Synopsis: Critical: HelixPlayer removal
Issue date: 2010-12-14
CVE Names: CVE-2010-2997 CVE-2010-4375 CVE-2010-4378
CVE-2010-4379 CVE-2010-4382 CVE-2010-4383
CVE-2010-4384 CVE-2010-4385 CVE-2010-4386
CVE-2010-4392
Multiple security flaws were discovered in RealPlayer. Helix Player and
RealPlayer share a common source code base; therefore, some of the flaws
discovered in RealPlayer may also affect Helix Player. Some of these
flaws could, when opening, viewing, or playing a malicious media file or
stream, lead to arbitrary code execution with the privileges of the user
running Helix Player. (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378,
CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384,
CVE-2010-4385, CVE-2010-4386, CVE-2010-4392)
Our removal packages have nothing in them but a README, so the
HelixPlayer program will be removed from your SL 4 machine, but you will
still have a package called HelixPlayer.
Note: Just to be clear. You will still have a package called
HelixPlayer on your machine, but there will not be any program in it.
It will be an empty rpm.
SL 4.x
SRPMS:
HelixPlayer-1.0.6-3.sl4.1.src.rpm
i386:
HelixPlayer-1.0.6-3.sl4.1.i386.rpm
HelixPlayer-uninstall-1.0.6-3.sl4.1.i386.rpm
x86_64:
HelixPlayer-1.0.6-3.sl4.1.i386.rpm
HelixPlayer-uninstall-1.0.6-3.sl4.1.i386.rpm
-Connie Sieh
-Troy Dawson
|