USN-426-1: Ekiga vulnerabilities

22 February 2007

Ekiga vulnerabilities

Releases

Ubuntu 6.10
Ubuntu 6.06
Ubuntu 5.10

Details

Mu Security discovered a format string vulnerability in Ekiga. If a
user was running Ekiga and listening for incoming calls, a remote
attacker could send a crafted call request, and execute arbitrary code
with the user's privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10

ekiga - 2.0.3-0ubuntu3.1

Ubuntu 6.06

ekiga - 2.0.1-0ubuntu6.1

Ubuntu 5.10

gnomemeeting - 1.2.2-1ubuntu1.1

After a standard system upgrade you need to restart Ekiga to effect the
necessary changes.

References

CVE-2007-1006
CVE-2007-1007

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›