KDE flaws put Linux, Unix systems at risk
A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems.
For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.
From the horse's mouth:
The KDE Project released a security advisory today for a heap overflow vulnerability in KJS. Earlier this month, a number of integer overflows affecting KPDF, and consequentially KOffice were found and fixed. Patches have been made available and your distributor should have updated binary packages. The KDE security advisory page has an overview of all KDE advisories. Links to source patches are contained in the advisories.
The Dot with links to the patches. Distribution vendors should have updated packages available shortly.