Corel hurries to fix Linux security hole

Corel is working to patch a bug with its version of Linux that could let unauthorized users gain access to machines running Corel Linux.

A program called Corel Update has a problem that lets ordinary users take actions ordinarily only reserved for system administrators.

Fixing the vulnerability is a "top priority for Corel," the company said, and a fix will be posted on the company's Web site. The problem was identified by Cesar Tascon Alvarez.

Corel is trying to take on Microsoft with its version of Linux, aiming for ordinary desktop users. Corel hopes those users will also will be interested in purchasing WordPerfect and the rest of Corel's office software suite. The company has a healthy start on the market, earning $3.2 million in sales in 1999, according to International Data Corp..

Corel Linux began shipping in November.

Beta testing of Corel's WordPerfect Office suite is expected to start "very soon," a spokeswoman said, with the final version due in the second quarter.

Corel plans to begin beta testing its Photo-Paint image editing software in late spring or early summer and beta testing of its CorelDraw graphics software after that. Final versions should be available in the fall of 2000.

[tousaint]

Corel (as well as several other software companies have another security weakness to my inexperienced eye... They release updates with no identity in their program label. Just upgraded to a new laptop. I've installed several programs that seem to upload updates into a system que. Norton holds these updates for the user to approve or disapprove of downloading it into the system. Only a few of these identify the source of the update in its file code... so does an inexperienced user accept or reject these "unidentified" files out of hand and force another upload or just take a chance some trash hasn't been shuffled past the filters....? Norton doesn't identify the sender, Windows doesn't, so who knows where these come from?