Time to Update KDE

A French security organization discovered a critical flaw in KDE versions going back to 3.2.0 Friday. The flaw allows attackers to exploit a heap overflow error in the Konqueror web browser to run commands on your system. The advisory (in English), with pointers to the fixes (which are out already) is located here:

FrSIRT Advisories – KDE “kjs” UTF-8 Encoded URI Handling Remote Buffer Overflow Vulnerability / Exploit

If you have the SUSEWatcher utility turned on, you should be already notified to run YaST to get this patch. If not, go do that anyway.

Advertisements