SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3933

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3933

Security update for flac

Type: security

Severity: moderate

Issued: 2020-12-24

Description:

This update for flac fixes the following issues:

- CVE-2020-0487: Fixed a memory leak (bsc#1180112).
- CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099).

References

CVE: CVE-2020-0499
CVE: CVE-2020-0487
Bugzilla: 1180112 VUL-0: CVE-2020-0487: flac: In read_metadata_vorbiscomment_ of stream_decoder.c, there is possible memory exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User inte
Bugzilla: 1180099 VUL-0: CVE-2020-0499: flac: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privil

Packages

flac-1.3.2-3.6.1