Bug 153931

Summary: CAN-2005-0755 RealPlayer buffer overflow
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: realplayerAssignee: John (J5) Palmieri <johnp>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: high    
Version: 4.0CC: hp, jkeck, security-response-team, walters
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,public=20050419,reported=real,reported=20050405
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-20 17:24:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-04-05 21:37:58 UTC
We have been informed of a buffer overflow issue in the version of RealPlayer 10
we ship.  A malicious RAM file can overflow a buffer and execute arbitrary code
on a victims machine.

Comment 1 Josh Bressers 2005-04-05 21:48:30 UTC
This issue also affects the RHEL3 realplayer.

Comment 8 Josh Bressers 2005-04-19 20:44:02 UTC
Lifting embargo

Comment 9 Josh Bressers 2005-04-20 17:24:12 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-363.html


Comment 10 Josh Bressers 2005-04-20 22:08:48 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-394.html


Comment 11 Josh Bressers 2005-04-21 13:59:08 UTC
*** Bug 155443 has been marked as a duplicate of this bug. ***