Navigation
|
|
| Problem Description |
A format string flaw was discovered in how ekiga processes certain
messages, which could permit a remote attacker that can connect to
ekiga to potentially execute arbitrary code with the privileges of
the user running ekiga. This is similar to the previous
CVE-2007-1006, but the original evaluation/patches were incomplete.
Updated package have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2007
f1864ecddf6bd6f89ca97ae2f62e102a 2007.0/i586/ekiga-2.0.3-1.2mdv2007.0.i586.rpm 6553d806ec25e8e7b3bf954d0522f126 2007.0/SRPMS/ekiga-2.0.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
d1044e6da6359f45c05b5b9633eb9b3e 2007.0/x86_64/ekiga-2.0.3-1.2mdv2007.0.x86_64.rpm 6553d806ec25e8e7b3bf954d0522f126 2007.0/SRPMS/ekiga-2.0.3-1.2mdv2007.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0999
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.