Fedora 17 : ekiga-4.0.1-1.fc17 / opal-3.10.10-1.fc17 / ptlib-2.10.10-1.fc17 (2013-2890)

medium Nessus Plugin ID 64983

Synopsis

The remote Fedora host is missing one or more security updates.

Description

New upstream ekiga 4.0.1 release

- Core fixes

- Fix crash when quitting ekiga while receiving presence information

- Fix crash when quitting ekiga right after starting it (before STUN ending)

- Fix crash when disabling an account while icons in roster are changing

- Fix crash when receiving call a second time

- Fix crash in XML parsing in case of malicious code (CVE-2012-5621)

- Fix increasing CPU usage after hours of usage caused by endless OPTIONS

- Several fixes for H.323 :

- fix H.323 parsing

- add the username in authentication

- fix unregistering the gatekeeper

- fix registration

- assign gk_name only if success

- do not propose adding an H.323 account if the protocol is not built-in

- Fix registration for registrars accepting the last Contact item offered

- Allow to change the REGISTER compatibility mode of an existing registration

- Fix impossibility to hangup active call after a missed call

- Fix busy or call forwarding on busy occuring when connection is released

- Fix subscribing/unsubscribing when enabling and disabling SIP accounts

- Do not show is-typing messages sent by other programs during chatting

- Stop ongoing registration when remove account

- Use meaningful names for ALSA sub-devices

- Allow to enter contact addresses without host part, and choose the host later

- Increase number of characters shown in device names

- Use a better icon for call history in addressbook

- Show the address instead of 'telephoneNumber' in addressbook

- Deactivate NullAudio ptlib's device for audio input too

- Do not send OPTIONS messages once the account is disabled

- Hide the main window immediately on exit

- Handle xa status as away

- Fix debugging message when registering

- Fix race condition leading to duplicate entry in call history

- Fix incoming call if two INVITE's in a fork arrive very close together

- Use correct username in OPTIONS messages

- Allow to have message waiting indication even if asterisk's vmexten is off

- Send OPTION only on the right interface

- Fix buttons direction in dialpad for RTL languages

- Fix aborting RTP receiver with Polycom HDX8000

- Fix possible incorrect jitter calculation for RTCP

- Only kill REGISTER/SUBSCRIBE forks if a 'try again' response is received

- Various other fixes

- Distributor-visible changes

- Build fixes

- Fix building opal when java SDK installed and swig is not

- Some code cleanup

- Translation updates

- Update translations: fr, ml, pt_BR

- Update help translations: pt_BR

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected ekiga, opal and / or ptlib packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=883058

http://www.nessus.org/u?b6b56499

http://www.nessus.org/u?2eeeefa0

http://www.nessus.org/u?43429d55

Plugin Details

Severity: Medium

ID: 64983

File Name: fedora_2013-2890.nasl

Version: 1.13

Type: local

Agent: unix

Published: 3/4/2013

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:ekiga, p-cpe:/a:fedoraproject:fedora:opal, p-cpe:/a:fedoraproject:fedora:ptlib, cpe:/o:fedoraproject:fedora:17

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/24/2013

Vulnerability Publication Date: 9/29/2014

Reference Information

CVE: CVE-2012-5621

BID: 56790

FEDORA: 2013-2890