RedHat: Critical: HelixPlayer security update RHSA-2005:788-01
Summary
Summary
HelixPlayer is a media player. A format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
168078 - CAN-2005-2710 HelixPlayer Format String Flaw
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm
i386:
40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
ppc:
1604bc8fa9eb7d6ef1733d3b047b8cc9 HelixPlayer-1.0.6-0.EL4.1.ppc.rpm
x86_64:
40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm
i386:
40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
x86_64:
40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm
i386:
40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
x86_64:
40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm
i386:
40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
x86_64:
40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2710
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, x86_64
Red Hat Enterprise Linux WS version 4 - i386, x86_64
Bugs Fixed