Red Hat has released patches for a critical security hole in its Linux operating system that stems from a vulnerability in the KDE desktop environment.
KDE is a user interface package used with several versions of Unix and Linux. The KDE hole was discovered Thursday and rated critical by both Red Hat and the French Security Incident Response Team (FrSIRT).
The problem affects version 4 of Red Hat Enterprise Linux AS, ES and WS, and also version 4 of Red Hat Desktop. Red Hat released patches for those products late last week on the Red Hat Network, it said.
KDE also released patches for the hole, and an advisory at http://kde.org/info/security/advisory-20060119-1.txt. The flaw affects KDE 3.2.0 up to and including KDE 3.5.0, it said.
The newest version of KDE released in November, KDE 3.5, is apparently not affected. Also not affected are Red Hat Enterprise Linux 3 or 2.1, Red Hat said.
The FrSIRT advisory is at http://www.frsirt.com/english/advisories/2006/0279.