Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Multiple security flaws were discovered in RealPlayer. Helix Player
and RealPlayer share a common source code base
therefore, some of the
flaws discovered in RealPlayer may also affect Helix Player. Some of
these flaws could, when opening, viewing, or playing a malicious media
file or stream, lead to arbitrary code execution with the privileges
of the user running Helix Player. (CVE-2010-2997, CVE-2010-4375,
CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383,
CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392)

Our removal packages have nothing in them but a README, so the
HelixPlayer program will be removed from your SL 4 machine, but you
will still have a package called HelixPlayer.

Note: Just to be clear. You will still have a package called
HelixPlayer on your machine, but there will not be any program in it.
It will be an empty rpm.

See also :

http://www.nessus.org/u?c4b2fe26

Solution :

Update the affected HelixPlayer and / or HelixPlayer-uninstall
packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60923 ()

Bugtraq ID:

CVE ID: CVE-2010-2997
CVE-2010-4375
CVE-2010-4378
CVE-2010-4379
CVE-2010-4382
CVE-2010-4383
CVE-2010-4384
CVE-2010-4385
CVE-2010-4386
CVE-2010-4392