Security Issue with FLAC Audio Codec
Loss free audio codecs are gaining in popularity with device manufacturers; right now, a vulnerability in the Free Lossless Audio Codec (FLAC) spoils users listening pleasure.
Security researchers with iDefense have identified vulnerabilities that could cause heap-based overflows in several of the Flac codec’s components. To exploit the security holes an attacker would need to send a carefully crafted audio file to the user. If successful, the attacker would be able to execute arbitrary code and thus compromise the machine.
The bug, which is rated as moderately critical by security reviewers Secunia, affects all systems and applications that use the free codec. An update for Flac to version 1.2.1 resolves the issue. Binaries and source code packages are available from the project website, and software vendors are already starting to update their applications.
Issue 202/2017
Buy this issue as a PDF
News
-
LibreOffice 5.4 Released
Comes with improved support for Microsoft Office file formats.
-
Red Hat to Drop Support for Btrfs
The company is building their own storage solution called Stratis.
-
Reinvent your network with DevOps tools and techniques:
Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.
-
Kolab Now Integrates Collabora Online
Kolab Now subscribers now have access to Collabora Online.
-
Endless OS, a Distribution Without Internet
A new version of Endless OS has been released.
-
GitHub Announces Open Source Friday Program
They encourage people to take time out and work on open source projects on Friday.
-
System76 Announces Their Own Distro, Pop!_OS
Pop!_OS is based on Ubuntu and uses the Gnome stack.
-
Linus Torvalds Talks About His Motivation
He never tires of working on the Linux kernel.
-
Debian 9 Stretches Its Wings
The new release of Debian has a very strong focus on security.
-
Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device
Two trojans in the wild are targeting Linux machines.