SynopsisThe remote Debian host is missing a security update.
DescriptionSeveral issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec.
The fix for CVE-2017-14160 and CVE-2018-10393 improve the bound checking for very low sample rates.
CVE-2018-10392 was found because the number of channels was not validated and a remote attacker could cause a denial of service.
For Debian 8 'Jessie', these problems have been fixed in version 1.3.4-2+deb8u2.
We recommend that you upgrade your libvorbis packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.