jump to navigation

Time to Update KDE January 21, 2006

Posted by metaverse in Linux.
trackback

A French security organization discovered a critical flaw in KDE versions going back to 3.2.0 Friday. The flaw allows attackers to exploit a heap overflow error in the Konqueror web browser to run commands on your system. The advisory (in English), with pointers to the fixes (which are out already) is located here:

FrSIRT Advisories – KDE “kjs” UTF-8 Encoded URI Handling Remote Buffer Overflow Vulnerability / Exploit

If you have the SUSEWatcher utility turned on, you should be already notified to run YaST to get this patch. If not, go do that anyway.

Comments»

No comments yet — be the first.


  • Latest Tweets

  • MyBlogLog

    Recent Readers

    View My Profile View My Profile View My Profile View My Profile Join My Community at MyBloglog! View My Profile
    View Entire Community Provided by MyBlogLog
  • Creative Commons License
    Notes from the Metaverse by Michael McCallister is licensed under a Creative Commons Attribution-Noncommercial 3.0 United States License.

  • Meta

  • Pages

  • Archives