Fedora 18 : ekiga-4.0.1-1.fc18 / opal-3.10.10-1.fc18 / ptlib-2.10.10-1.fc18 (2013-2998)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

New upstream ekiga 4.0.1 release

- Core fixes

- Fix crash when quitting ekiga while receiving presence
information

- Fix crash when quitting ekiga right after starting it
(before STUN ending)

- Fix crash when disabling an account while icons in
roster are changing

- Fix crash when receiving call a second time

- Fix crash in XML parsing in case of malicious code
(CVE-2012-5621)

- Fix increasing CPU usage after hours of usage caused
by endless OPTIONS

- Several fixes for H.323 :

- fix H.323 parsing

- add the username in authentication

- fix unregistering the gatekeeper

- fix registration

- assign gk_name only if success

- do not propose adding an H.323 account if the protocol
is not built-in

- Fix registration for registrars accepting the last
Contact item offered

- Allow to change the REGISTER compatibility mode of an
existing registration

- Fix impossibility to hangup active call after a missed
call

- Fix busy or call forwarding on busy occuring when
connection is released

- Fix subscribing/unsubscribing when enabling and
disabling SIP accounts

- Do not show is-typing messages sent by other programs
during chatting

- Stop ongoing registration when remove account

- Use meaningful names for ALSA sub-devices

- Allow to enter contact addresses without host part,
and choose the host later

- Increase number of characters shown in device names

- Use a better icon for call history in addressbook

- Show the address instead of 'telephoneNumber' in
addressbook

- Deactivate NullAudio ptlib's device for audio input
too

- Do not send OPTIONS messages once the account is
disabled

- Hide the main window immediately on exit

- Handle xa status as away

- Fix debugging message when registering

- Fix race condition leading to duplicate entry in call
history

- Fix incoming call if two INVITE's in a fork arrive
very close together

- Use correct username in OPTIONS messages

- Allow to have message waiting indication even if
asterisk's vmexten is off

- Send OPTION only on the right interface

- Fix buttons direction in dialpad for RTL languages

- Fix aborting RTP receiver with Polycom HDX8000

- Fix possible incorrect jitter calculation for RTCP

- Only kill REGISTER/SUBSCRIBE forks if a 'try again'
response is received

- Various other fixes

- Distributor-visible changes

- Build fixes

- Fix building opal when java SDK installed and swig is
not

- Some code cleanup

- Translation updates

- Update translations: fr, ml, pt_BR

- Update help translations: pt_BR

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=883058
http://www.nessus.org/u?4d5e0df1
http://www.nessus.org/u?ce850127
http://www.nessus.org/u?07354ba4

Solution :

Update the affected ekiga, opal and / or ptlib packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 64984 ()

Bugtraq ID: 56790

CVE ID: CVE-2012-5621
CVE-2013-1864

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now