=========================================================== Ubuntu Security Notice USN-426-1 February 22, 2007 ekiga, gnomemeeting vulnerabilities CVE-2007-1006, CVE-2007-1007 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: gnomemeeting 1.2.2-1ubuntu1.1 Ubuntu 6.06 LTS: ekiga 2.0.1-0ubuntu6.1 Ubuntu 6.10: ekiga 2.0.3-0ubuntu3.1 After a standard system upgrade you need to restart Ekiga to effect the necessary changes. Details follow: Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.