Bug 127352

Summary:	media-video/realplayer: buffer overrun via swf file (CVE-2006-0323)
Product:	Gentoo Security	Reporter:	Matthias Geerdsen (RETIRED) <vorlon>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	media-video
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.service.real.com/realplayer/security/03162006_player/en/
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Matthias Geerdsen (RETIRED) gentoo-dev

2006-03-23 12:27:15 UTC

according to above URL, linux realplayer 10.0.6 is affected by:

Vulnerability 2:
The identified vulnerability is a malicious swf file (flash media) which could cause a buffer overrun on a customer's machine.
CVE-2006-0323

media-video, pls update the ebuild

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2006-03-23 12:32:07 UTC

setting to B2

Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev

2006-03-23 12:41:08 UTC

Too bad there's no 10.0.0.7 version on the download page :/

Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev

2006-03-23 12:54:53 UTC

hm, what about 10.0.7 on https://player.helixcommunity.org/2005/downloads/ ?

Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev

2006-03-23 13:42:51 UTC

Gah, it wasn't there when I looked... time to update the ebuild now.

Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev

2006-03-23 15:43:02 UTC

ebuild is there, arches pls test
(commited directly to stable, just wanted to be on the save side)

Comment 6 Chris White (RETIRED) gentoo-dev

2006-03-23 21:09:54 UTC

Yup, x86 is good to go.

Comment 7 Thierry Carrez (RETIRED) gentoo-dev

2006-03-26 09:28:23 UTC

This is ready, though amd64 could still have a look.

Comment 8 Danny van Dyk (RETIRED) gentoo-dev

2006-03-26 12:24:41 UTC

Looks good on amd64. Removing from CC.

Comment 9 Matthias Geerdsen (RETIRED) gentoo-dev

2006-03-26 13:29:21 UTC

this is GLSA 200603-24

thanks everyone