Language Selection

English French German Italian Portuguese Spanish

Netscape laid wide open by security flaw

Filed under

Two separate imaging-related security flaws have surfaced in AOL's Netscape browser and in the KDE desktop environment for Unix and Linux, according to security experts. Both could allow an attacker to plant malicious code on a user's system when a specially crafted image is viewed by an affected application, such as a browser, e-mail program or stand-alone viewer, researchers said.

Vulnerabilities in image-viewing components are among the easiest to exploit, particularly when they affect Internet-connected applications such as browsers and email programs, say experts. "If the libraries are used by other types of client applications, where the user has to download a malicious file and open it in a specific application, it complicates the attack a bit," said Thomas Kristensen, CTO of security firm Secunia.

The flaw in Netscape, affecting versions 6.x and 7.x, involves a boundary error in the way Netscape extension 2 blocks handle gif images, according to Internet Security Systems, which disclosed the flaw last month; the bug was patched in Mozilla-based products in March.

But the gif flaw also affects Netscape, and is unpatched, Secunia said in an advisory published on Tuesday. The vulnerability has been confirmed in version 7.2 and also reported in version 6.2.3 but is likely to affect other versions as well, Secunia said.

A separate vulnerability affects KDE's kdelibs, specifically an error in the kimgio component when processing PCX image files. Kimgio is used in KHTML-based Web browsers as well as KDE imaging applications such as kpresenter and ksnapshot, meaning that if an image crafted to exploit the flaw were viewed in any of these applications, they could allow an attacker to execute malicious code. The flaw affects KDE versions 3.2 to 3.4, Secunia said.

A patch is available from KDE and from various Linux distributors, including Suse, Gentoo and Debian.

Full Story.

More in Tux Machines

Porteus Kiosk 3.6.0 has been released!

I'm pleased to announce that Porteus Kiosk 3.6.0 is now available for download. New version sums all the development which happened in the last 3 months and which can be tracked with details in the changelog to the Porteus Kiosk 'automatic updates' service. Read more

Linux-ready Qseven COM taps new Cortex-A15 Renesas SoC

iWave has announced an industrial temperature Qseven form-factor module that runs Linux on the new, dual-core, Cortex-A15 Renesas RZ/G1-M SoC. Bangalore, India based iWave Systems is typically associated here with SODIMM-style computer-on-modules based on Freescale SoCs, such as the iW-RainboW-G18M-SODIMM i.MX6UL. For its new iW-RainboW-G20M-Q7 module, iWave is branching out with a Qseven form factor COM built around the recently announced Renesas RZ/G series of ARM SoCs. Specifically, the iW-RainboW-G20M-Q7 module runs Linux on the dual-core, 1.5GHz RZ/G1M, which uses Cortex-A15 architecture, as opposed to the dual-core Cortex-A7 based RZ/G1-E. Read more

Gen 5 Briq mini-PC runs Black Lab Linux on Core i3 or i5

The slimmer, completely air-cooled Black Lab Briq Gen 5 mini-PC has Mac Mini-like specs and runs Black Lab Linux on a Core i3 or i5 CPU. PC/OpenSystems has offered a commercial version of the Black Lab Linux distribution since 2007, and sponsors Black Lab Software, which sells the community version. The company has now released its fifth generation of the Black Lab BriQ mini-PC. The system is pre-installed with the commercial version of the Ubuntu-based Black Lab Linux, with prices starting at $450, including a three-year warranty. Read more

Google killing Chrome for 32-bit Linux

  • Google killing Chrome for 32-bit Linux
    If you live in the web browser, using a Linux-based operating system makes a lot of sense. By combining say, Ubuntu and Google Chrome, you can have a very secure and easy-to-use platform running the world's best web browser. A bloated and heavy Windows 10, for instance, could be unnecessary.
  • Google ends 32-bit Linux support for Chrome
    The first signs of the end of 32bit are on the wall - starting with Linux. I wonder how long Google will continue to support 32bit Chrome on Windows. For some strange reason, Microsoft is still selling 32bit Windows 10.
  • Google Decides to End Support for Google Chrome on 32-bit Linux OSes
    The brief announcement was made an hour ago by Dirk Pranke on the Chromium-dev group, and it informs users of Ubuntu and Debian GNU/Linux distributions that starting with March 2016, the Google Chrome web browser will no longer be available for 32-bit hardware platforms.