Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2008:0812-01] Critical: RealPlayer security update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Critical: RealPlayer security update

Advisory ID: RHSA-2008:0812-01

Product: Red Hat Enterprise Linux Extras

Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0812.html

Issue date: 2008-07-31

=====================================================================

 

1. Summary:

 

RealPlayer 10.0.9 as shipped in Red Hat Enterprise Linux 3 Extras, 4

Extras, and 5 Supplementary, contains a security flaw and should not be

used.

 

This update has been rated as having critical security impact by the Red

Hat Security Response Team.

 

2. Description:

 

RealPlayer is a media player that provides media playback locally and via

streaming.

 

RealPlayer 10.0.9 is vulnerable to a critical security flaw and should no

longer be used. A remote attacker could leverage this flaw to execute

arbitrary code as the user running RealPlayer. (CVE-2007-5400)

 

This issue is addressed in RealPlayer 11. Red Hat is unable to ship

RealPlayer 11 due to additional proprietary codecs included in that

version. Therefore, users who wish to continue to use RealPlayer should get

an update directly from www.real.com.

 

RealPlayer 10.0.9 packages will remain available via Red Hat Network for

those who choose to use them, despite their known security vulnerabilities.

 

3. Solution:

 

Before applying this update, make sure that all previously-released

errata relevant to your system have been applied.

 

This update is available via Red Hat Network. Details on how to use

the Red Hat Network to apply this update are available at

http://kbase.redhat.com/faq/FAQ_58_10188

 

4. Bugs fixed (http://bugzilla.redhat.com/):

 

456855 - CVE-2007-5400 RealPlayer: SWF Frame Handling Buffer Overflow

 

5. References:

 

http://www.redhat.com/security/updates/classification/#critical

 

6. Contact:

 

The Red Hat security contact is . More contact

details at https://www.redhat.com/security/team/contact/

 

Copyright 2008 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFIkeGBXlSAg2UNWIIRAvH3AJkBVmxJ3rSqH9WKYDUxB1YoFhX0jACgpyNb

vu54aLyXeAWRq4VQipzMqXY=

=gjYj

-----END PGP SIGNATURE-----

 

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×