Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

Sean Michael Kerner on OpenStack

Xubuntu 15.04 Vivid Vervet - Fabulous

I have to say, Xubuntu 15.04 Vivid Vervet shattered my expectations. Obliterated them. Overall, I was expecting a distro that would be about as good as its parent. Instead, I got this fine piece of digital machinery, which purrs and meows and growls like a turbo-charged tiger, if this silly metaphor makes any sense. Or is it an analogy? Now, one tiny software glitch, plus one big regression that affects the entire family. That's the sum of my complains. On the plus side, Xubuntu fully supports the hardware, including the tricky UEFI stuff, it's fast, robust, elegant, rich in software and features, simple and fun to use, and it works well with anything I've thrown at it. By far the best distro of this year. I don't give out 10/10 lightly, but I'm inclined to do that right now, even though the few tiny problems we've had prevent me from doing that. However, the whole package reminds me of Fuduntu, really. Pure and simple and just good. 9.99999/10. Try it, you won't be disappointed. We're done here. Read more

Akanda Pledges to Keep SDN Tech for OpenStack Open-Source

Rosendahl emphasized that Akanda was born as open-source software and will remain open-source. From a commercial perspective what Akanda provides to enterprises is support and professional services. Read more

A New Firefox OS phone

Last Monday, I bought the phone anyway. I must say that I am very pleased by its performance and very cheap price. One can swap the SIM card to use the phone with another carrier here, too. Read more