MDKSA-2007:058

Package name

ekiga

Date

2007-03-08

Advisory ID

MDKSA-2007:058

Affected versions

2007.0 x86_64 , 2007.0 i586

Problem description

A format string flaw was discovered in how ekiga processes certain
messages, which could permit a remote attacker that can connect to
ekiga to potentially execute arbitrary code with the privileges of
the user running ekiga. This is similar to the previous
CVE-2007-1006, but the original evaluation/patches were incomplete.

Updated package have been patched to correct this issue.

Updated packages

2007.0 x86_64

 d1044e6da6359f45c05b5b9633eb9b3e  2007.0/x86_64/ekiga-2.0.3-1.2mdv2007.0.x86_64.rpm 
 6553d806ec25e8e7b3bf954d0522f126  2007.0/SRPMS/ekiga-2.0.3-1.2mdv2007.0.src.rpm

2007.0 i586

 f1864ecddf6bd6f89ca97ae2f62e102a  2007.0/i586/ekiga-2.0.3-1.2mdv2007.0.i586.rpm 
 6553d806ec25e8e7b3bf954d0522f126  2007.0/SRPMS/ekiga-2.0.3-1.2mdv2007.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0999