Package : ekg Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665
Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2005-2370
It was discovered that memory alignment errors may allow remote attackers to cause a denial of service on certain architectures such as sparc. This only affects Debian Sarge.
CVE-2005-2448
It was discovered that several endianess errors may allow remote attackers to cause a denial of service. This only affects Debian Sarge.
CVE-2007-1663
It was discovered that a memory leak in handling image messages may lead to denial of service. This only affects Debian Etch.
CVE-2007-1664
It was discovered that a null pointer deference in the token OCR code may lead to denial of service. This only affects Debian Etch.
CVE-2007-1665
It was discovered that a memory leak in the token OCR code may lead to denial of service. This only affects Debian Etch.
For the oldstable distribution (sarge) these problems have been fixed in version 1.5+20050411-7. This updates lacks updated packages for the m68k architecture. They will be provided later.
For the stable distribution (etch) these problems have been fixed in version 1:1.7~rc2-1etch1.
For the unstable distribution (sid) these problems have been fixed in version 1:1.7~rc2-2.
We recommend that you upgrade your ekg packages.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------