Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

Mageia Beta Delayed, Christmas Quiz, and 7 Best Alternatives

Today in Linux news the Mageia project announced another delay in version 5 Beta 2. The Linux Voice is running a Linux quiz for Christmas and Gary Newell offers up his list of the seven best alternative Linux distributions of the year. The Register says 2015 will be the year of Linux - on mobile. Three reviews need to be highlighted and, finally today, Matt Hartley says everyone should switch to Ubuntu MATE. Read more Also: Linux Bloat, Linux Lite, and Devuan Update

Christmas rest for the braves

We planned initially to release Mageia 5 beta 2 around the 16th of December. We still have some work left to complete to release a proper beta 2 that would drive us through to the final release. Releasing development ISOs is a good way to test all the functions of the installer with the largest possible scope of use cases and variety of hardware. We still have some issues left with EFI integration and some tricky bugs in the installer. So in order to allow some time to fix them and also to still enjoy the Christmas period with friends and family, it has been decided to delay beta 2 until the 6th of January 2015, the initial date of the RC, and then postpone the final release. Read more

Enterprise Advances Brought Linux Success in 2014

For Linux, 2014 could easily be labeled the year enterprise really and truly embraced Linux. It could just as easily be labeled the year that nearly forgot Linux on the desktop. If you weren’t Docker, containers, OpenStack, or big data ─ chances are the spotlight didn’t brighten your day much. If, however, you (or your product) fell into one of those categories, that spotlight shined so brightly, it was almost blinding. Let’s glance back into our own wayback machine and see where Linux succeeded and where it did not. The conclusions should be fairly simple to draw and are incredibly significant to the state of Linux as a whole. Read more

Using Your Open Source Work to Get a Job

So you’ve worked on an open-source project, and you want to place that experience on your resume in order to move your career forward. Fantastic! In theory, there’s no reason an employer should shun your experience, just because you did the project from home on your own time. But how can you actually leverage that project work to obtain a full-time job? Read more