Critical flaw hits Red Hat and Novell Linux

News

Critical flaw hits Red Hat and Novell Linux

Antony Savvas

Red Hat and Novell have released patches for a critical security hole in their Linux distributions, which stems from a vulnerability in the KDE desktop environment.

KDE is a user interface product used with several versions of Unix and Linux.

The KDE hole was discovered last week and given a “critical” rating by the French Security Incident Response Team (FrSIRT).

The flaw affects the Javascript engine used in various parts of KDE, including the Konqueror web browser.

The flaw can allow a remote attacker to launch a buffer overflow attack and run arbitrary code on the user’s machine.

Users can disable Javascript in the Konqueror browser as a workaround, but some websites may not display properly as a result, so installing a patch is preferable.

The problem affects version 4 of Red Hat Enterprise Linux AS, ES and WS, and also Version 4 of Red Hat Desktop. In addition, the 10.0, 9.3, 9.2 and 9.1 versions of Novell SuSE Linux are affected.

KDE has also released patches for the flaw, which affects KDE 3.2.0 up to and including KDE 3.5.0.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy