RealNetworks Inc. and KDE eV on Tuesday both released patches for their desktop software, fixing serious security holes that could allow an attacker to take over a user's system. The update to KOffice, the productivity suite that is part of the K Desktop Environment, patched flaws in a library called xpdf, which handles PDF files. The integer overflow bugs allow an attacker to craft a document using Adobe's PDF that executes malicious code when viewed by an application relying on xpdf.
In the case of KOffice, users could have been attacked via KWord's PDF import filter. Version 1.3.4, available from KDE, fixes the bug, project maintainers said. Because the bugs also affect applications that use xpdf, such as the CUPS printing system, they have prompted a flood of updates from major Linux vendors since Friday. Red Hat Inc., Novell Inc.'s SuSE Linux division, MandrakeSoft SA, the KDE project, Debian, Gentoo Technologies Inc. and others have issued updates for CUPS, xpdf, kdegraphics and related components.
News source: eWeek