Synopsis:	Critical: HelixPlayer removal
Issue date:	2010-12-14
CVE Names:	CVE-2010-2997 CVE-2010-4375 CVE-2010-4378
                   CVE-2010-4379 CVE-2010-4382 CVE-2010-4383
                   CVE-2010-4384 CVE-2010-4385 CVE-2010-4386
                   CVE-2010-4392

Multiple security flaws were discovered in RealPlayer. Helix Player and
RealPlayer share a common source code base; therefore, some of the flaws
discovered in RealPlayer may also affect Helix Player. Some of these 
flaws could, when opening, viewing, or playing a malicious media file or 
stream, lead to arbitrary code execution with the privileges of the user 
running Helix Player. (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, 
CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, 
CVE-2010-4385, CVE-2010-4386, CVE-2010-4392)

Our removal packages have nothing in them but a README, so the
HelixPlayer program will be removed from your SL 4 machine, but you will 
still have a package called HelixPlayer.

Note: Just to be clear.  You will still have a package called 
HelixPlayer on your machine, but there will not be any program in it. 
It will be an empty rpm.

SL 4.x

     SRPMS:
HelixPlayer-1.0.6-3.sl4.1.src.rpm
     i386:
HelixPlayer-1.0.6-3.sl4.1.i386.rpm
HelixPlayer-uninstall-1.0.6-3.sl4.1.i386.rpm
     x86_64:
HelixPlayer-1.0.6-3.sl4.1.i386.rpm
HelixPlayer-uninstall-1.0.6-3.sl4.1.i386.rpm

-Connie Sieh
-Troy Dawson