View Full Version : USN-562-1: opal vulnerability

January 9th, 2008, 07:40 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-562-1 January 08, 2008 opal vulnerability CVE-2007-4924 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libopal-2.2.0 2.2.1-1ubuntu1.1 Ubuntu 6.10: libopal-2.2.0 2.2.3.dfsg-0ubuntu2.1 Ubuntu 7.04: libopal-2.2.0 2.2.3.dfsg-2ubuntu2.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service.

More... (http://www.ubuntu.com/usn/usn-562-1)