Language Selection

English French German Italian Portuguese Spanish

KDE flaws put Linux, Unix systems at risk

Filed under
KDE

A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems.

For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.

Full Story.

From the horse's mouth:

The KDE Project released a security advisory today for a heap overflow vulnerability in KJS. Earlier this month, a number of integer overflows affecting KPDF, and consequentially KOffice were found and fixed. Patches have been made available and your distributor should have updated binary packages. The KDE security advisory page has an overview of all KDE advisories. Links to source patches are contained in the advisories.

The Dot with links to the patches. Distribution vendors should have updated packages available shortly.

More in Tux Machines

Introducing Gthree

I’ve recently been working on OpenGL support in Gtk+, and last week it landed in master. However, the demos we have are pretty lame and are not very good to show off or even test the OpenGL support. I’ve looked around for some open source demos that used modern GL that we could use, but I didn’t find anything that we could easily use. What I did find though, was a lot of WebGL demos that used three.js. This looked like a very nice open source library for highlevel 3d rendering. At first I had some plans to bind OpenGL to gjs so that we could run three.js, but this turned out to be a hard. Instead I started converting three.js into C + GObject, using the Gtk+ OpenGL support and the vector/matrix library graphene that Emmanuele has been working on recently. Read more

Swiss crowdfund pays for signed PDFs LibreOffice

In just three days, the Swiss open source community Wilhelm Tux reached its crowdfunding target of 10,000 CHF (about 8000 euro) to add support for digital signatures in PDF documents. The feature will be added to LibreOffice, a free and open source suite of office productivity tools. The project is awarded to Collabora, an open source IT service provider, which will deliver the new functionality in April. Read more

Tumbleweed, Factory rolling releases to merge

“With the release of openSUSE 13.2 due in November, we realised this was a perfect opportunity to merge our two openSUSE rolling-releases together so users of Tumbleweed can benefit from the developments to our Factory development process over the last few years,” said Richard Brown, Chairman of openSUSE board. “The combined feedback and contributions from our combined Tumbleweed and Factory users should help keep openSUSE rolling forward even faster, while offering our users the latest and greatest applications on a stable rolling release.” Read more

Fedora 21 Beta to slip

Today at Go/No-Go meeting it was decided to slip Fedora 21 Beta release as we did not have release candidate (RC) available in time. However we will try one day slip. Read more