Language Selection

English French German Italian Portuguese Spanish

KDE flaws put Linux, Unix systems at risk

Filed under
KDE

A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems.

For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.

Full Story.

From the horse's mouth:

The KDE Project released a security advisory today for a heap overflow vulnerability in KJS. Earlier this month, a number of integer overflows affecting KPDF, and consequentially KOffice were found and fixed. Patches have been made available and your distributor should have updated binary packages. The KDE security advisory page has an overview of all KDE advisories. Links to source patches are contained in the advisories.

The Dot with links to the patches. Distribution vendors should have updated packages available shortly.

More in Tux Machines

today's howtos

Kernel Space: Linux, Graphics

Nautilus – Looking into 3.20

3.20 it’s approaching, and we have mostly all the changes we wanted in place. I would like to explain them, so you are aware, and I would like you to test them and provide feedback before the UI freeze this week. So now it’s your time to change the way Nautilus will look and work for 3.20 and improve it for all us to enjoy it. Read more

Leftovers: OSS

  • Dispatches from FOSDEM, new survey data, and more OpenStack news
  • Open Source and .NET — Why It's Not Picking Up
    Open-source in .NET is not picking up. Despite good efforts from many good people and companies, it seems as if the Microsoft developers scene is far from embracing open-source. Why is this happening, and is there still hope for change? [...] But, this doesn't seem to be enough. OSS projects in .NET are not striving; there is not much innovation happening in this space; and OSS communities aren't being formed. It is all left as a dream we keep dreaming, but never actually getting to fulfil.
  • LLVM Clang 3.8 Compiler Optimization Benchmarks With -Ofast
    A few days ago I posted a number of LLVM Clang optimization level benchmarks using the latest code for the upcoming Clang 3.8 release. Those tests went from -O0 to -O3 -march=native, but many Phoronix readers wanted -Ofast so here are those results too. I didn't include -Ofast in the original tests since I don't know of many using this optimization level within a production capacity considering it has the potential of doing unsafe math as it disregards standards compliance in the name of performance. However, since several readers requested it and I still had this LLVM/Clang 3.8 build around in the same system configuration, I added in extra runs with -Ofast and -Ofast -march=native.
  • Texinfo 6.1 released
    We have released version 6.1 of Texinfo, the GNU documentation format.
  • A Simple Hangman Game Implemented In 3 Lines Of Python
    Today I’m sharing a clever implementation of Hangman in python by programmer Danver Braganza. Take a look at this 3-lines-long program and try to make it more compact.
  • GitHub is undergoing a full-blown overhaul as execs and employees depart — and we have the full inside story
    We've been hearing about a lot of drama going on at $2 billion startup GitHub, the hugely important and popular site used by millions of computer programmers where 10 or more executives have departed in recent months.