INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: FLAC Security Issues  (Read 1323 times)

John Gateley

  • Citizen of the Universe
  • *****
  • Posts: 4957
  • Nice haircut
FLAC Security Issues
« on: November 20, 2007, 10:00:41 am »

eEye and CERT have released a list of security problems with the FLAC library:
http://research.eeye.com/html/advisories/published/AD20071115.html
http://www.kb.cert.org/vuls/id/544656

If you use FLAC, please upgrade to Media Center 12.0.368 or later.

Thanks,

j

hit_ny

  • Citizen of the Universe
  • *****
  • Posts: 3310
  • nothing more to say...
Re: FLAC Security Issues
« Reply #1 on: November 20, 2007, 11:01:21 am »

Thx for the heads up, searching around on the cert site brought up a recent flash player vulnerability

http://www.adobe.com/support/security/bulletins/apsb07-12.html
Logged

Alex B

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 10121
  • The Cosmic Bird
Re: FLAC Security Issues
« Reply #2 on: November 20, 2007, 11:45:22 am »

There's an on-going thread about these issues on HA.

I kind of tried to ask what is the actual practical risk when an old FLAC decoder is used, but I have not received a practical answer yet.

http://www.hydrogenaudio.org/forums/index.php?showtopic=59129
Logged
The Cosmic Bird - a triple merger of galaxies: http://eso.org/public/news/eso0755

John Gateley

  • Citizen of the Universe
  • *****
  • Posts: 4957
  • Nice haircut
Re: FLAC Security Issues
« Reply #3 on: November 20, 2007, 12:10:56 pm »

I didn't look too closely into it, but I saw no reports of actual exploits existing in the wild.

j

hit_ny

  • Citizen of the Universe
  • *****
  • Posts: 3310
  • nothing more to say...
Re: FLAC Security Issues
« Reply #4 on: November 21, 2007, 01:40:50 am »

Here's one

http://www.wired.com/techbiz/media/news/2007/11/doubleclick?showAllComments=true

an ongoing issue with flash and can target any browser (with the flash plugin) regardless of the OS (!).
Logged
Pages: [1]   Go Up