[ MDVSA-2015:188 ] flac

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:188
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : flac
 Date    : April 1, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in flac:
 
 Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1
 allows remote attackers to execute arbitrary code via a crafted .flac
 file (CVE-2014-9028).
 
 Stack-based buffer overflow in stream_decoder.c in libFLAC before
 1.3.1 allows remote attackers to execute arbitrary code via a crafted
 .flac file (CVE-2014-8962).
 
 The updated packages provides a solution for these security issues.
 ______________________________________________________________

Leave a Reply