Security Issue with FLAC Audio Codec

Oct 15, 2007

Jan Rähm

Loss free audio codecs are gaining in popularity with device manufacturers; right now, a vulnerability in the Free Lossless Audio Codec (FLAC) spoils users listening pleasure.

Security researchers with iDefense have identified vulnerabilities that could cause heap-based overflows in several of the Flac codec’s components. To exploit the security holes an attacker would need to send a carefully crafted audio file to the user. If successful, the attacker would be able to execute arbitrary code and thus compromise the machine.

The bug, which is rated as moderately critical by security reviewers Secunia, affects all systems and applications that use the free codec. An update for Flac to version 1.2.1 resolves the issue. Binaries and source code packages are available from the project website, and software vendors are already starting to update their applications.

DevOps

Reinvent your network with DevOps tools and techniques:

AWS Automation Documents
Jekyll – A DIY HTML Engine
Automated Jenkins CI
Auditing Docker Containers in a DevOps Environment
Cloud Orchestration with Chef
Become a certified DevOps professional with the new Linux Professional Institute DevOps Tools Engineer certification."

News

Red Hat Enterprise Linux 7.5 Released

Community , Red Hat , Red Hat Linux

The latest release is focused on hybrid cloud.
Microsoft Releases a Linux-Based OS

Community , Kernel

The company is building a new IoT environment powered by Linux.
Solomon Hykes Leaves Docker

In a surprise move, Solomon Hykes, the creator of Docker has left the company.
Red Hat Celebrates 25th Anniversary with a New Code Portal

The company announces a GitHub page with links to source code for all its projects
Gnome 3.28 Released

Community , Gnome

The latest GNOME rolls out with better contact management and new features for handling virtual machines.
Install Firefox in a Snap on Linux

Community , Linux , Mozilla Foundation

Mozilla has picked the Snap package system to deliver its application to Linux users.
OpenStack Queens Released

OpenStack

The new release comes with new features for mission critical workloads.
Kali Linux Comes to Windows

Linux

The Kali Linux developers even managed to run full blown XFCE desktop via WSL.
Ubuntu to Start Collecting Some Data with Ubuntu 18.04

It will be an ‘opt-out’ feature.
CNCF Illuminates Serverless Vision

The Cloud Native Computing Foundation announces a paper describing their model for a serverless ecosystem.

Security Issue with FLAC Audio Codec

Related content

Issue 210/2018

Buy this issue as a PDF

DevOps

Reinvent your network with DevOps tools and techniques:

News

Red Hat Enterprise Linux 7.5 Released

Microsoft Releases a Linux-Based OS

Solomon Hykes Leaves Docker

Red Hat Celebrates 25th Anniversary with a New Code Portal

Gnome 3.28 Released

Install Firefox in a Snap on Linux

OpenStack Queens Released

Kali Linux Comes to Windows

Ubuntu to Start Collecting Some Data with Ubuntu 18.04

CNCF Illuminates Serverless Vision

Security Issue with FLAC Audio Codec

Related content

Issue 210/2018

Buy this issue as a PDF

DevOps

News

Tag Cloud