+++ This bug was initially created as a clone of Bug #229259 +++ A format string flaw was found in the way Ekiga processes certain messages form remote clients. This flaw could allow a remote attacker to execute arbitrary code as the user running Ekiga. This flaw also affects FC5 -- Additional comment from bressers on 2007-02-19 15:01 EST -- Created an attachment (id=148361) Upstream patch extracted from SVN
They are building now, task http://brewweb.devel.redhat.com/brew/taskinfo?taskID=637346 I wasn't sure whether these would go into -qu-candiate or -candiate, so I took a guess.
failed qa as there is a double vsnprintf which strips the first %s. Looks like a bug. Possible fix: --- main.cpp.orig 2007-03-05 11:31:49.000000000 -0500 +++ main.cpp 2007-03-05 11:33:02.000000000 -0500 @@ -4233,8 +4233,6 @@ { GmWindow *mw = NULL; - char buffer [1025]; - g_return_if_fail (main_window != NULL); mw = gm_mw_get_mw (main_window); @@ -4242,8 +4240,7 @@ va_list args; va_start (args, msg); - vsnprintf (buffer, 1024, msg, args); - gm_statusbar_flash_message (GM_STATUSBAR (mw->statusbar), buffer); + gm_statusbar_flash_message (GM_STATUSBAR (mw->statusbar), msg, args); va_end (args); }
New packages that will hopefully fix - see ekiga-2_0_2-7_0_1
Failed qa due to a double vsnprintf which opened up the format string flaws; so CVE-2007-0999 for the new format string flaws. CVE-2007-0999 impact=critical,source=redhat,reported=20070306,public=20070306
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0087.html