Red Hat patches critical KDE security hole

Red Hat has patched a hole in its Linux operating system caused by a vulnerability in the KDE desktop environment.

Red Hat has released patches for a critical security hole in its Linux operating system that stems from a vulnerability in the KDE desktop environment.

KDE is a user interface package used with several versions of Unix and Linux. The KDE hole was discovered Thursday and rated critical by both Red Hat and the French Security Incident Response Team (FrSIRT).

It affects the JavaScript engine used in various parts of KDE, including its Konqueror Web browser. The flaw could allow a remote attacker to launch an overflow attack and run arbitrary code on the user's machine, FrSIRT said.

The problem affects version 4 of Red Hat Enterprise Linux AS, ES and WS, and also version 4 of Red Hat Desktop. Red Hat released patches for those products late last week on the Red Hat Network, it said.

KDE also released patches for the hole, and an advisory at http://kde.org/info/security/advisory-20060119-1.txt. The flaw affects KDE 3.2.0 up to and including KDE 3.5.0, it said.

The newest version of KDE released in November, KDE 3.5, is apparently not affected. Also not affected are Red Hat Enterprise Linux 3 or 2.1, Red Hat said.

The FrSIRT advisory is at http://www.frsirt.com/english/advisories/2006/0279.

Join the newsletter!

Error: Please check your email address.

More about KDERed Hat

Show Comments

Market Place