Ubuntu Security Notice 5733-1 - It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. It was discovered that FLAC was not properly performing bounds checking operations when decoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
5aa1c296ac510c2d91e6b194e1a3160b6f80fdad0f84b27288784c1f63e3c634
==========================================================================
Ubuntu Security Notice USN-5733-1
November 21, 2022
flac vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in FLAC.
Software Description:
- flac: Free Lossless Audio Codec
Details:
It was discovered that FLAC was not properly performing memory management
operations, which could result in a memory leak. An attacker could possibly
use this issue to cause FLAC to consume resources, leading to a denial of
service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 LTS. (CVE-2017-6888)
It was discovered that FLAC was not properly performing bounds checking
operations when decoding data. If a user or automated system were tricked
into processing a specially crafted file, an attacker could possibly use
this issue to expose sensitive information or to cause FLAC to crash,
leading to a denial of service. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-0499)
It was discovered that FLAC was not properly performing bounds checking
operations when encoding data. If a user or automated system were tricked
into processing a specially crafted file, an attacker could possibly use
this issue to expose sensitive information or to cause FLAC to crash,
leading to a denial of service. (CVE-2021-0561)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
flac 1.3.3-2ubuntu0.1
libflac++6v5 1.3.3-2ubuntu0.1
libflac8 1.3.3-2ubuntu0.1
Ubuntu 20.04 LTS:
flac 1.3.3-1ubuntu0.1
libflac++6v5 1.3.3-1ubuntu0.1
libflac8 1.3.3-1ubuntu0.1
Ubuntu 18.04 LTS:
flac 1.3.2-1ubuntu0.1
libflac++6v5 1.3.2-1ubuntu0.1
libflac8 1.3.2-1ubuntu0.1
Ubuntu 16.04 ESM:
flac 1.3.1-4ubuntu0.1~esm1
libflac++6v5 1.3.1-4ubuntu0.1~esm1
libflac8 1.3.1-4ubuntu0.1~esm1
Ubuntu 14.04 ESM:
flac 1.3.0-2ubuntu0.14.04.1+esm1
libflac++6 1.3.0-2ubuntu0.14.04.1+esm1
libflac8 1.3.0-2ubuntu0.14.04.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5733-1
CVE-2017-6888, CVE-2020-0499, CVE-2021-0561
Package Information:
https://launchpad.net/ubuntu/+source/flac/1.3.3-2ubuntu0.1
https://launchpad.net/ubuntu/+source/flac/1.3.3-1ubuntu0.1
https://launchpad.net/ubuntu/+source/flac/1.3.2-1ubuntu0.1