Re: Bug#132528: realplayer: Buffer Overrun Exploit
Is this .so freely distributable?
probably not, I don't see how I would really go about
'patching' this if I cannot distribute the patch.
Real has not released a new version of the RPM (still cs2),
so unless they have 'silently' added the new .so,
there's not much I can do. Else I could release a new .deb,
which asks for the new rpm. Better than nothing, 'twould be.
Perhaps I should make some kind of announcement telling people to
apply the patch themselves.
I'm open to suggestions...
- bri
At Tue, Feb 05, 2002 at 04:12:17PM -0800, Nicolas Lidzborski wrote:
> Package: realplayer
> Version: 8.0.6
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Real has discovered a buffer overrun in one of their libs used by RealPlayer.
> They provide a new lib to replace the flawed one.
>
> Check:
> http://www.service.real.com/help/faq/security/bufferoverrun.html
>
> Could be a good idea to download the patch (just the rmffplin library) and
> to strip it afterwards.
--
/\_/\ Brian Russo <brian@entropy.net>
\. ./ Debian/GNU Linux Developer <wolfie@debian.org>
/\_/\ 404E 87E8 DD0C 275B 742B 09AD 2243 839C 54D8 1666
Reply to: