[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RHN Errata Alert: Critical: RealPlayer security update

Subject: RHN Errata Alert: Critical: RealPlayer security update
From: Red Hat Network Alert <dev-null@rhn.redhat.com>
Date: Wed, 28 Sep 2005 10:22:29 -0400

Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:

Complete information about this errata can be found at the following location:
     https://rhn.redhat.com/network/errata/errata_details.pxt?eid=3216

Security Advisory - RHSA-2005:762-12
------------------------------------------------------------------------------
Summary:
Critical: RealPlayer security update

An updated RealPlayer package that fixes a format string bug is now available.

This update has been rated as having critical security impact by the Red Hat
Security Response Team.

Description:
RealPlayer is a media player that provides media playback locally and
via streaming.

A format string bug was discovered in the way RealPlayer processes RealPix
(.rp) files. It is possible for a malformed RealPix file to execute
arbitrary code as the user running RealPlayer. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710
to this issue.

All users of RealPlayer are advised to upgrade to this updated package,
which contains RealPlayer version 10.0.6 and is not vulnerable to this issue.
------------------------------------------------------------------------------

-------------
Taking Action
-------------
You may address the issues outlined in this advisory in two ways:

     - select your server name by clicking on its name from the list
       available at the following location, and then schedule an
       errata update for it:
           https://rhn.redhat.com/network/systemlist/system_list.pxt

     - run the Update Agent on each affected server.


---------------------------------
Changing Notification Preferences
---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN
and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.

        URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt

You can also enable/disable notification on a per system basis by selecting an
individual system from the "Systems List". From the individual system view
click the "Details" tab.


---------------------
Affected Systems List
---------------------
This Errata Advisory may apply to the systems listed below. If you know that
this errata does not apply to a system listed, it might be possible that the
package profile for that server is out of date. In that case you should run
'up2date -p' as root on the system in question to refresh your software profile.

There are 4 affected systems registered in 'Your RHN' (only systems for
which you have explicitly enabled Errata Alerts are shown).

Release   Arch       Profile Name
--------  --------   ------------


The Red Hat Network Team

This message is being sent by Red Hat Network Alert to:
    RHN user login:        ucinacs

If you lost your RHN password, you can use the information above to
retrieve it by email from the following address:
    https://rhn.redhat.com/forgot_password.pxt

To cancel these notices, go to:
    https://rhn.redhat.com/oo.pxt?uid=3145121&oid=3699264

Prev by Date: RHN Errata Alert: Updated XFree86 packages are available
Next by Date: RHN Errata Alert: Moderate: cups security update
Previous by thread: RHN Errata Alert: Critical: RealPlayer security update
Next by thread: RHN Errata Alert: Critical: RealPlayer security update
Index(es):
- Date
- Thread