FrSIRT - Fedora Security Update Fixes FLAC Integer Overflow Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes FLAC Integer Overflow Vulnerabilities

Title : Fedora Security Update Fixes FLAC Integer Overflow Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3736
CVE ID : CVE-2007-4619
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-06

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by remote attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

d13f596a51b7a567d7f510c524c48a0ab3864872 SRPMS/flac-1.1.2-28.src.rpm
d13f596a51b7a567d7f510c524c48a0ab3864872 noarch/flac-1.1.2-28.src.rpm
99b3496adcbdbffd75a8283753426b841e776d2c ppc/flac-devel-1.1.2-28.ppc.rpm
cad0e51d1c05edff6cfea886b277ce90c99a7cf6 ppc/debug/flac-debuginfo-1.1.2-28.ppc.rpm
676a889a91f5ceab84813963d352af01f68ebf3b ppc/flac-1.1.2-28.ppc.rpm
8f645b35e6577dafe7e6d6efda9c6f8ad29394d4 x86_64/flac-devel-1.1.2-28.x86_64.rpm
b9b7bf06709a8940c064d4965e468bd2cf0e3e30 x86_64/debug/flac-debuginfo-1.1.2-28.x86_64.rpm
8e145843b4f8755ba7a6278e5c2da6b91ce2eb73 x86_64/flac-1.1.2-28.x86_64.rpm
f53b849034898ae36eba22bd1e78e0be5c727ccb i386/flac-1.1.2-28.i386.rpm
c7943c4c5ca02d9cac4a25422381f4210af7c357 i386/flac-devel-1.1.2-28.i386.rpm
80af663aee6f8b826de2f999461120187920a471 i386/debug/flac-debuginfo-1.1.2-28.i386.rpm

ChangeLog

2007-11-06 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service

	Sun Solaris NFS RPC Zone Denial of Service Vulnerability
	Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability
	Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability
	Sun Java System Portal Server Cross Site Scripting Vulnerability
	Sun rdesktop Code Execution and Denial of Service
	Sun Java System Web Proxy Server Denial of Service Vulnerability
	Sun Solaris "sendfilev()" System Call Denial of Service Vulnerability