Security: Three KDE Security Advisories

Three security advisories have been issued by the KDE Security Team over the last days for two distinct vulnerabilities that have been found: all KDE releases up to and including KDE 3.3.2 are vunerable to a FTP KIO Slave Command Injection. Another xpdf Buffer Overflow has been found affecting kpdf in all KDE versions and also all KOffice 1.3 versions.

Dot Categories: 

Comments

by Davide Ferrari (not verified)

Wow, I'm already using since yesterday evening a patched KDE version, since Gentoo was really rapid to provide a new kdelibs ebuild!
And, about the FTP injection, Internet Explorer suffers the same bug..let's see how rapid MS will be....*g*

by Bill the Weasel (not verified)

In Service Pack 2 the error is already fixed.

by DFJA (not verified)

So no good for users of older versions of MS Windows then...?

by Luca Piccarreta (not verified)

... Were previous builds of KDE fixed too?
(From a Linux fan, windows user)
Cheers

by Henrique (not verified)

KDE does not release pre-built packages, but patches for fixing the problems found were released for KDE 3.2.