From Mageia wiki
Jump to: navigation, search

MGASA-2013-0138

Date: May 9th, 2013
Affected releases: 2
Media: Core


Description:
Updated ekiga, opal3, ptlib packages fix security vulnerability:

A denial of service flaw was found in the way Ekiga processed information
from certain OPAL connections (UTF-8 strings were not verified for validity
prior showing them). A remote attacker (other party with a not UTF-8 valid
name) could use this flaw to cause ekiga executable crash (CVE-2012-5621).


Updated Packages:
i586:
ekiga-4.0.1-1.mga2.i586.rpm
ekiga-debug-4.0.1-1.mga2.i586.rpm
libopal3.10.10-3.10.10-1.mga2.i586.rpm
libopal3.10.10-plugins-3.10.10-1.mga2.i586.rpm
libopal3-devel-3.10.10-1.mga2.i586.rpm
opal3-debug-3.10.10-1.mga2.i586.rpm
libpt2.10.10-2.10.10-1.mga2.i586.rpm
libpt2.10.10-plugins-2.10.10-1.mga2.i586.rpm
libpt2.10.10-plugins-avc-2.10.10-1.mga2.i586.rpm
libpt2.10.10-plugins-dc-2.10.10-1.mga2.i586.rpm
libpt-devel-2.10.10-1.mga2.i586.rpm
ptlib-debug-2.10.10-1.mga2.i586.rpm

x86_64:
ekiga-4.0.1-1.mga2.x86_64.rpm
ekiga-debug-4.0.1-1.mga2.x86_64.rpm
lib64opal3.10.10-3.10.10-1.mga2.x86_64.rpm
lib64opal3.10.10-plugins-3.10.10-1.mga2.x86_64.rpm
lib64opal3-devel-3.10.10-1.mga2.x86_64.rpm
opal3-debug-3.10.10-1.mga2.x86_64.rpm
lib64pt2.10.10-2.10.10-1.mga2.x86_64.rpm
lib64pt2.10.10-plugins-2.10.10-1.mga2.x86_64.rpm
lib64pt2.10.10-plugins-avc-2.10.10-1.mga2.x86_64.rpm
lib64pt2.10.10-plugins-dc-2.10.10-1.mga2.x86_64.rpm
lib64pt-devel-2.10.10-1.mga2.x86_64.rpm
ptlib-debug-2.10.10-1.mga2.x86_64.rpm

SRPMS:
ekiga-4.0.1-1.mga2.src.rpm
opal3-3.10.10-1.mga2.src.rpm
ptlib-2.10.10-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5621
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099555.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html
https://bugs.mageia.org/show_bug.cgi?id=9254