Ubuntu Patches Vorbis Tools
The Ubuntu security team has released an update to close a vulnerability in the Vorbis Tools for editing music files in Ogg-Vorbis format.
The free Speex speech codec is the root of the problem as it does not perform sufficient checks when editing file headers. A manipulated Speex files could give an attacker the ability to launch denial of service attacks against applications that rely on Speex. This could also open up a vector to executing arbitrary code, the Ubuntu security advisory warns.
Ubuntu versions from 6.06 to 7.04, 7.10 and 8.04 are affected. The corresponding Kubuntu, Edubuntu and Xubuntu distributions also have the bug. Users should use the update feature to update their systems say the developers.