Ubuntu Patches Vorbis Tools

May 09, 2008

The Ubuntu security team has released an update to close a vulnerability in the Vorbis Tools for editing music files in Ogg-Vorbis format.

The free Speex speech codec is the root of the problem as it does not perform sufficient checks when editing file headers. A manipulated Speex files could give an attacker the ability to launch denial of service attacks against applications that rely on Speex. This could also open up a vector to executing arbitrary code, the Ubuntu security advisory warns.

Ubuntu versions from 6.06 to 7.04, 7.10 and 8.04 are affected. The corresponding Kubuntu, Edubuntu and Xubuntu distributions also have the bug. Users should use the update feature to update their systems say the developers.

Related content

comments powered by Disqus

Issue 19: Linux Shell Handbook 5th Ed./Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

News