Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 127352 - media-video/realplayer: buffer overrun via swf file (CVE-2006-0323)
Summary: media-video/realplayer: buffer overrun via swf file (CVE-2006-0323)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://www.service.real.com/realplaye...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-23 12:27 UTC by Matthias Geerdsen (RETIRED)
Modified: 2006-03-26 13:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2006-03-23 12:27:15 UTC 
according to above URL, linux realplayer 10.0.6 is affected by:

Vulnerability 2:
The identified vulnerability is a malicious swf file (flash media) which could cause a buffer overrun on a customer's machine.
CVE-2006-0323

media-video, pls update the ebuild
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2006-03-23 12:32:07 UTC 
setting to B2
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2006-03-23 12:41:08 UTC 
Too bad there's no 10.0.0.7 version on the download page :/
Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2006-03-23 12:54:53 UTC 
hm, what about 10.0.7 on https://player.helixcommunity.org/2005/downloads/ ?
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2006-03-23 13:42:51 UTC 
Gah, it wasn't there when I looked... time to update the ebuild now.
Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev 2006-03-23 15:43:02 UTC 
ebuild is there, arches pls test
(commited directly to stable, just wanted to be on the save side)
Comment 6 Chris White (RETIRED) gentoo-dev 2006-03-23 21:09:54 UTC 
Yup, x86 is good to go.
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2006-03-26 09:28:23 UTC 
This is ready, though amd64 could still have a look.
Comment 8 Danny van Dyk (RETIRED) gentoo-dev 2006-03-26 12:24:41 UTC 
Looks good on amd64. Removing from CC.
Comment 9 Matthias Geerdsen (RETIRED) gentoo-dev 2006-03-26 13:29:21 UTC 
this is GLSA 200603-24

thanks everyone