Red Hat Bugzilla – Bug 155386
CAN-2005-0755 HelixPlayer buffer overflow
Last modified: 2007-11-30 17:07:17 EST
+++ This bug was initially created as a clone of Bug #153931 +++
We have been informed of a buffer overflow issue in the version of HelixPlayer
we ship. A malicious RAM file can overflow a buffer and execute arbitrary code
on a victims machine.
There's no update on the Helix site for this, and I see nothing the the Helix
CVS to patch this, we're just screwed for now until we have something to update
Updated helix source is here:
Fix confirmed with HelixPlayer-1.0.4-1.1.EL4.2. Moving to PROD_READY.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.