+++ This bug was initially created as a clone of Bug #153931 +++ We have been informed of a buffer overflow issue in the version of HelixPlayer we ship. A malicious RAM file can overflow a buffer and execute arbitrary code on a victims machine.
There's no update on the Helix site for this, and I see nothing the the Helix CVS to patch this, we're just screwed for now until we have something to update the packages.
Updated helix source is here: https://helixcommunity.org/download.php/1137/hxplay-10.0.4-source.tar.bz2
Fix confirmed with HelixPlayer-1.0.4-1.1.EL4.2. Moving to PROD_READY.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-392.html