|
|
| Problem Description |
A format string flaw was discovered in how ekiga processes certain
messages, which could permit a remote attacker that can connect to
ekiga to potentially execute arbitrary code with the privileges of
the user running ekiga.
Updated package have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2007
949ddb13d6ec406dda15989adfa6a8a6 2007.0/i586/ekiga-2.0.3-1.1mdv2007.0.i586.rpm 301e55e46ec28ec2f6bb3371e4954f71 2007.0/SRPMS/ekiga-2.0.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
206cffc2e041ffa98edcfa982fd42c14 2007.0/x86_64/ekiga-2.0.3-1.1mdv2007.0.x86_64.rpm 301e55e46ec28ec2f6bb3371e4954f71 2007.0/SRPMS/ekiga-2.0.3-1.1mdv2007.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.