Bug 245836 (CVE-2007-3410)
| Summary: | CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | unspecified | CC: | caillon | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2007-10-26 08:11:23 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 245838, 245839, 245840, 245841, 245842, 245843, 245844, 245845, 245846, 245848, 245850 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Josh Bressers
2007-06-26 23:27:04 UTC
Note the latest realplayer for Linux from real.com, version 10.0.8.805 segfaults using the reproducer. Created attachment 158016 [details]
Patch created by Chris Aillon
still no update from Real, 10.0.8.805 is latest available still no update from Real, 10.0.8.805 is latest available on their site The Real security page hasn't been updated with the new build, but if you visit
www.real.com and download the Linux version you get 10.0.9.809 and the version
release notes include:
What's New in 10.0.9.809
Security bugs fixes.
That's good enough for me, pushing update RHSA-2007:0841
Fix was now publicly announced by RealNetworks: http://service.real.com/realplayer/security/10252007_player/en/ Vulnerability 3: The identified vulnerability is a malicious SMIL file which could cause a buffer overflow in the RealPlayer. CVE-2007-3410 |