【TWCERT/CC安全通報】TW-CA-2005-031-[RHSA-2005:299-01: Important
※ 本文轉錄自 [Lan] 信箱
作者: twcert@cert.org.tw (TWCERT/CC Fellows)
標題: 【TWCERT/CC安全通報】TW-CA-2005-031-[RHSA-2005
時間: Fri Mar 25 10:54:03 2005
-----BEGIN PGP SIGNED MESSAGE-----
TW-CA-2005-031-[RHSA-2005:299-01: Important: realplayer security update]
────────────────────────────────────────
TWCERT/CC發布日期:2005-03-25
原漏洞發布日期:2005-03-21
原漏洞最新更新日期:--
通用安全漏洞編號:CAN-2004-1177
分類:Miscellaneous
來源參考:RHSA-2005:299-01
──── 簡述 ─────────────────────────────────
更新 Red Hat Enterprise Linux 3 Extras 所使用的 realplayer 套件,修正數個
安全問題。Red Hat Security Response Team 將此列為重要的安全性更新。
──── 說明 ─────────────────────────────────
realplayer 套件包含 RealPlayer,這是一個媒體播放器。
附隨在 Red Hat Enterprise Linux 3 Extras 中的 RealPlayer 8 存在數個安全
問題。RealNetworks 已停止對 RealPlayer 8 的支援。
建議 RealPlayer 使用者更新此勘誤套件,當中包含 RealPlayer 10。
──── 影響平台 ───────────────────────────────
‧Red Hat Enterprise Linux AS version 3 Extras - i386
‧Red Hat Desktop version 3 Extras - i386
‧Red Hat Enterprise Linux ES version 3 Extras - i386
‧Red Hat Enterprise Linux WS version 3 Extras - i386
──── 修正方式 ───────────────────────────────
在安裝更新之前,確定已安裝之前所有跟系統相關的錯誤修正。使用 Red Hat Network 來
下載及更新套件,輸入以下指令啟動 Red Hat Update Agent:
up2date
若要獲得更多手動安裝套件的資訊,請參閱下面網址,尋求適合您系統的指引手冊:
http://www.redhat.com/docs/manuals/enterprise/
Bug IDs fixed(詳見 http://bugzilla.redhat.com/):
150341 - RHEL3 U5:升級到 RealPlayer 10
RPM 需求:
Red Hat Enterprise Linux AS version 3 Extras:
i386:
ba5814b72fd7f0c4838fd628d6d9ec2b realplayer-10.0.3-1.rhel3.i386.rpm
Red Hat Desktop version 3 Extras:
i386:
ba5814b72fd7f0c4838fd628d6d9ec2b realplayer-10.0.3-1.rhel3.i386.rpm
Red Hat Enterprise Linux ES version 3 Extras:
i386:
ba5814b72fd7f0c4838fd628d6d9ec2b realplayer-10.0.3-1.rhel3.i386.rpm
Red Hat Enterprise Linux WS version 3 Extras:
i386:
ba5814b72fd7f0c4838fd628d6d9ec2b realplayer-10.0.3-1.rhel3.i386.rpm
這些套件基於安全理由,均由 Red Hat 公司使用 GPG 簽章,可至下列網址取得 key:
https://www.redhat.com/security/team/key.html#package
──── 影響結果 ───────────────────────────────
──── 聯絡TWCERT/CC ─────────────────────────────
Tel: 886-7-5250211 FAX: 886-7-5250212
886-2-23563303 886-2-23924082
Email: twcert@cert.org.tw
URL: http://www.cert.org.tw/
PGP key: http://www.cert.org.tw/eng/pgp.htm
────────────────────────────────────────
附件:[Important: realplayer security update]
──── 原文 ─────────────────────────────────
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: realplayer security update
Advisory ID: RHSA-2005:299-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-299.html
Issue date: 2005-03-21
Updated on: 2005-03-21
Product: Red Hat Enterprise Linux Extras
Keywords: LACD
- - ---------------------------------------------------------------------
1. Summary:
Updated realplayer packages that fix a number of security issues are now
available for Red Hat Enterprise Linux 3 Extras.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Desktop version 3 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386
3. Problem description:
The realplayer package contains RealPlayer, a media format player.
A number of security issues have been discovered in RealPlayer 8 of which a
subset are believed to affect the Linux version as shipped with Red Hat
Enterprise Linux 3 Extras. RealPlayer 8 is no longer supported by
RealNetworks.
Users of RealPlayer are advised to upgrade to this erratum package which
contains RealPlayer 10.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
5. Bug IDs fixed (http://bugzilla.redhat.com/):
150341 - RHEL3 U5: Update to RealPlayer 10
6. RPMs required:
Red Hat Enterprise Linux AS version 3 Extras:
i386:
ba5814b72fd7f0c4838fd628d6d9ec2b realplayer-10.0.3-1.rhel3.i386.rpm
Red Hat Desktop version 3 Extras:
i386:
ba5814b72fd7f0c4838fd628d6d9ec2b realplayer-10.0.3-1.rhel3.i386.rpm
Red Hat Enterprise Linux ES version 3 Extras:
i386:
ba5814b72fd7f0c4838fd628d6d9ec2b realplayer-10.0.3-1.rhel3.i386.rpm
Red Hat Enterprise Linux WS version 3 Extras:
i386:
ba5814b72fd7f0c4838fd628d6d9ec2b realplayer-10.0.3-1.rhel3.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
────────────────────────────────────────
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQEVAwUBQkN7TKcyQYefg2/NAQGODAf+OVedIURjQQ4aRtLm/0c0B4/R7WBx53BZ
LU7AI+G32GdzmIbjT5UBIWnA18ruAvE/7DKPh3nGITPxtbRgUllKxBsiCwLGvTDp
nHAA2KA73MiDO5lKnpFvTOxq+QlmIcZaQpGu5dUcTW4DWF0kBISZwjPxvDncnRyF
a4MtwnXIlplUo78mIxTwfG4t25PGcZnmRvJ5HDdRGc5mjZExi0uBDkTiianN5HpL
QMjN/OSBRE8gw4J9NKrCOQoZYxMki41ay/r81dfj39PMh/r3BPhT0oQ5bYfzz8iC
ewuK69O+ArlrzyNbkzsF5Naj9a0L6Gdmkc8FE+3+83fk6gK9CJXGTQ==
=WHEe
-----END PGP SIGNATURE-----
--
Taiwan Computer Emergency Response Team Security Advisory mailing list.
Mail to : Majordomo@cert.org.tw and include a line "subscribe advisory".
Please visit http://www.cert.org.tw/.
PGP key : http://www.cert.org.tw/eng/pgp.htm
NetSecurity 近期熱門文章
PTT數位生活區 即時熱門文章
