Description of problem: Debian issued an update for ekg patching three denial of service issues, one of them triggerable by malicious Gadu-Gadu user: * Patched three medium severity security issues in src/events.c: - CVE-2007-1663 A memory leak in handling image messages, which may cause memory exhaustion resulting in a DoS (ekg program crash). Exploitable by a hostile GG user. - CVE-2007-1664 off-by-one in token OCR function, which may cause a null pointer dereference resulting in a DoS (ekg program crash). Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG server. - CVE-2007-1665 potential memory exhaust in token OCR function, which may cause memory exhaustion resulting in a DoS (ekg program crash). Exploitable by MiTM (hostile HTTP proxy or TCP stream injection) or a hostile GG server. Version-Release number of selected component (if applicable): ekg-1.7-0.4.rc2.fc7
Created attachment 158077 [details] Fix for three denial of service vulnerabilities in ekg
Fixed and built (available in koji).
ekg-1.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.