INTERACT FORUM

More => Old Versions => Media Center 12 (Development Ended) => Topic started by: John Gateley on November 20, 2007, 10:00:41 am

Title: FLAC Security Issues
Post by: John Gateley on November 20, 2007, 10:00:41 am

eEye and CERT have released a list of security problems with the FLAC library:
http://research.eeye.com/html/advisories/published/AD20071115.html
http://www.kb.cert.org/vuls/id/544656

If you use FLAC, please upgrade to Media Center 12.0.368 or later.

Thanks,

j

Title: Re: FLAC Security Issues
Post by: hit_ny on November 20, 2007, 11:01:21 am

Thx for the heads up, searching around on the cert site brought up a recent flash player vulnerability

http://www.adobe.com/support/security/bulletins/apsb07-12.html

Title: Re: FLAC Security Issues
Post by: Alex B on November 20, 2007, 11:45:22 am

There's an on-going thread about these issues on HA.

I kind of tried to ask what is the actual practical risk when an old FLAC decoder is used, but I have not received a practical answer yet.

http://www.hydrogenaudio.org/forums/index.php?showtopic=59129

Title: Re: FLAC Security Issues
Post by: John Gateley on November 20, 2007, 12:10:56 pm

I didn't look too closely into it, but I saw no reports of actual exploits existing in the wild.

j

Title: Re: FLAC Security Issues
Post by: hit_ny on November 21, 2007, 01:40:50 am

Here's one

http://www.wired.com/techbiz/media/news/2007/11/doubleclick?showAllComments=true

an ongoing issue with flash and can target any browser (with the flash plugin) regardless of the OS (!).