Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

European Unified Patent Court goes Open Source

Using Private Cloud and Drupal as a starting point together with small expert partners and agile management the new platform for the European UPC has been shaped to the exact requirements and quickly adapted while more needs surfaced. The only ready to use Open Source tool used has been Zarafa Collaboration Platform which integrated with the Case Management System will provide secure email, instant messaging, file sharing and video conferencing to the platform's users. The result is that, thanks to Open Source based platform and by working with SMEs, the UK IPO team has been able to deliver to the Unified Patent Court team the project earlier than planned and under budget. Read more

Linux Foundation: Open Source Programming and DevOps Jobs Plentiful

Open source can help you make money, especially if you have skills in programming or DevOps, which is emerging as one of the hottest areas of interest for hiring managers seeking open source admins and developers. That's according to the latest Open Source Jobs Report from the Linux Foundation, which is out this week. Read more Also: The 2016 Open Source Jobs Report: Companies Hungry for Professional Open Source Talent

Basho Open Sources Some Bits

Leftovers: Ubuntu

  • The Simply Ubuntu Desktop
    Over on Flickr, fosco_ submitted this simple Ubuntu desktop, with just a few things tweaked for a cleaner experience. Like we’ve said, sometimes less is more, and this desktop makes good use of a few widgets to make a great UI even better.
  • HP Linux Imaging and Printing 3.16.5 Supports Ubuntu 16.04 LTS and Debian 8.4
    The team of developers behind the HPLIP (short for HP Linux Imaging and Printing) project, announced a few moments ago the availability of the fifth maintenance build in the 3.16 stable series of the software. For those of you who are not in the loop, HP Linux Imaging and Printing is an open-source initiative to bring the latest HP (Hewlett-Packard) printer drivers to GNU/Linux operating systems. The software has a pretty active development team working behind it, releasing maintenance builds at least once a month.
  • Convergence delayed: Unity 8 won’t be the default desktop in Ubuntu 16.10
    Canonical’s vision of convergence—a single, highly adaptive environment that spans mobile and desktop uses—has been delayed yet again. The Unity 8 desktop and Mir display server, which are key to that vision, won’t be used by default in Ubuntu 16.10, according to discussion in the Ubuntu Online Summit.
  • Questions and answers: Ubuntu bq tablet
    After Jack Wallen's recent review of the bq Aquaris M10 tablet, he was hit with a number of questions about the tablet. Jack addresses some of those questions to help you decide if the Ubuntu tablet is a worthy investment.