Linux vendors on alert as flaw found in KDE

By

Linux vendors have issued a warning about a potentially serious security hole in the KDE desktop environment, affecting a number of Linux distributions that use the software.

The bug, described as an incorrect bounds check in kjs, the JavaScript interpreter engine used by the Konqueror browser and other parts of KDE, allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. This effectively means that remotely supplied malicious JavaScript code could perform a heap overflow and crash a web browser, or worse, execute arbitrary code, essentially giving control of the machine to a remote attacker.


Versions 3.2.0 to 3.5.0 of KDE are affected, but KDE has already released a patch for the source code. Affected Linux vendors followed suit shortly afterwards, with Red Hat, Debian, Suse and Gentoo amongst others issuing binary patches for their distributions.

The original KDE advisory is available in the link below.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?