Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Serious security hole in Linux

Serious security hole in Linux

by Nikola Strahija on January 23rd, 2006 The bug in KDE graphical user interface is rather serious, Linux vendors have warned. Kjs affected here is vulnerable from versions 3.2.0 to 3.5.0.


The security vulnerability affects kjs, a Javascript interpreter used by the Konqueror Web browser and other parts of KDE. An incorrect bounds check in the interpreter allows a heap based buffer overflow when decoding maliciously crafted URI sequences encoded with UTF-8.

This means that an attacker could supply Javascript code that will crash programs using kjs, such as Konqueror, and execute malicious code, potentially gaining complete control of the system, security experts warn.

KDE has already released a source code patch late last week, while other Linux vendors have also released various distribution binary patches.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »