Updated flac packages fix security vulnerabilities
Publication date: 29 Nov 2014Modification date: 29 Nov 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8962 , CVE-2014-9028
Description
In libFLAC before 1.3.1, a stack overflow (CVE-2014-8962) and a heap overflow
(CVE-2014-9028), which may result in arbitrary code execution, can be
triggered by passing a maliciously crafted .flac file to the libFLAC decoder.
References
SRPMS
4/core
- flac-1.3.0-2.1.mga4