Critical flaw hits Red Hat and Novell Linux


Critical flaw hits Red Hat and Novell Linux

Antony Savvas

Red Hat and Novell have released patches for a critical security hole in their Linux distributions, which stems from a vulnerability in the KDE desktop environment.

KDE is a user interface product used with several versions of Unix and Linux.

The KDE hole was discovered last week and given a “critical” rating by the French Security Incident Response Team (FrSIRT).

The flaw affects the Javascript engine used in various parts of KDE, including the Konqueror web browser.

The flaw can allow a remote attacker to launch a buffer overflow attack and run arbitrary code on the user’s machine.

Users can disable Javascript in the Konqueror browser as a workaround, but some websites may not display properly as a result, so installing a patch is preferable.

The problem affects version 4 of Red Hat Enterprise Linux AS, ES and WS, and also Version 4 of Red Hat Desktop. In addition, the 10.0, 9.3, 9.2 and 9.1 versions of Novell SuSE Linux are affected.

KDE has also released patches for the flaw, which affects KDE 3.2.0 up to and including KDE 3.5.0.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy