Debian Security Advisory DSA 1469-1 (flac) Network Vulnerability

Summary

The remote host is missing an update to flac announced via advisory DSA 1469-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201469-1

Insight

Sean de Regge and Greg Linares discovered multiple heap and stack based buffer overflows in FLAC, the Free Lossless Audio Codec, which could lead to the execution of arbitrary code. For the unstable distribution (sid), these problems have been fixed in version 1.2.1-1. For the stable distribution (etch), these problems have been fixed in version 1.1.2-8. For the old stable distribution (sarge), these problems have been fixed in version 1.1.1-5sarge1. We recommend that you upgrade your flac packages.

Severity

Classification

CVE CVE-2007-4619, CVE-2007-6277
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1004-1 (vlc)
Debian Security Advisory DSA 072-1 (groff)
Debian Security Advisory DSA 1030-1 (moodle)
Debian Security Advisory DSA 1082-1 (kernel-2.4.17)
Debian Security Advisory DSA 1005-1 (xine-lib)

Take action and discover your vulnerabilities