Serious security flaw in KDE

D

Darth Garth

Executive Member
Joined
Oct 29, 2004
Messages
6,207
Reaction score
268
A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems. KDE is a desktop software package for Linux and Unix systems and includes the Konqueror Web browser and other applications.

The vulnerability lies in the JavaScript interpreter engine used by Konqueror and other parts of KDE, according to a security advisory posted Thursday. An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory. For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.

http://news.com.com/KDE+flaws+put+Linux,+Unix+systems+at+risk/2110-1002_3-6029297.html?tag=nefd.hed
 
This is actually deliciously hilarious. This is the first serious Linux flaw in how long? When's the last time I even read something about Linux security? Microsoft on the other hand could open their own news agency, hahaha.
 
Well so much for the open source mantra of "many eyeballs to spot for bugs" :)
 
ic said:
First prove that code exists, that is 100% certified free from any bugs, and that the certification is a valid one, then justify why non-Windoze codebases should be 100% free of bugs - the code is still written & reviewed by humans, who are fallable.
Click to expand...

I guess it boils down to the fact that writing "secure" code is rather difficult.
 
TMoose said:
This is actually deliciously hilarious. This is the first serious Linux flaw in how long? When's the last time I even read something about Linux security? Microsoft on the other hand could open their own news agency, hahaha.
Click to expand...

Why do you have to bring Microsoft into this? It is a flaw and has been been fixed, NO mention of Microsoft by tibby. Really come on, not everything is a battle verse Windoze.
 
MikeNoble said:
Why do you have to bring Microsoft into this? It is a flaw and has been been fixed, NO mention of Microsoft by tibby. Really come on, not everything is a battle verse Windoze.
Click to expand...
Well the reason is quite obvious actually. Tibby has a long, long history of defending Microsoft and then jumping on every silly chance such as this one to supposedly point out that other products are just as crap as theirs.

Maybe you just don't read the forum enough to know that? Others here certainly do. Just for info purposes, he's also severely anti-P2P and has been predicting its imminent destruction for years now. So when I take a cheapshot at that some time in the future, you know, feel free to ignore it.
 
Last edited:
Windows is not better than Linux.. and Linux is not better than Windows... as long as humans coninue to write code, there will allways be flaws.

Personally, I prefer Linux...... paying for bugs just doesnt float my boat.
 
TMoose said:
Well the reason is quite obvious actually. Tibby has a long, long history of defending Microsoft and then jumping on every silly chance such as this one to supposedly point out that other products are just as crap as theirs.

Maybe you just don't read the forum enough to know that? Others here certainly do. Just for info purposes, he's also severely anti-P2P and has been predicting its imminent destruction for years now. So when I take a cheapshot at that some time in the future, you know, feel free to ignore it.
Click to expand...

Thanks
 
TMoose said:
he's also severely anti-P2P
Click to expand...

Now I wonder what that Azureus icon is doing on my desktop , since how else would I be able to d/l Hack .5 or TWIT and Command-N TV shows from the internet ???.

I am just against warez hub leechers who d/l every sort of **** they can find 24/7 just to have it and brag about how much GB's they have downloaded this month.
 
Another point to ponder.... KDE is written by people in their spare capacity .. its not written by international company that has cash to throw about.
 
RichardP said:
Another point to ponder.... KDE is written by people in their spare capacity .. its not written by international company that has cash to throw about.
Click to expand...

TrollTech the makers of the QT toolkit on which KDE is built employs a few KDE programmers as does SUSE, Novell and Mandriva ... the days that people do open source development in their spare capacity is long past.
 
tibby.dude said:
the days that people do open source development in their spare capacity is long past.
Click to expand...

I'm sure at least some of the 1 000 000+ registered users on sourceforge would disagree with this statement.
 
tibby.dude said:
TrollTech the makers of the QT toolkit on which KDE is built employs a few KDE programmers as does SUSE, Novell and Mandriva ... the days that people do open source development in their spare capacity is long past.
Click to expand...

Everyone has their opinions on Open Source... very different ones too. I for one do Open Source developments for renumeration and for free.... Sponsored development is allways better tho :-)
 
Angstrom said:
I'm sure at least some of the 1 000 000+ registered users on sourceforge would disagree with this statement.
Click to expand...

The majority of work done on the Linux kernel is done by full time programmers employed at various companies that depends on Linux in some shape or another (RedHat) or to piss of Microsoft (IBM) or grasping at straws because they have no other clue (Novell).

Even the fellow who started up the Gentoo distro ended up at Microsoft because even he needed to pay his bills ;).
 
RichardP said:
Everyone has their opinions on Open Source... very different ones too. I for one do Open Source developments for renumeration and for free.... Sponsored development is allways better tho :-)
Click to expand...

So where is your code ... under GPL license I hope :).
 
I've read estimates that state that the code for the Linux kernel constitutes around 3% of the code shipped in a distribution. The rest obviously comes from all the apps that are bundled with it. I will agree that many of the mainstream applications are developed by fulltime programmers, sure. It certainly appears that large corporates are beginning to dominate development in the Linux realm and that it is far more than just the hobby that it originally was.

However, I'm utterly convinced that there is a healthy population of people that participate in Open Source development in their spare capacity simply because they enjoy doing it.
 
Angstrom said:
However, I'm utterly convinced that there is a healthy population of people that participate in Open Source development in their spare capacity simply because they enjoy doing it.
Click to expand...

Projects like ZSNES and SCUMMVM ... very good stuff.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X