New Red Hat Linux Desktop Version A Mega Patch

Red Hat posts links to 12 security advisories -- three of them "critical" and five "important." Forty-seven flaws are fixed.
When Red Hat released the latest version of Red Hat Enterprise Linux desktop, the company fixed nearly 50 vulnerabilities, including some "critical" bugs.

In a notice posted on its Web site last Friday, the Raleigh, N.C.-based open source vendor posted links to 12 security advisories, which that deal with 47 vulnerabilities. Three are rated "critical." Five are rated "important." All of them affect Red Hat's open source operating system.

One "critical" update in Red Hat Enterprise Linux 5 fixes several security vulnerabilities in Mozilla's Thunderbird, an e-mail client. The update includes fixes for several cross-site scripting flaws, several flaws in the way Thunderbird processes malformed JavaScript code and a flaw in the way the application displays blocked popup windows. A vulnerability in the way Thunderbird displays certain Web content could enable hackers to trick users into thinking they're visiting a different site.

Another "critical" vulnerability update involves security issues in Ekiga packages. Ekiga is a tool used to communicate with video and audio over the Internet. Format string flaws were found in the way Ekiga processes certain messages. If a user is running Ekiga, a remote attacker who can connect to Ekiga could trigger the flaw and potentially execute arbitrary code with the user's privileges, according to the advisory.

Red Hat is recommending that users update their software as soon as possible.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Terry White, Associate Chief Analyst, Omdia
John Abel, Technical Director, Google Cloud
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer