Security Advisory realplayer security update

Advisory: RHSA-2005:299-06
Type: Security Advisory
Severity: Important
Issued on: 2005-03-21
Last updated on: 2005-03-21
Affected Products: Red Hat Enterprise Linux Extras (v. 3)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0387
CVE-2004-0550
CVE-2005-0189
CVE-2005-0191
CVE-2005-0455
CVE-2005-0611

Details

Updated realplayer packages that fix a number of security issues are now
available for Red Hat Enterprise Linux 3 Extras.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The realplayer package contains RealPlayer, a media format player.

A number of security issues have been discovered in RealPlayer 8 of which a
subset are believed to affect the Linux version as shipped with Red Hat
Enterprise Linux 3 Extras. RealPlayer 8 is no longer supported by
RealNetworks.

Users of RealPlayer are advised to upgrade to this erratum package which
contains RealPlayer 10.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

Updated packages

Red Hat Enterprise Linux Extras (v. 3)
IA-32:
realplayer-10.0.3-1.rhel3.i386.rpm
File outdated by:  RHSA-2007:0841		     ba5814b72fd7f0c4838fd628d6d9ec2b
realplayer-10.0.3-1.rhel3.i386.rpm
File outdated by:  RHSA-2007:0841		     ba5814b72fd7f0c4838fd628d6d9ec2b
realplayer-10.0.3-1.rhel3.i386.rpm
File outdated by:  RHSA-2007:0841		     ba5814b72fd7f0c4838fd628d6d9ec2b
realplayer-10.0.3-1.rhel3.i386.rpm
File outdated by:  RHSA-2007:0841		     ba5814b72fd7f0c4838fd628d6d9ec2b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

150341 - RHEL3 requires update to RealPlayer 10 for security reasons


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0611

Keywords

LACD

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/