First published: Mon Dec 03 2012(Updated: )
A denial of service flaw was found in the way Ekiga, a Gnome based SIP/H323 teleconferencing application, processed information from certain OPAL connections (UTF-8 strings were not verified for validity prior showing them). A remote attacker (other party with a not UTF-8 valid name) could use this flaw to cause ekiga executable crash. Upstream bug report: [1] <a href="https://bugzilla.gnome.org/show_bug.cgi?id=653009">https://bugzilla.gnome.org/show_bug.cgi?id=653009</a> Relevant upstream patch: [2] <a href="http://git.gnome.org/browse/ekiga/commit/?id=7d09807257">http://git.gnome.org/browse/ekiga/commit/?id=7d09807257</a> References: [3] <a href="http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news">http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ekiga Ekiga | <=3.9.90 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.