Privacy and Legal Notice

CIAC INFORMATION BULLETIN

P-314: RealPlayer & HelixPlayer Security Update

[Red Hat RHSA-2005:788-3 & RHSA-2005:762-12]

September 27, 2005 17:00 GMT
[REVISED 30 Sep 2005]
[REVISED 03 Oct 2005]
PROBLEM: There is a format string bug was discovered in the way RealPlayer and HelixPlayer process RealPix (.rp) files.
SOFTWARE: Linux RealPlayer 10 (10.0.0-5)
Helix Player (10.0.0 - 5)
PLATFORM: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS, ES, WS (v. 3) & (v. 4)
Red Hat Enterprise Linux Extras (v. 3 ) & (v. 4)
Debian GNU/Linux 3.1 alias sarge
DAMAGE: It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer and HelixPlayer.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer and HelixPlayer. There are known exploits in the wild for this vulnerability.
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-314.shtml
  ORIGINAL BULLETINS: Red Hat RHSA-2005:788-3
   https://rhn.redhat.com/errata/RHSA-2005-788.html
   Red Hat RHSA-2005:762-12
   https://rhn.redhat.com/errata/RHSA-2005-762.html
  ADDITIONAL LINKS: Debian Security Advisory DSA-826-1
http://www.debian.org/security/2005/dsa-826
Real Networks Security Document of 9/30/2005
http://service.real.com/help/faq/security/050930_player/EN/
  CVE: CVE-2005-2710 
REVISION HISTORY:
09/30/2005 - revised to add a link to Debian Security Advisory DSA-826-1 
             for Debian GNU/Linux 3.1 alias sarge.
10/03/2005 - revised to add a link to Real Networks Security Update Document 
             that provides links to patches for Linux platforms.
				 
				 
				 
[***** Start Red Hat RHSA-2005:788-3 *****]


Critical: HelixPlayer security update

Advisory: RHSA-2005:788-3 
Type: Security Advisory 
Issued on: 2005-09-27 
Last updated on: 2005-09-27 
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4) 
CVEs (cve.mitre.org): CAN-2005-2710
 


Details
An updated HelixPlayer package that fixes a string format issue is now 
available. 

This update has been rated as having critical security impact by the Red 
Hat Security Response Team.

HelixPlayer is a media player. 

A format string bug was discovered in the way HelixPlayer processes RealPix 
(.rp) files. It is possible for a malformed RealPix file to execute 
arbitrary code as the user running HelixPlayer. The Common Vulnerabilities 
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710 
to this issue. 

All users of HelixPlayer are advised to upgrade to this updated package, 
which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.



Solution
Before applying this update, make sure all previously released errata 
relevant to your system have been applied. 

This update is available via Red Hat Network. To use Red Hat Network, 
launch the Red Hat Update Agent with the following command: 

up2date 

This will start an interactive process that will result in the appropriate 
RPMs being upgraded on your system.


Updated packages
Red Hat Desktop (v. 4) 

--------------------------------------------------------------------------------
 
SRPMS: 
HelixPlayer-1.0.6-0.EL4.1.src.rpm     77bcadb90099c21c579ad8f51d4c7292 
  
IA-32: 
HelixPlayer-1.0.6-0.EL4.1.i386.rpm     40ff8c8ac5f9acc8019db7bd91a1f819 
  
x86_64: 
HelixPlayer-1.0.6-0.EL4.1.i386.rpm     40ff8c8ac5f9acc8019db7bd91a1f819 
  
Red Hat Enterprise Linux AS (v. 4) 

--------------------------------------------------------------------------------
 
SRPMS: 
HelixPlayer-1.0.6-0.EL4.1.src.rpm     77bcadb90099c21c579ad8f51d4c7292 
  
IA-32: 
HelixPlayer-1.0.6-0.EL4.1.i386.rpm     40ff8c8ac5f9acc8019db7bd91a1f819 
  
PPC: 
HelixPlayer-1.0.6-0.EL4.1.ppc.rpm     1604bc8fa9eb7d6ef1733d3b047b8cc9 
  
x86_64: 
HelixPlayer-1.0.6-0.EL4.1.i386.rpm     40ff8c8ac5f9acc8019db7bd91a1f819 
  
Red Hat Enterprise Linux ES (v. 4) 

--------------------------------------------------------------------------------
 
SRPMS: 
HelixPlayer-1.0.6-0.EL4.1.src.rpm     77bcadb90099c21c579ad8f51d4c7292 
  
IA-32: 
HelixPlayer-1.0.6-0.EL4.1.i386.rpm     40ff8c8ac5f9acc8019db7bd91a1f819 
  
x86_64: 
HelixPlayer-1.0.6-0.EL4.1.i386.rpm     40ff8c8ac5f9acc8019db7bd91a1f819 
  
Red Hat Enterprise Linux WS (v. 4) 

--------------------------------------------------------------------------------
 
SRPMS: 
HelixPlayer-1.0.6-0.EL4.1.src.rpm     77bcadb90099c21c579ad8f51d4c7292 
  
IA-32: 
HelixPlayer-1.0.6-0.EL4.1.i386.rpm     40ff8c8ac5f9acc8019db7bd91a1f819 
  
x86_64: 
HelixPlayer-1.0.6-0.EL4.1.i386.rpm     40ff8c8ac5f9acc8019db7bd91a1f819 
  
(The unlinked packages above are only available from the Red Hat Network)
 


Bugs fixed (see bugzilla for more information)
168078 - CAN-2005-2710 HelixPlayer Format String Flaw



References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2710



--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on how 
to verify the signature are available from:
https://www.redhat.com/security/team/key/#package 

The Red Hat security contact is secalert@redhat.com. More contact details at 
http://www.redhat.com/security/team/contact/


[***** End Red Hat RHSA-2005:788-3 *****]
CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/