|Summary:||CAN-2005-0755 HelixPlayer buffer overflow|
|Product:||Red Hat Enterprise Linux 4||Reporter:||Josh Bressers <bressers>|
|Component:||HelixPlayer||Assignee:||Colin Walters <walters>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||4.0||CC:||hp, security-response-team, walters|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-04-20 17:26:16 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Josh Bressers 2005-04-19 20:50:33 UTC
+++ This bug was initially created as a clone of Bug #153931 +++ We have been informed of a buffer overflow issue in the version of HelixPlayer we ship. A malicious RAM file can overflow a buffer and execute arbitrary code on a victims machine.
Comment 1 Josh Bressers 2005-04-19 20:52:35 UTC
There's no update on the Helix site for this, and I see nothing the the Helix CVS to patch this, we're just screwed for now until we have something to update the packages.
Comment 2 Josh Bressers 2005-04-19 21:50:09 UTC
Updated helix source is here: https://helixcommunity.org/download.php/1137/hxplay-10.0.4-source.tar.bz2
Comment 3 Jay Turner 2005-04-20 08:40:39 UTC
Fix confirmed with HelixPlayer-1.0.4-1.1.EL4.2. Moving to PROD_READY.
Comment 4 Josh Bressers 2005-04-20 17:26:16 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-392.html