Security update for flac SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:3933-1 Final 1 1 2020-12-24T11:36:42Z current 2020-12-24T11:36:42Z 2020-12-24T11:36:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for flac This update for flac fixes the following issues: - CVE-2020-0487: Fixed a memory leak (bsc#1180112). - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server-2020-3933,Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server-2020-3933,Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server-2020-3933,SUSE-2020-3933,SUSE-SLE-Module-Basesystem-15-SP1-2020-3933,SUSE-SLE-Module-Basesystem-15-SP2-2020-3933,SUSE-SLE-Module-Basesystem-15-SP3-2020-3933,SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-3933,SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3933,SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2020-3933,SUSE-SLE-Product-HPC-15-2020-3933,SUSE-SLE-Product-SLES-15-2020-3933,SUSE-SLE-Product-SLES_SAP-15-2020-3933 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20203933-1/ Link for SUSE-SU-2020:3933-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008120.html E-Mail link for SUSE-SU-2020:3933-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1180099 SUSE Bug 1180099 https://bugzilla.suse.com/1180112 SUSE Bug 1180112 https://www.suse.com/security/cve/CVE-2020-0487/ SUSE CVE CVE-2020-0487 page https://www.suse.com/security/cve/CVE-2020-0499/ SUSE CVE CVE-2020-0499 page Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Package Hub 15 SP1 SUSE Linux Enterprise Module for Package Hub 15 SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 libFLAC8-1.3.2-3.6.1 flac-1.3.2-3.6.1 flac-devel-1.3.2-3.6.1 flac-devel-32bit-1.3.2-3.6.1 flac-devel-64bit-1.3.2-3.6.1 flac-doc-1.3.2-3.6.1 libFLAC++6-1.3.2-3.6.1 libFLAC++6-32bit-1.3.2-3.6.1 libFLAC++6-64bit-1.3.2-3.6.1 libFLAC8-32bit-1.3.2-3.6.1 libFLAC8-64bit-1.3.2-3.6.1 libFLAC8-1.3.2-3.6.1 as a component of Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server libFLAC8-1.3.2-3.6.1 as a component of Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server libFLAC8-1.3.2-3.6.1 as a component of Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server flac-devel-1.3.2-3.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libFLAC++6-1.3.2-3.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libFLAC8-1.3.2-3.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS flac-devel-1.3.2-3.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libFLAC++6-1.3.2-3.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libFLAC8-1.3.2-3.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS flac-devel-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libFLAC++6-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libFLAC8-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 flac-devel-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libFLAC++6-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 libFLAC8-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 flac-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP1 libFLAC8-32bit-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP1 flac-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP2 libFLAC8-32bit-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP2 flac-devel-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Server 15-LTSS libFLAC++6-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Server 15-LTSS libFLAC8-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Server 15-LTSS flac-devel-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libFLAC++6-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libFLAC8-1.3.2-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. CVE-2020-0487 Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server:libFLAC8-1.3.2-3.6.1 Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server:libFLAC8-1.3.2-3.6.1 Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP1:flac-1.3.2-3.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP1:libFLAC8-32bit-1.3.2-3.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP2:flac-1.3.2-3.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP2:libFLAC8-32bit-1.3.2-3.6.1 SUSE Linux Enterprise Server 15-LTSS:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise Server 15-LTSS:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise Server 15-LTSS:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 15:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 15:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 15:libFLAC8-1.3.2-3.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203933-1/ https://www.suse.com/security/cve/CVE-2020-0487.html CVE-2020-0487 https://bugzilla.suse.com/1180112 SUSE Bug 1180112 In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 CVE-2020-0499 Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server:libFLAC8-1.3.2-3.6.1 Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server:libFLAC8-1.3.2-3.6.1 Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP1:flac-1.3.2-3.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP1:libFLAC8-32bit-1.3.2-3.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP2:flac-1.3.2-3.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP2:libFLAC8-32bit-1.3.2-3.6.1 SUSE Linux Enterprise Server 15-LTSS:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise Server 15-LTSS:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise Server 15-LTSS:libFLAC8-1.3.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 15:flac-devel-1.3.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 15:libFLAC++6-1.3.2-3.6.1 SUSE Linux Enterprise Server for SAP Applications 15:libFLAC8-1.3.2-3.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20203933-1/ https://www.suse.com/security/cve/CVE-2020-0499.html CVE-2020-0499 https://bugzilla.suse.com/1180099 SUSE Bug 1180099