Three security advisories have been issued by the KDE Security Team over the last days for two distinct vulnerabilities that have been found: all KDE releases up to and including KDE 3.3.2 are vunerable to a FTP KIO Slave Command Injection. Another xpdf Buffer Overflow has been found affecting kpdf in all KDE versions and also all KOffice 1.3 versions.
Comments:
Wow! - Davide Ferrari - 2005-01-05
Wow, I'm already using since yesterday evening a patched KDE version, since Gentoo was really rapid to provide a new kdelibs ebuild!
And, about the FTP injection, Internet Explorer suffers the same bug..let's see how rapid MS will be....*g*
SP2 - Bill the Weasel - 2005-01-05
In Service Pack 2 the error is already fixed.
Re: SP2 - DFJA - 2005-01-06
So no good for users of older versions of MS Windows then...?
Re: SP2 - Luca Piccarreta - 2005-01-06
... Were previous builds of KDE fixed too?
(From a Linux fan, windows user)
Cheers
Re: SP2 - Henrique - 2005-01-06
KDE does not release pre-built packages, but patches for fixing the problems found were released for KDE 3.2.