Language Selection

English French German Italian Portuguese Spanish

Whoops: KDE fliccd Buffer Overflow Vulnerabilities

Filed under
KDE
Security

"Erik Sjölund has reported some vulnerabilities in KDE, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a vulnerable system."

"The vulnerabilities are caused due to boundary errors in fliccd and can be exploited to cause stack-based buffer overflows... in KDE 3.3 through 3.3.2."

Quoted.

No word from KDE on the subject as of yet.

More in Tux Machines

Linux Kernel 5.8 “The Biggest Release of All Time” is Finally Available Now

Linus Torvalds has called it “the biggest release of all time”. Check out what are the key changes in the recently released Linux Kernel 5.8. Read more

Android Leftovers

Programming: Python, Perl, and GNOME/GTK

           
  • Why proactively clean Python 2 up?

    It seems a recurring complaint that we’re too aggressive on cleaning Python 2 up from packages. Why remove it if (package’s) upstream still supports py2? Why remove it when it still works? Why remove it when somebody’s ready to put some work to keep it working? I’m pretty sure that you’re aware that Python 2 has finally reached its end-of-life. It’s past its last release, and the current version is most likely vulnerable. We know we can’t remove it entirely just yet (but the clock is ticking!), so why remove its support here and there instead of keeping it some more? This is best explained on the example of dev-python/twisted — but dev-python/pillow is also quite similar. Twisted upstream removed support for Python 2 at version 20. This means that we ended up having to keep two versions of Twisted — 19 that still supports Python 2, and 20 that does not. What does that means for our users? Firstly, they can’t normally upgrade Twisted if at least one of its reverse dependencies supports Python 2 and is installed. What’s important is that the user does not have to meaningfully need or use Python 2 in that reverse dependency. It is entirely sufficient that it supports Python 2 and the user is using default PYTHON_TARGETS. Of course, you could argue that changing the default PYTHON_TARGETS would resolve the problem without having to proactively remove Python 2 from Twisted revdeps. Today, I’m not sure which of the two options is better. However, back when cleanup started changing default PT would involve a lot of pain for the users. We’d have to reenable 2.7 via package.use for many packages (but which ones?) or the users would have to reenable it themselves. But that’s really tangential now.

  •        
  • Python Bytes: #192 Calculations by hand, but in the compter, with Handcalcs

    Idea by Guido van Rossum to bring back the print statement.

  •        
  • PyDev 7.7.0 released (mypy integration improvements, namespace packages)

    This release brings multiple improvements for dealing with type hints as well as improvements in the Mypy integration in PyDev: The MYPYPATH can now be set automatically to the source folders set on PyDev and the --follow-imports flag is set to silent by default (this flag is required because only one file is analyzed at a time in PyDev as failing to do so would end up showing errors for other files).

  •        
  • PSF GSoC students blogs: Weekly Check-in #10
  • PSF GSoC students blogs: Weekly Check-In: Week 10
  • Perl Weekly Challenge 71: Peak Elements and Trim Linked List
  • The Perl Weekly Challenge #071

    With another Linked List related task, I am now enjoying it a lot. It also gives me the opportunity to work with Class in Raku. Learning Raku has changed my thinking a big way. The developer inside me is more organised than before. Also doing regular weekly challenge made me think from unit test point of view every time I come up with a solution. In fact, it dictates the design of my solution. Now with the regular Live Video Raku Reviews by Andrew Shitov gave me the insights of others Raku solutions. It is amazing how he break the code into pieces to make it easy to understand. No book can teach you that. You only learn from experience or watching video from Andrew Shitov. Running [The|Perl] Weekly Challenge also taught me how to manage my spare time. I use my spare time very carefully. Before I would jump to anything that excites me. Last few weeks, I have started playing with Swift programming language. I am enjoying the journey. Please checkout my Swift solution to the Task #1 of Peak Elements.

  • Mariana Pícolo: The Second milestone

    By discussing with my mentor how could the best approach be, I found out that the notifications were already grouped on the code level, but these groups were not being represented in the UI. In the code, there's a class named Source, which is responsible for the group. They handle the info's about the app that have sent us any notification and store them. There's also a class named Notification, that creates a single notification, with title, banner, and has optional parameters such as playing sounds etc. Each Source has an array property that contains its notification objects, which gives us the groups. [...] Lastly, I'd like to talk about GUADEC which this year was completely remote. This was my first talk at a conference, in a language that I'm not a native speaker. I want to thank my mentor and the GNOME community for creating a comfortable environment for the interns to talk about their projects.

today's howtos