Skip to content

Security: Three KDE Security Advisories

Thursday, 6 January 2005  |  Binner

Three security advisories have been issued by the KDE Security Team over the last days for two distinct vulnerabilities that have been found: all KDE releases up to and including KDE 3.3.2 are vunerable to a FTP KIO Slave Command Injection. Another xpdf Buffer Overflow has been found affecting kpdf in all KDE versions and also all KOffice 1.3 versions.

Comments:

Wow! - Davide Ferrari - 2005-01-05

Wow, I'm already using since yesterday evening a patched KDE version, since Gentoo was really rapid to provide a new kdelibs ebuild! And, about the FTP injection, Internet Explorer suffers the same bug..let's see how rapid MS will be....*g*

SP2 - Bill the Weasel - 2005-01-05

In Service Pack 2 the error is already fixed.

Re: SP2 - DFJA - 2005-01-06

So no good for users of older versions of MS Windows then...?

Re: SP2 - Luca Piccarreta - 2005-01-06

... Were previous builds of KDE fixed too? (From a Linux fan, windows user) Cheers

Re: SP2 - Henrique - 2005-01-06

KDE does not release pre-built packages, but patches for fixing the problems found were released for KDE 3.2.