Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 89862

Summary: media-video/[realplayer,helixplayer] RAM file buffer overflow (CAN-2005-0755)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: media-video
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://service.real.com/help/faq/security/050419_player/EN/
Whiteboard: A2 [glsa] koon
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-04-20 13:24:22 UTC 
To fashion a malicious RAM file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-04-21 00:57:12 UTC 
media-video: please bump both to 10.0.4
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-04-21 04:11:24 UTC 
Committed realplayer-10.0.4 and helixplayer-1.0.4 (respectively "-* ~x86 ~amd64" and "-*").
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-04-21 05:16:00 UTC 
Arches, please test and keyword as:

realplayer-10.0.4: x86 ~amd64
helixplayer-10.0.4: ~x86
Comment 4 Herbie Hopkins (RETIRED) gentoo-dev 2005-04-21 06:54:47 UTC 
Nothing to be done for amd64 then.
Comment 5 Olivier Crete (RETIRED) gentoo-dev 2005-04-21 09:35:08 UTC 
shouldnt helixplayer and realplayer block each other? They both install /opt/netscape/plugins/nphelix.so 

Both are marked for x86
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-04-22 05:50:20 UTC 
GLSA 200504-21
Thanks formula7 for the draft