MGASA-2013-0138
Date: | May 9th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated ekiga, opal3, ptlib packages fix security vulnerability:
A denial of service flaw was found in the way Ekiga processed information
from certain OPAL connections (UTF-8 strings were not verified for validity
prior showing them). A remote attacker (other party with a not UTF-8 valid
name) could use this flaw to cause ekiga executable crash (CVE-2012-5621).
Updated Packages:
i586:
ekiga-4.0.1-1.mga2.i586.rpm
ekiga-debug-4.0.1-1.mga2.i586.rpm
libopal3.10.10-3.10.10-1.mga2.i586.rpm
libopal3.10.10-plugins-3.10.10-1.mga2.i586.rpm
libopal3-devel-3.10.10-1.mga2.i586.rpm
opal3-debug-3.10.10-1.mga2.i586.rpm
libpt2.10.10-2.10.10-1.mga2.i586.rpm
libpt2.10.10-plugins-2.10.10-1.mga2.i586.rpm
libpt2.10.10-plugins-avc-2.10.10-1.mga2.i586.rpm
libpt2.10.10-plugins-dc-2.10.10-1.mga2.i586.rpm
libpt-devel-2.10.10-1.mga2.i586.rpm
ptlib-debug-2.10.10-1.mga2.i586.rpm
x86_64:
ekiga-4.0.1-1.mga2.x86_64.rpm
ekiga-debug-4.0.1-1.mga2.x86_64.rpm
lib64opal3.10.10-3.10.10-1.mga2.x86_64.rpm
lib64opal3.10.10-plugins-3.10.10-1.mga2.x86_64.rpm
lib64opal3-devel-3.10.10-1.mga2.x86_64.rpm
opal3-debug-3.10.10-1.mga2.x86_64.rpm
lib64pt2.10.10-2.10.10-1.mga2.x86_64.rpm
lib64pt2.10.10-plugins-2.10.10-1.mga2.x86_64.rpm
lib64pt2.10.10-plugins-avc-2.10.10-1.mga2.x86_64.rpm
lib64pt2.10.10-plugins-dc-2.10.10-1.mga2.x86_64.rpm
lib64pt-devel-2.10.10-1.mga2.x86_64.rpm
ptlib-debug-2.10.10-1.mga2.x86_64.rpm
SRPMS:
ekiga-4.0.1-1.mga2.src.rpm
opal3-3.10.10-1.mga2.src.rpm
ptlib-2.10.10-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5621
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099555.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html
https://bugs.mageia.org/show_bug.cgi?id=9254