Security: Three KDE Security Advisories

Three security advisories have been issued by the KDE Security Team over the last days for two distinct vulnerabilities that have been found: all KDE releases up to and including KDE 3.3.2 are vunerable to a FTP KIO Slave Command Injection. Another xpdf Buffer Overflow has been found affecting kpdf in all KDE versions and also all KOffice 1.3 versions.


Wow, I'm already using since yesterday evening a patched KDE version, since Gentoo was really rapid to provide a new kdelibs ebuild!
And, about the FTP injection, Internet Explorer suffers the same bug..let's see how rapid MS will be....*g*

By Davide Ferrari at Wed, 2005/01/05 - 6:00am

In Service Pack 2 the error is already fixed.

By Bill the Weasel at Wed, 2005/01/05 - 6:00am

So no good for users of older versions of MS Windows then...?

By DFJA at Thu, 2005/01/06 - 6:00am

... Were previous builds of KDE fixed too?
(From a Linux fan, windows user)

By Luca Piccarreta at Thu, 2005/01/06 - 6:00am

KDE does not release pre-built packages, but patches for fixing the problems found were released for KDE 3.2.

By Henrique at Thu, 2005/01/06 - 6:00am