JosÃ© Miguel Esparza discovered that insufficient input validation is performed
on SIP protocol header field 'Content-Length' by opal library used by ekiga.
This flaw can be used to write '\0' byte to attacker-controlled address and
crash ekiga. Ekiga 2.0.10 using opal library 2.2.10 was released to address
Ekiga 2.0.10 release notes:
CVS commit pointed out by upstream:
(some of the previous commits may be required to get complete checks / fix)
Created attachment 208511 [details]
Patch backported from CVS.
Fixed in affected products:
Red Hat Enterprise Linux: