New Red Hat Linux Desktop Version A Mega PatchNew Red Hat Linux Desktop Version A Mega Patch

When Red Hat released the latest version of Red Hat Enterprise Linux desktop, the company fixed nearly 50 vulnerabilities, including some "critical" bugs.

In a notice posted on its Web site last Friday, the Raleigh, N.C.-based open source vendor posted links to 12 security advisories, which that deal with 47 vulnerabilities. Three are rated "critical." Five are rated "important." All of them affect Red Hat's open source operating system.

One "critical" update in Red Hat Enterprise Linux 5 fixes several security vulnerabilities in Mozilla's Thunderbird, an e-mail client. The update includes fixes for several cross-site scripting flaws, several flaws in the way Thunderbird processes malformed JavaScript code and a flaw in the way the application displays blocked popup windows. A vulnerability in the way Thunderbird displays certain Web content could enable hackers to trick users into thinking they're visiting a different site.

Another "critical" vulnerability update involves security issues in Ekiga packages. Ekiga is a tool used to communicate with video and audio over the Internet. Format string flaws were found in the way Ekiga processes certain messages. If a user is running Ekiga, a remote attacker who can connect to Ekiga could trigger the flaw and potentially execute arbitrary code with the user's privileges, according to the advisory.

Red Hat is recommending that users update their software as soon as possible.