.el4_5.2.s390.rpm 72a11ace1105cc3c4caf0302a573d100 flac-devel-1.1.0-7.el4_5.2.s390.rpm 83e98de9ed7257deccf64bfeadf9e955 xmms-flac-1.1.0-7.el4_5.2.s390.rpm
s390x: 0577eff8b7303a9a311a9ab5821e99c7 flac-1.1.0-7.el4_5.2.s390.rpm b9f0b84374b5d552728b1d6cb47f0ef8 flac-1.1.0-7.el4_5.2.s390x.rpm 80bae29006433c509abd79056455d2b5 flac-debuginfo-1.1.0-7.el4_5.2.s390.rpm 7d6031748d452b7259a60fa0af21d4bf flac-debuginfo-1.1.0-7.el4_5.2.s390x.rpm 8738d7b7b2c251cef2f791e1cd846483 flac-devel-1.1.0-7.el4_5.2.s390x.rpm 8ecf0e7c96034cc9742c9b90a6de8258 xmms-flac-1.1.0-7.el4_5.2.s390x.rpm
x86_64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm 3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm 984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: flac-1.1.0-7.el4_5.2.src.rpm d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm
i386: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm 7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm
x86_64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm 3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm 984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: flac-1.1.0-7.el4_5.2.src.rpm d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm
i386: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm 7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm
ia64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm 9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm 5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm
x86_64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm 3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm 984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: flac-1.1.0-7.el4_5.2.src.rpm d41999413949cbca5a305b76bbf41e2e flac-1.1.0-7.el4_5.2.src.rpm
i386: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 7c0a7b05c52c59197f56f98628d9a032 flac-devel-1.1.0-7.el4_5.2.i386.rpm 7df0c17e386da2dbbc84fcf01f34af53 xmms-flac-1.1.0-7.el4_5.2.i386.rpm
ia64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 436095ccdae7eac5a47e509c73013995 flac-1.1.0-7.el4_5.2.ia64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 15f46721b7307757ab2d3198ade503a9 flac-debuginfo-1.1.0-7.el4_5.2.ia64.rpm 9815d4a455af8153eabcbd0f73ff171d flac-devel-1.1.0-7.el4_5.2.ia64.rpm 5e630db4510212b2d6f3299aaa5ba520 xmms-flac-1.1.0-7.el4_5.2.ia64.rpm
x86_64: 00e519bcf46effa594ee38c0f5062fd6 flac-1.1.0-7.el4_5.2.i386.rpm 2f1b825f091ad02398faa6130ca188b6 flac-1.1.0-7.el4_5.2.x86_64.rpm d14814f1467dc49af7bbd1bca8eead84 flac-debuginfo-1.1.0-7.el4_5.2.i386.rpm 9ce3d5f950091c1f5e98c5d9c8c6a2ac flac-debuginfo-1.1.0-7.el4_5.2.x86_64.rpm 3c0af7f00f16e7504ae5a8c87a44679e flac-devel-1.1.0-7.el4_5.2.x86_64.rpm 984c072a9cabd42dcb7d8485e545f877 xmms-flac-1.1.0-7.el4_5.2.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: flac-1.1.2-28.el5_0.1.src.rpm 3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm
i386: 62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm
x86_64: 62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm 9b95c3d9efb3abcf828fa1b2e769027b flac-1.1.2-28.el5_0.1.x86_64.rpm 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS: flac-1.1.2-28.el5_0.1.src.rpm 3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm
i386: 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm
x86_64: 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm 75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm 62e04b284340920f8660d7262f1a4036 flac-devel-1.1.2-28.el5_0.1.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: flac-1.1.2-28.el5_0.1.src.rpm 3f6524fbf21a606c1ba04c7ff95cf524 flac-1.1.2-28.el5_0.1.src.rpm
i386: 62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm
ia64: fd01db6b4d0945e884cab6e6258d82d2 flac-1.1.2-28.el5_0.1.ia64.rpm e82680450bf807e4b5b4cc71ce72e2b8 flac-debuginfo-1.1.2-28.el5_0.1.ia64.rpm 30ad312b0e269d377f350fba71d861be flac-devel-1.1.2-28.el5_0.1.ia64.rpm
ppc: 5b3943171819aa7879796cb622383209 flac-1.1.2-28.el5_0.1.ppc.rpm 2e8bdcb5d2f178dab798a37b315a3081 flac-1.1.2-28.el5_0.1.ppc64.rpm 8fc3a5070be7271696e28b9836dd84db flac-debuginfo-1.1.2-28.el5_0.1.ppc.rpm 03997f954c1f2fb1baeb6ce76016441a flac-debuginfo-1.1.2-28.el5_0.1.ppc64.rpm 279c295c7365c4e5ccd333a04c2bb206 flac-devel-1.1.2-28.el5_0.1.ppc.rpm e24423a67f8d97857ada252378e3c501 flac-devel-1.1.2-28.el5_0.1.ppc64.rpm
s390x: fc2b06b6529e0c0ea3aaa5c6bb8f8a60 flac-1.1.2-28.el5_0.1.s390.rpm 312afc68d82be827607cc4bc9709993c flac-1.1.2-28.el5_0.1.s390x.rpm c7c60e89d26de29498b0afc2457418f7 flac-debuginfo-1.1.2-28.el5_0.1.s390.rpm 161d8f9a624f1898fe583e4a360f6bbe flac-debuginfo-1.1.2-28.el5_0.1.s390x.rpm 89a33fd0e6a5eaa8ed8608731830d06a flac-devel-1.1.2-28.el5_0.1.s390.rpm 47551c0d545ee9e7ba19e5659b2e4c6d flac-devel-1.1.2-28.el5_0.1.s390x.rpm
x86_64: 62154211d4bac9b4bc253b3c76f6cccb flac-1.1.2-28.el5_0.1.i386.rpm 9b95c3d9efb3abcf828fa1b2e769027b flac-1.1.2-28.el5_0.1.x86_64.rpm 0026bf5326f45f3b8ff31f09b3c9b076 flac-debuginfo-1.1.2-28.el5_0.1.i386.rpm 153dd6c34959dc973558ef00e3424cbf flac-debuginfo-1.1.2-28.el5_0.1.x86_64.rpm 75ac6b584c270c533ad453043c9d1fc9 flac-devel-1.1.2-28.el5_0.1.i386.rpm 62e04b284340920f8660d7262f1a4036 flac-devel-1.1.2-28.el5_0.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619 http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFHHMaLXlSAg2UNWIIRAsv9AJ92kKFR1oO3HvLU48yy345oSzux8ACgqpBp 2LoPfiGhja1pQYAgNNfs1ps= =dzcs -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|