Sebastian Krahmer has reported a vulnerability in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the authentication process in the DCOP (Desktop Communication Protocol) daemon dcopserver. This can be exploited to lock the dcopserver for arbitrary local users. Successful exploitation may result in decreased desktop functionality for the affected user.
The vulnerability has been reported in versions prior to 3.4.
Solution: Upgrade to KDE 3.4 or apply patch.
Click for more information and links to patches.
Original information on dot.kde.org.
Defined as a network transparent contemporary desktop environment for UNIX workstations similar to the desktop environments found under the MacOS or Microsoft Windows, KDE provides an easy-to-use highly customizable integrated graphical interface for today's most demanding tasks. These include email communication, newsgroup participaton, web surfing, instant messaging, graphic design and manipulation, multimedia capabilities thru audio and video applications, system monitoring, file managing, and even software package handling. Today we will look at the latest incarnation.
KDE 3.4 scheduled to be released on March 16 is making it's way onto mirrors as planned. It is still not officially announced yet, but stay tuned. Mirrors should be fairly complete by morning. We will mostly likely get the go-ahead by then.
Please stop by the old homestead here tomorrow for a review and of course plenty of beautiful default and customized screenshots from little ole me in my gallery as well.
On LugRadio Jono Bacon, Stuart Langridge, Ade Bradshaw, and Matt Revell talk about Linux and whatever else comes along, including:
Aaron Seigo, KDE developer, talks about what KDE's up to and dispels some myths about the desktop environment.
ca asked why this interview with Josef Spillner wasn't on some of the biggie news sites, so I thought I'd share it on my teny tiny one.
"There has been some recent buzz around KDE's Get Hot New Stuff framework. As the first in a series looking into KDE technologies, KDE Dot News interviewed author Josef Spillner to find out what all this "stuff" was about... read on for the interview. You may also be interested in recent blog entries about KNewStuff: Kate, desktop backgrounds, Quanta, KNewStuffSecure, its user interface design and the HotStuff server setup."
That's the rumor I hear. Stephen the release coordinator is tagging 3.4 and...
Despite not being able to locate one word mentioned about it, seems there are source tarballs up on mirrors for KDE 3.4.0-rc1. We sure could have used an announcement on this slow news day.
"The KDE project is looking for a great new logo for our biggest event of the year: The KDE Developers and Users Conference 2005, also known as aKademy 2005. This logo will be seen everywhere including websites, on t-shirts and in magazines."
"Erik Sjölund has reported some vulnerabilities in KDE, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a vulnerable system."
KDE 3.4, due out mid-March, is going to be really nice, judging by the betas. I ran beta1 when it was released and finished installing beta2 this morning (or actually last night while I slept). I've found both of the betas to be stable enough to run daily and expect this to only improve by final release. There are many new features and a definite speed increase over 3.3. In fact, there are a few new surprises since beta1. Please feel free to venture over to the gallery to take a look at some screenshots. Mostly they are the default look, but some customizations are shown at the beginning and end of the album.
Whooohooo! KDE 3.4 Beta 2 was released on February 9th, 2005. Read the official announcement. Come on Gentoo, where's the ebuilds!
UPDATE: Looks like the ebuilds are available at this time.