Fedora 18 : ekiga-4.0.1-1.fc18 / opal-3.10.10-1.fc18 / ptlib-2.10.10-1.fc18 (2013-2998)

Medium Nessus Plugin ID 64984


The remote Fedora host is missing one or more security updates.


New upstream ekiga 4.0.1 release

- Core fixes

- Fix crash when quitting ekiga while receiving presence information

- Fix crash when quitting ekiga right after starting it (before STUN ending)

- Fix crash when disabling an account while icons in roster are changing

- Fix crash when receiving call a second time

- Fix crash in XML parsing in case of malicious code (CVE-2012-5621)

- Fix increasing CPU usage after hours of usage caused by endless OPTIONS

- Several fixes for H.323 :

- fix H.323 parsing

- add the username in authentication

- fix unregistering the gatekeeper

- fix registration

- assign gk_name only if success

- do not propose adding an H.323 account if the protocol is not built-in

- Fix registration for registrars accepting the last Contact item offered

- Allow to change the REGISTER compatibility mode of an existing registration

- Fix impossibility to hangup active call after a missed call

- Fix busy or call forwarding on busy occuring when connection is released

- Fix subscribing/unsubscribing when enabling and disabling SIP accounts

- Do not show is-typing messages sent by other programs during chatting

- Stop ongoing registration when remove account

- Use meaningful names for ALSA sub-devices

- Allow to enter contact addresses without host part, and choose the host later

- Increase number of characters shown in device names

- Use a better icon for call history in addressbook

- Show the address instead of 'telephoneNumber' in addressbook

- Deactivate NullAudio ptlib's device for audio input too

- Do not send OPTIONS messages once the account is disabled

- Hide the main window immediately on exit

- Handle xa status as away

- Fix debugging message when registering

- Fix race condition leading to duplicate entry in call history

- Fix incoming call if two INVITE's in a fork arrive very close together

- Use correct username in OPTIONS messages

- Allow to have message waiting indication even if asterisk's vmexten is off

- Send OPTION only on the right interface

- Fix buttons direction in dialpad for RTL languages

- Fix aborting RTP receiver with Polycom HDX8000

- Fix possible incorrect jitter calculation for RTCP

- Only kill REGISTER/SUBSCRIBE forks if a 'try again' response is received

- Various other fixes

- Distributor-visible changes

- Build fixes

- Fix building opal when java SDK installed and swig is not

- Some code cleanup

- Translation updates

- Update translations: fr, ml, pt_BR

- Update help translations: pt_BR

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected ekiga, opal and / or ptlib packages.

See Also





Plugin Details

Severity: Medium

ID: 64984

File Name: fedora_2013-2998.nasl

Version: $Revision: 1.10 $

Type: local

Agent: unix

Published: 2013/03/04

Modified: 2016/05/09

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:ekiga, p-cpe:/a:fedoraproject:fedora:opal, p-cpe:/a:fedoraproject:fedora:ptlib, cpe:/o:fedoraproject:fedora:18

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/02/24

Reference Information

CVE: CVE-2012-5621, CVE-2013-1864

BID: 56790

FEDORA: 2013-2998