SCIENTIFIC-LINUX-ERRATA Archives

December 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Critical: HelixPlayer on SL4.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 17 Dec 2010 11:29:17 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Synopsis:	Critical: HelixPlayer removal
Issue date:	2010-12-14
CVE Names:	CVE-2010-2997 CVE-2010-4375 CVE-2010-4378
                   CVE-2010-4379 CVE-2010-4382 CVE-2010-4383
                   CVE-2010-4384 CVE-2010-4385 CVE-2010-4386
                   CVE-2010-4392

Multiple security flaws were discovered in RealPlayer. Helix Player and
RealPlayer share a common source code base; therefore, some of the flaws
discovered in RealPlayer may also affect Helix Player. Some of these 
flaws could, when opening, viewing, or playing a malicious media file or 
stream, lead to arbitrary code execution with the privileges of the user 
running Helix Player. (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, 
CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, 
CVE-2010-4385, CVE-2010-4386, CVE-2010-4392)

Our removal packages have nothing in them but a README, so the
HelixPlayer program will be removed from your SL 4 machine, but you will 
still have a package called HelixPlayer.

Note: Just to be clear.  You will still have a package called 
HelixPlayer on your machine, but there will not be any program in it. 
It will be an empty rpm.

SL 4.x

     SRPMS:
HelixPlayer-1.0.6-3.sl4.1.src.rpm
     i386:
HelixPlayer-1.0.6-3.sl4.1.i386.rpm
HelixPlayer-uninstall-1.0.6-3.sl4.1.i386.rpm
     x86_64:
HelixPlayer-1.0.6-3.sl4.1.i386.rpm
HelixPlayer-uninstall-1.0.6-3.sl4.1.i386.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2