Synopsis: Critical: HelixPlayer removal Issue date: 2010-12-14 CVE Names: CVE-2010-2997 CVE-2010-4375 CVE-2010-4378 CVE-2010-4379 CVE-2010-4382 CVE-2010-4383 CVE-2010-4384 CVE-2010-4385 CVE-2010-4386 CVE-2010-4392 Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, lead to arbitrary code execution with the privileges of the user running Helix Player. (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392) Our removal packages have nothing in them but a README, so the HelixPlayer program will be removed from your SL 4 machine, but you will still have a package called HelixPlayer. Note: Just to be clear. You will still have a package called HelixPlayer on your machine, but there will not be any program in it. It will be an empty rpm. SL 4.x SRPMS: HelixPlayer-1.0.6-3.sl4.1.src.rpm i386: HelixPlayer-1.0.6-3.sl4.1.i386.rpm HelixPlayer-uninstall-1.0.6-3.sl4.1.i386.rpm x86_64: HelixPlayer-1.0.6-3.sl4.1.i386.rpm HelixPlayer-uninstall-1.0.6-3.sl4.1.i386.rpm -Connie Sieh -Troy Dawson