USN-3604-1: libvorbis vulnerability
22 March 2018
- libvorbis - The Vorbis General Audio Compression Codec
Richard Zhu discovered that libvorbis incorrectly handled certain sound
files. An attacker could use this to cause libvorbis to crash, resulting in
a denial or service, or possibly execute arbitrary code.
The problem can be corrected by updating your system to the following package versions:
After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.