Whats with the KDE exploit? Is Fedora patched?
Claude Jones
claude_jones at levitjames.com
Mon Jan 23 20:18:21 UTC 2006
On Monday 23 January 2006 3:13 pm, Rahul Sundaram wrote:
> Follow http://fedoraproject.org/wiki/Security procedures and report it
> if its not already done in bugzilla. I suspect the security team is
> already tackling this.
As reported by Fedora-announce, the patch was released on Fri. If you've
updated since Saturday, you're probably fine --- from the announcement:
"Update Information:
A heap overflow flaw was discovered affecting kjs, the
JavaScript interpreter engine used by Konqueror and other
parts of KDE. An attacker could create a malicious web site
containing carefully crafted JavaScript code that would
trigger this flaw and possibly lead to arbitrary code
execution. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0019 to this issue. "
--
Claude Jones
Bluemont, VA, USA
More information about the fedora-list
mailing list