Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

Games for GNU/Linux

Build open source clouds with 4 OpenStack guides and tutorials

Every time you turn around, it seems like there’s a new open source project which might be of value to a cloud administrator. A huge number of these projects fall under the umbrella of OpenStack, the open source cloud toolkit. And it may seem impossible keep up. Fortunately, there are plenty of tools out there to help with growing your OpenStack knowledge base, from meetups and in-person training, to mailing lists and IRC channels, to books, websites, and the official documentation. Read more

Reusable theme to fix accessibility sites

Public administrations that need to make their website comply with rules on accessibility and open standards should consider reusing, a port of the government’s Digital Services theme, built on Boostrap’s html and css templates. Read more

Alpine Linux 3.4.5 Released with Linux Kernel 4.4.27 LTS, Latest Security Fixes

A new maintenance update of the server-oriented Alpine Linux 3.4 operating system has been released, bringing a new Linux kernel version from the long-term supported 4.4 series and the latest security patches. Read more