Red Hat and Novell have released patches for a critical security hole in their Linux distributions, which stems from a vulnerability in the KDE desktop environment.
KDE is a user interface product used with several versions of Unix and Linux.
The KDE hole was discovered last week and given a “critical” rating by the French Security Incident Response Team (FrSIRT).
The flaw can allow a remote attacker to launch a buffer overflow attack and run arbitrary code on the user’s machine.
The problem affects version 4 of Red Hat Enterprise Linux AS, ES and WS, and also Version 4 of Red Hat Desktop. In addition, the 10.0, 9.3, 9.2 and 9.1 versions of Novell SuSE Linux are affected.
KDE has also released patches for the flaw, which affects KDE 3.2.0 up to and including KDE 3.5.0.