JUL
21
2005

Security: Advisories for Kate and Kopete

Two security advisories have been issued this week. The first affects Kate and KWrite as shipped with KDE 3.2.x up to including 3.4.0: backup files are created during saving with default permissions, even if the original file had more strict permissions set. The second affects Kopete as included in KDE 3.2.3 up to including KDE 3.4.1: the included copy of libgadu, if installed, can lead to integer overflows and remote DoS or arbitrary code execution.

Comments

So lets wait for the Service Pack. :)


By CJ at Thu, 2005/07/21 - 5:00am

and are there really people using it?


By lemmy at Thu, 2005/07/21 - 5:00am

It's quite popular in eastern Europe, or so I am told.


By Andre Somers at Thu, 2005/07/21 - 5:00am

I use Kopete a bunch to talk with those on the MSN network, but no, I have not heard of Gadu Gadu. MSN, IRC, Jabber, Yahoo!, and AIM are what I know (yes, Kopete does not do IRC, Konversation does, but it's what I know.)


By SuSE_User at Mon, 2005/07/25 - 5:00am

> yes, Kopete does not do IRC

It does.


By cm at Mon, 2005/07/25 - 5:00am

http://en.wikipedia.org/wiki/Gadu_Gadu

Few millions of (mostly) teenagers use that proprietary protocol. Service owners are making business by pushing advertisements aimed mostly at kids. Since their server is centralized, it crashes sometimes. In fact nobody knows why this is so popular then; I suppose teenagers are more happy with their displays filled with ads... :)
Historical reasons are most obvious answer though...


By bungy at Thu, 2005/07/21 - 5:00am

ads?
talk to millions of stupid dumb people that use aol's instant messenger that has least features, has ugliest and dumbest interface, and has the most annoying sound out of all messengers. yet there are tons of people that use it?
perhaps this is telling us something - most people are real morons :)

if you don't agree, go back and look at icq. it was the best messenger and the original one. it had tons of features. it had a kick ass interface. aol bought it and they screwed up the whole thing...now its nothing more than stupid aol.
only thing that icq has still that is better than any other messenger out there is the fact that it uses unique numbers instead of nick names. so you can pick whichever name and nick you want and you don't have to remember dumb nick names such si ")($mda9#lad_91291".

plus icq has badass search features. you can search by country, city, state, zip code, sex!, interests, etc, etc. in aol you can only search by that stupid nickname. so retarded.

and yes, i on purpose did not use any capitalization in this post. i figure that more aol users will understand this better that way. i couldn't bare not to use punctuation though!


By disapointed user at Fri, 2005/07/22 - 5:00am

Um, you don't pick your IM protocol, your friends pick it for you.

Which is why its nice to have clients like Kopete. :)


By Ian Monroe at Fri, 2005/07/22 - 5:00am

not always right. I'm partly successful in convincing my friends to switch to jabber. :-)

but it's surely good to have kopete to chat to the rest I haven't convinced yet...


By ac at Fri, 2005/07/22 - 5:00am

> perhaps this is telling us something - most people are real morons :)

I know you're just making a crack here, but since this is a common sentiment, it deserves debunking.

Most people don't care about technology at the level that say, readers of the Dot do. I'm sure auto mechanics sit around and talk about how stupid most people are when they can't figure out that the X-Blah '05's engine is a piece of crap. But those people (i.e. most of us) aren't morons, they just don't care.

It's the same with messaging protocols or operating systems or desktop environments or whatever. Most people just don't care. People generally don't ask, "Do I have access to the source?" or "What's the user name storage scheme?" It's more like, "Can I talk to Bob using that?" or "Can I open the things my mom sends me?"


By Scott Wheeler at Fri, 2005/07/22 - 5:00am

Not to forget: "PC magazin XY said that the app is cool and it even had the current version on CD".


By Christian Loose at Fri, 2005/07/22 - 5:00am

I use it.

It has many features that ICQ is praised below: unique numbers as user ID (unfortunately, recently they have started reusing dead numbers, I've been bitten by it (talking to somebody I've thought was my long-unseen friend)), searching by sex, age, location, first name AND the nickname.

Teenagers are fun sometimes, too ;->


By divide at Fri, 2005/07/22 - 5:00am

s/below/above/

Also, keep in mind that only the original client software shows the ads. All the others, including many open source ones (and there are many, multi-ones: Kopete, Miranda and dedicated: Kadu, EKG, Gnu Gadu, freegg; also there is Jabber transport for it, available, IIRC, on jabber.org.pl) don't do it.

Smart masses use the unofficial ones, that goes without saying ;-)


By divide at Fri, 2005/07/22 - 5:00am

Replying myself for the second time ;-)

I forgot Gaim, of course.

Also cool feature related to gadu-gadu (though perhaps in a convoluted manner) is standard encryption, which is encapsulated in open-source library libsim (IIRC). Although it's hardly official (the original client doesn't offer encryption), most alternative clients have the support built-in; so that one can have secure chats (as in: not cleartext, at least; ensuring all authenticity, integrity, non-replayability and secrecy on an asynchronous medium IM is is not that easy, and libsim certainly has its deficiencies) without the need to mix and match clients and plugins to get them to cooperate.


By divide at Fri, 2005/07/22 - 5:00am