What Are You Looking For?

Sign Up
Date:         Tue, 9 Feb 2010 11:34:56 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: HelixPlayer on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: HelixPlayer security update
Issue date:	2010-02-09
CVE Names:	CVE-2009-4242 CVE-2009-4245 CVE-2009-4247
                   CVE-2009-4248 CVE-2009-4257 CVE-2010-0416
                   CVE-2010-0417

Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An 
attacker could create a specially-crafted GIF file which would cause 
HelixPlayer to crash or, potentially, execute arbitrary code when 
opened. (CVE-2009-4242, CVE-2009-4245)

A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer 
to crash or, potentially, execute arbitrary code when opened. 
(CVE-2009-4257)

A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)

Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, 
potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)

A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)

All running instances of HelixPlayer must be restarted for this update 
to take effect.

SL 4.x

     SRPMS:
HelixPlayer-1.0.6-1.el4_8.1.src.rpm
     i386:
HelixPlayer-1.0.6-1.el4_8.1.i386.rpm
     x86_64:
HelixPlayer-1.0.6-1.el4_8.1.i386.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-4242 Critical: HelixPlayer SL4.x i386/x86_64

Critical: HelixPlayer security update

Summary

Multiple buffer and integer overflow flaws were found in the wayHelixPlayer processed Graphics Interchange Format (GIF) files. Anattacker could create a specially-crafted GIF file which would causeHelixPlayer to crash or, potentially, execute arbitrary code whenopened. (CVE-2009-4242, CVE-2009-4245)A buffer overflow flaw was found in the way HelixPlayer processedSynchronized Multimedia Integration Language (SMIL) files. An attackercould create a specially-crafted SMIL file which would cause HelixPlayerto crash or, potentially, execute arbitrary code when opened.(CVE-2009-4257)A buffer overflow flaw was found in the way HelixPlayer handled the RealTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSPserver could use this flaw to crash HelixPlayer or, potentially, executearbitrary code. (CVE-2009-4248)Multiple buffer overflow flaws were discovered in the way HelixPlayerhandled RuleBook structures in media files and RTSP streams.Specially-crafted input could cause HelixPlayer to crash or,potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)A buffer overflow flaw was found in the way HelixPlayer performed URLun-escaping. A specially-crafted URL string could cause HelixPlayer tocrash or, potentially, execute arbitrary code. (CVE-2010-0416)All running instances of HelixPlayer must be restarted for this updateto take effect.



Security Fixes

Severity
Issued Date: : 2010-02-09
CVE Names: CVE-2009-4242 CVE-2009-4245 CVE-2009-4247
CVE-2009-4248 CVE-2009-4257 CVE-2010-0416
CVE-2010-0417

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo