|
|
| Problem Description |
A flaw in opal, the Open Phone Abstraction Library, was found in
how it handles certain Session Initiation Protocol (SIP) packets.
An attacker could use this vulnerability to crash an application
linked to opal, such as Ekiga.
Updated packages have been patched to prevent these issues.
| Updated Packages |
Mandriva Linux 2007
337dc6f6f00747d93d833d462b388001 2007.0/i586/libopal2-2.2.3-1.1mdv2007.0.i586.rpm 72b7fa693dcfa0bd9eb947c9efc48089 2007.0/i586/libopal2-devel-2.2.3-1.1mdv2007.0.i586.rpm ee93a37f7426e9564f93ea526a60f3f6 2007.0/SRPMS/opal-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
c4502c7d03ddecd7a2fa0aa788888594 2007.0/x86_64/lib64opal2-2.2.3-1.1mdv2007.0.x86_64.rpm 3acdb9831b86988832032c61de7178b3 2007.0/x86_64/lib64opal2-devel-2.2.3-1.1mdv2007.0.x86_64.rpm ee93a37f7426e9564f93ea526a60f3f6 2007.0/SRPMS/opal-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1
d544b489474818208d00d1a2abcf6821 2007.1/i586/libopal2-2.2.6-1.1mdv2007.1.i586.rpm 689aef82cbaf8bf1a0dbea2e688a44ea 2007.1/i586/libopal2-devel-2.2.6-1.1mdv2007.1.i586.rpm 72fef0012c30c0771b97bc0aadcd47fe 2007.1/SRPMS/opal-2.2.6-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
cdaf928352d65caa57c00068467f74e8 2007.1/x86_64/lib64opal2-2.2.6-1.1mdv2007.1.x86_64.rpm 2b6695ed410c7ec3021b7e194d603fca 2007.1/x86_64/lib64opal2-devel-2.2.6-1.1mdv2007.1.x86_64.rpm 72fef0012c30c0771b97bc0aadcd47fe 2007.1/SRPMS/opal-2.2.6-1.1mdv2007.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4924
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.