An updated flac package to correct a security issue is now available for
CentOS Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC
encoder and decoder in library form, a program to encode and decode FLAC
files, a metadata editor for FLAC files and input plugins for various music
A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)
Users of flac are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.