RHEL 4 : HelixPlayer (RHSA-2010:0981)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Helix Player contains multiple security flaws and should no longer be
used. This update removes the HelixPlayer package from Red Hat
Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Helix Player is a media player.

Multiple security flaws were discovered in RealPlayer. Helix Player
and RealPlayer share a common source code base
therefore, some of the
flaws discovered in RealPlayer may also affect Helix Player. Some of
these flaws could, when opening, viewing, or playing a malicious media
file or stream, lead to arbitrary code execution with the privileges
of the user running Helix Player. (CVE-2010-2997, CVE-2010-4375,
CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383,
CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392)

The Red Hat Security Response Team is unable to properly determine the
impact or fix all of these issues in Helix Player, due to the source
code for RealPlayer being unavailable.

Due to the security concerns this update removes the HelixPlayer
package from Red Hat Enterprise Linux 4. Users wishing to continue to
use Helix Player should download it directly from
https://player.helixcommunity.org/

See also :

https://www.redhat.com/security/data/cve/CVE-2010-2997.html
https://www.redhat.com/security/data/cve/CVE-2010-4375.html
https://www.redhat.com/security/data/cve/CVE-2010-4378.html
https://www.redhat.com/security/data/cve/CVE-2010-4379.html
https://www.redhat.com/security/data/cve/CVE-2010-4382.html
https://www.redhat.com/security/data/cve/CVE-2010-4383.html
https://www.redhat.com/security/data/cve/CVE-2010-4384.html
https://www.redhat.com/security/data/cve/CVE-2010-4385.html
https://www.redhat.com/security/data/cve/CVE-2010-4386.html
https://www.redhat.com/security/data/cve/CVE-2010-4392.html
https://player.helixcommunity.org/
http://rhn.redhat.com/errata/RHSA-2010-0981.html

Solution :

Update the affected HelixPlayer-uninstall package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true