Detections
Analytics

Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64

high Nessus Plugin ID 60923

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, lead to arbitrary code execution with the privileges of the user running Helix Player. (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392)

Our removal packages have nothing in them but a README, so the HelixPlayer program will be removed from your SL 4 machine, but you will still have a package called HelixPlayer.

Note: Just to be clear. You will still have a package called HelixPlayer on your machine, but there will not be any program in it.
It will be an empty rpm.

Solution

Update the affected HelixPlayer and / or HelixPlayer-uninstall packages.

See Also

http://www.nessus.org/u?1fef973f

Plugin Details

Severity: High

ID: 60923

File Name: sl_20101214_HelixPlayer_on_SL4_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 12/14/2010

Vulnerability Publication Date: 12/14/2010

Reference Information

CVE: CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392