89862 – media-video/[realplayer,helixplayer] RAM file buffer overflow (CAN-2005-0755)

Bug 89862 - media-video/[realplayer,helixplayer] RAM file buffer overflow (CAN-2005-0755)

Summary: media-video/[realplayer,helixplayer] RAM file buffer overflow (CAN-2005-0755)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://service.real.com/help/faq/secu...
Whiteboard:	A2 [glsa] koon
Keywords:

Depends on:
Blocks:

Reported:	2005-04-20 13:24 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2005-04-22 05:50 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-04-20 13:24:22 UTC

To fashion a malicious RAM file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-04-21 00:57:12 UTC

media-video: please bump both to 10.0.4

Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev

2005-04-21 04:11:24 UTC

Committed realplayer-10.0.4 and helixplayer-1.0.4 (respectively "-* ~x86 ~amd64" and "-*").

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-04-21 05:16:00 UTC

Arches, please test and keyword as:

realplayer-10.0.4: x86 ~amd64
helixplayer-10.0.4: ~x86

Comment 4 Herbie Hopkins (RETIRED) gentoo-dev

2005-04-21 06:54:47 UTC

Nothing to be done for amd64 then.

Comment 5 Olivier Crete (RETIRED) gentoo-dev

2005-04-21 09:35:08 UTC

shouldnt helixplayer and realplayer block each other? They both install /opt/netscape/plugins/nphelix.so 

Both are marked for x86

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2005-04-22 05:50:20 UTC

GLSA 200504-21
Thanks formula7 for the draft