Language Selection

English French German Italian Portuguese Spanish

KDE flaws put Linux, Unix systems at risk

Filed under
KDE

A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems.

For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.

Full Story.

From the horse's mouth:

The KDE Project released a security advisory today for a heap overflow vulnerability in KJS. Earlier this month, a number of integer overflows affecting KPDF, and consequentially KOffice were found and fixed. Patches have been made available and your distributor should have updated binary packages. The KDE security advisory page has an overview of all KDE advisories. Links to source patches are contained in the advisories.

The Dot with links to the patches. Distribution vendors should have updated packages available shortly.

More in Tux Machines

Samsung Officially Launches their Tizen Curved SUHD 4K TVs in the Philippines

The new line of Tizen 4K Samsung SUHD TVs has now officially been launched in the Philippines at an event held a few days ago. The new line-up of TVs includes the JS9500, JS9000 and JS8500 models, supporting screen sizes ranging from 55 to 88 inches. Samsung boasts that their TV technology, which uses nano-crystal semiconductors, leads in color and brightness compared to its competitors. Read more

Cloudsto X86 Nano PC is a tiny desktop with Ubuntu Linux (or Windows)

The folks at UK retailer Cloudsto have been offering tiny desktop computers loaded with Ubuntu Linux for a little while. But most have basically been Ubuntu versions of existing Android boxes with ARM-based processors. Now Cloudsto is introducing a line of mini PCs with x86 processors, starting with the Cloudsto X86 Nano Mini PC. It’s available with either Windows 8.1 or Ubuntu 14.04. Read more

EMC to open-source ViPR - and lots of other stuff apparently

ViPR is software storage controller tech that separates the control and data planes of operation, enabling different data services to be layered onto a set of storage hardware products - such as EMC's own arrays, Vblocks, selected third-party arrays, JBODs and cloud storage. The data services are typically ways of accessing data, such as file services, The open source software will be called Project CoprHD* and be made available on GitHub for community development. It will include all the storage automation and control functionality and be supplied under the Mozilla Public License 2.0 (MPL 2.0). Public supporting partners for CoprHD are Intel, Verizon and SAP. Read more