Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service or possibly execute arbitrary code via a crafted .ogg file. For the oldstable distribution , these problems have been fixed in version 1.1.2.dfsg-1.4+etch1. For the stable distribution , these problems have been fixed in version 1.2.0.dfsg-3.1+lenny1. For the testing distribution and the unstable distribution , these problems have been fixed in version 1.2.3-1 We recommend that you upgrade your libvorbis packages.