Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

3 little things in Linux 4.10 that will make a big difference

Linux never sleeps. Linus Torvalds is already hard at work pulling together changes for the next version of the kernel (4.11). But with Linux 4.10 now out, three groups of changes are worth paying close attention to because they improve performance and enable feature sets that weren’t possible before on Linux. Here’s a rundown of those changes to 4.10 and what they likely will mean for you, your cloud providers, and your Linux applications. Read more

SODIMM-style module runs Linux on VIA’s 1GHz Cortex-A9 SoC

VIA unveiled an SODIMM-style COM based on its Cortex-A9 WM8850 SoC, with 512MB RAM and 8GB eMMC, plus Ethernet, CSI, graphics, USB, and serial ports. The 68.6 x 43mm “SOM-6X50” computer-on-module appears to be VIA’s second-ever ARM COM. Back in Sept. 2015, the company released a 70 x 70mm Qseven form factor QSM-8Q60 COM, based on a 1GHz NXP DualLite SoC. Read more

Today in Techrights

today's leftovers

  • LinuXatUSIL – Previas 2 for #LinuxPlaya
    Damian from GNOME Argentina explained us some code based on this tutorial and the widgets in Glade were presented.
  • RancherOS v0.8.0 released! [Ed: and a bugfix release, 0.8.1, out today]
    RancherOS v0.8.0 is now available! This release has taken a bit more time than prior versions, as we’ve been laying more groundwork to allow us to do much faster updates, and to release more often.
  • The Technicals For Red Hat, Inc. (RHT) Tell An Interesting Tale
  • Ubuntu 17.04 Beta 1 Released | New Features And Download
    Ubuntu 17.04 Zesty Zapus Beta 1 release is finally here. If you’re interested, you can go ahead and download the ISO images of the participating flavors, which are, Lubuntu, Kubuntu, Xubuntu, Ubuntu Budgie, Ubuntu GNOME, Ubuntu Kylin, and Ubuntu Studio. Powered by Linux kernel 4.10, these releases feature the latest stable versions of their respective desktop environments. This release will be followed by the Final Beta release on March 23 and final release on April 13.
  • Ubuntu 17.04 Beta 1 Now Available to Download
    The first beta releases in the Ubuntu 17.04 development cycle are ready for testing, with Xubuntu, Ubuntu GNOME and Ubuntu Budgie among the flavors taking part.