drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in HelixPlayer
Name: |
Pufferüberlauf in HelixPlayer |
|
ID: |
RHSA-2005:788-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Di, 27. September 2005, 14:03 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2710 |
|
Applikationen: |
Helix Player Project |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Critical: HelixPlayer security update Advisory ID: RHSA-2005:788-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-788.html Issue date: 2005-09-27 Updated on: 2005-09-27 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2710 - ---------------------------------------------------------------------
1. Summary:
An updated HelixPlayer package that fixes a string format issue is now available.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64
3. Problem description:
HelixPlayer is a media player.
A format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710 to this issue.
All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
168078 - CAN-2005-2710 HelixPlayer Format String Flaw
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: HelixPlayer-1.0.6-0.EL4.1.src.rpm 77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm
i386: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
ppc: 1604bc8fa9eb7d6ef1733d3b047b8cc9 HelixPlayer-1.0.6-0.EL4.1.ppc.rpm
x86_64: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: HelixPlayer-1.0.6-0.EL4.1.src.rpm 77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm
i386: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
x86_64: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: HelixPlayer-1.0.6-0.EL4.1.src.rpm 77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm
i386: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
x86_64: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: HelixPlayer-1.0.6-0.EL4.1.src.rpm 77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm
i386: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
x86_64: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2710
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFDOTRyXlSAg2UNWIIRAi5cAJsFI6wgM6UbYyDMDO80VQqa0kHiNACgshnq VD4YIMZ6JbZ+6UuM5tv4FPQ= =wWul -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|