=========================================================== Ubuntu Security Notice USN-434-1 March 09, 2007 ekiga, gnomemeeting vulnerability CVE-2007-0999 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: gnomemeeting 1.2.2-1ubuntu1.2 Ubuntu 6.06 LTS: ekiga 2.0.1-0ubuntu6.2 Ubuntu 6.10: ekiga 2.0.3-0ubuntu3.2 After a standard system upgrade you need to restart Ekiga or reboot your computer to effect the necessary changes. Details follow: It was discovered that Ekiga had format string vulnerabilities beyond those fixed in USN-426-1. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.