Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service (crash of the player using this library), and possibly arbitrary code execution. For the stable distribution (lenny), this problem has been fixed in version 1.0~beta3-1+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 1.1.0-1. For the unstable distribution (sid), this problem has been fixed in version 1.1.0-1. We recommend that you upgrade your libtheora packages.
Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service (crash of the player using this library), and possibly arbitrary code execution.
For the stable distribution (lenny), this problem has been fixed in version 1.0~beta3-1+lenny1.
For the testing distribution (squeeze), this problem has been fixed in version 1.1.0-1.
For the unstable distribution (sid), this problem has been fixed in version 1.1.0-1.
We recommend that you upgrade your libtheora packages.
MD5 checksums of the listed files are available in the original advisory.