Whats with the KDE exploit? Is Fedora patched?
Rahul Sundaram
sundaram at redhat.com
Mon Jan 23 20:21:50 UTC 2006
Claude Jones wrote:
>On Monday 23 January 2006 3:13 pm, Rahul Sundaram wrote:
>
>
>>Follow http://fedoraproject.org/wiki/Security procedures and report it
>>if its not already done in bugzilla. I suspect the security team is
>>already tackling this.
>>
>>
>
>As reported by Fedora-announce, the patch was released on Fri. If you've
>updated since Saturday, you're probably fine --- from the announcement:
>
>"Update Information:
>
>A heap overflow flaw was discovered affecting kjs, the
>JavaScript interpreter engine used by Konqueror and other
>parts of KDE. An attacker could create a malicious web site
>containing carefully crafted JavaScript code that would
>trigger this flaw and possibly lead to arbitrary code
>execution. The Common Vulnerabilities and Exposures project
>assigned the name CVE-2006-0019 to this issue. "
>
>
Duh. yeah. This is already fixed.
--
Rahul
Fedora Bug Triaging - http://fedoraproject.org/wiki/BugZappers
More information about the fedora-list
mailing list