A format string vulnerability in Ekiga may allow the remote execution of arbitrary code.
|Package||net-voip/ekiga on all architectures|
|Affected versions||< 2.0.7|
|Unaffected versions||>= 2.0.7|
Ekiga is an open source VoIP and video conferencing application.
Mu Security has discovered that Ekiga fails to implement formatted printing correctly.
An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a specially crafted Q.931 SETUP packet to a victim.
There is no known workaround at this time.
All Ekiga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-voip/ekiga-2.0.7"
March 29, 2007
May 28, 2009: 02