KDE's serious vulnerabilities put Linux,Unix Systems on risk

praka123 · 01-02-2006, 12:10 PM

Quote:

A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems. KDE is a desktop software package for Linux and Unix systems and includes the Konqueror Web browser and other applications.

The vulnerability lies in the JavaScript interpreter engine used by Konqueror and other parts of KDE, according to a security advisory posted Thursday. An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory. For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.

Source
patches are available at kde ftp mirrors..
I think this is the time KDE Users should @tleast try to move toGNOME DE or anyother lightweight WM/DE.GNOME is based on pure OSS.As U know KDE's QT has got a confusing License terms resembling a propreitory License.

vignesh · 01-02-2006, 07:06 PM

I am using Gnome..even since.

infra_red_dude · 01-02-2006, 07:29 PM

i wouldn't wanna let go of kde!

Satissh S · 01-02-2006, 07:55 PM

Ah! Hope we dont split into kde n GNOMe guys. OSS communities are quite dynamic and rest assured prakash, Vulnerabilities wud be patched soon. I personally use neither.
I use a personalised fluxbox with personalised menus. lots of keyboard shortcuts and dashboards etc., and my work wud be seriously hampered if switched to any other WM. So kinda addicted to it.
I haven't read the 'trolltech qt' license fully but have seen first few lines of it in the 'qt designer' About dialog.. Something like 'qt' commercial license and 'qt' OSs license which does not allow the code developed to be used for commercial purposes and the like.. not sure. correct if wrong.

infra_red_dude · 01-02-2006, 08:01 PM

yeah you are right about the terms & conditions satish s. but seriously till a few years ago i was a bigtime fan of gnome + enlightenment. ever since i saw kde3, i switched over! well the kde vs gnome was is an old one!

mehulved · 01-02-2006, 10:09 PM

I find KDE better than GNOME so I would go for KDE as my default DE. Haven't used any WM's so extensively so will be moving to them soon.

eddie · 02-02-2006, 01:46 AM

Since it is about security it is imperative to mention here that the vulnerability was found by a KDE developer only (Maksim) and was patched without any delay.
http://www.kde.org/info/security/adv...20060119-1.txt

Also even if this vulnerability was ever exploited by an attacker, he could've taken control of your system "only if" you used konqueror as your web browser and that too as root. Otherwise the maximum that the attacker could've done was do something bad to the user's account. Agreed that is not a small thing either, but just wanted to clarify this thing.

Quote:

Originally Posted by prakash kerala

I think this is the time KDE Users should @tleast try to move toGNOME DE or anyother lightweight WM/DE.

If you have reasons other than security then I am all ears but if you are talking about security then the following links might be of interest to you.
http://secunia.com/product/219/
http://secunia.com/product/3277/

Quote:

GNOME 2.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical

Quote:

KDE 3.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical

I am not saying that one product is better then another one. Just giving a view about security advisories, so please don't flame.

eddie · 02-02-2006, 01:55 AM

Quote:

Originally Posted by prakash kerala

As U know KDE's QT has got a confusing License terms resembling a propreitory License.

The following links might interest you.

Quote:

"Qt is not free": Qt is licensed under the GNU GPL license: The same license than many GNU projects and the Linux kernel. Yes, Qt has an additional commercial license. This doesn't makes Qt less free, because the GPL version already gives you all the freedom you need. You can read more on the topic on the KDE myths web page. In case you don't trust me, let me quote Richard Stallman on the Qt 2.2 announcement: "I am very pleased to see that Qt is now available under the GPL. This is a big win free software and a great gift from Trolltech to the community".

http://kdemyths.urbanlizard.com/topic/10
http://www.terra.es/personal/diegocg/kde/

praka123 · 02-02-2006, 05:40 AM

I dont want to flame.regarding security things,these are been fixed and if older versions of vulnerable software exists are pathched by the distro vendor.for eg;Debian.and searching for KDE/QT in secunia site will display a whopping number[Found: 216 Secunia Security Advisories, displaying 1-25]while GNOME shows smaller number of vulnerabilities[Found: 105 Secunia Security Advisories, displaying 1-25]but GNOME is the product coming from floss volunteers,when KDE started as propreitory.Because of the very existance of GNOME DE,QT announced KDE/QT as GPLed as U quote.As about GNOME's vulnerabilities,it is got fixed really fast..and i donknow why KDE's given an uphand though GNOME exists as a 100% free DE.Trolltech's ambitions with qt/kde are not that good looking for OSS.And i hate KDE's Wingdowish look if U mind it or not.Why should we hold the ghost of Wingdows in GNU/Linux as KDE?.Hope Linux will grow with GNOME and other open window managers.Happy GNU/Linuxing!

infra_red_dude · 03-02-2006, 12:37 AM

aaah...do i smell another kde vs gnome war????!!!!

eddie · 03-02-2006, 01:06 AM

Quote:

Originally Posted by prakash kerala

..searching for KDE/QT in secunia site will display a whopping number[Found: 216 Secunia Security Advisories, displaying 1-25]while GNOME shows smaller number of vulnerabilities[Found: 105 Secunia Security Advisories, displaying 1-25]

When it comes to vulnerabilities, its not the number but the severity that matters and GNOME clearly has more severe of them.

Quote:

As about GNOME's vulnerabilities,it is got fixed really fast..

I don't think so. You should see the "Solution status" on the Secunia links I posted in my earlier post. You will find that out of the 5 vulnerabilities found in GNOME since 2003, none has been patched till date while out of 30 found in KDE, only one is still unpatched. Now you should decide yourself as to who is fixing the vulnerabilities faster.

Quote:

GNOME exists as a 100% free DE.

So does KDE.

Quote:

Trolltech's ambitions with qt/kde are not that good looking for OSS.

Please be kind enough to explain that statement.

Quote:

And i hate KDE's Wingdowish look if U mind it or not.Why should we hold the ghost of Wingdows in GNU/Linux as KDE?

Lets just stay with security issues, else this topic will become a flame war

niranjan_mcarenyold · 03-02-2006, 10:46 AM

KDE rocks

praka123 · 03-02-2006, 11:55 AM

Aww..Yeah..Me waiting for Next GNOME release /\
KDE

View Poll Results: Do You shift to GNOME or other Window Managers ?
Yes.I am moving/already using to GNOME/other WMs	4	44.44%
No.I never leave KDE is such a nice Desktop Environment	5	55.56%
Voters: 9. You may not vote on this poll

01-02-2006, 07:29 PM	#3 (permalink)
infra_red_dude Wire muncher! Join Date: Nov 2003 Posts: 6,164	i wouldn't wanna let go of kde! __________________ "The true measure of a man is how he treats someone who can do him absolutely no good." http://phoenix-ani.blogspot.com

01-02-2006, 07:55 PM	#4 (permalink)
Satissh S Alpha Geek Join Date: Mar 2005 Location: Chennai , India Posts: 693	Ah! Hope we dont split into kde n GNOMe guys. OSS communities are quite dynamic and rest assured prakash, Vulnerabilities wud be patched soon. I personally use neither. I use a personalised fluxbox with personalised menus. lots of keyboard shortcuts and dashboards etc., and my work wud be seriously hampered if switched to any other WM. So kinda addicted to it. I haven't read the 'trolltech qt' license fully but have seen first few lines of it in the 'qt designer' About dialog.. Something like 'qt' commercial license and 'qt' OSs license which does not allow the code developed to be used for commercial purposes and the like.. not sure. correct if wrong. __________________ Call it Emacs, Love it or Leave it.

01-02-2006, 08:01 PM	#5 (permalink)
infra_red_dude Wire muncher! Join Date: Nov 2003 Posts: 6,164	yeah you are right about the terms & conditions satish s. but seriously till a few years ago i was a bigtime fan of gnome + enlightenment. ever since i saw kde3, i switched over! well the kde vs gnome was is an old one! __________________ "The true measure of a man is how he treats someone who can do him absolutely no good." http://phoenix-ani.blogspot.com

01-02-2006, 10:09 PM	#6 (permalink)
mehulved 18 Till I Die............ Join Date: Jul 2004 Location: India, Mumbai, Marine Lines Posts: 5,792	I find KDE better than GNOME so I would go for KDE as my default DE. Haven't used any WM's so extensively so will be moving to them soon. __________________ http://www.bash.org/?258908

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine

	Advertisements. Register and be a member of the community to get rid of them.
Advertisement

01-02-2006, 07:06 PM	#2 (permalink)
vignesh Wise Old Owl Join Date: Jul 2004 Location: Chennai Posts: 1,659	I am using Gnome..even since.

02-02-2006, 05:40 AM	#9 (permalink)
praka123 left this forum longback Join Date: Sep 2005 Location: - Posts: 7,513	I dont want to flame.regarding security things,these are been fixed and if older versions of vulnerable software exists are pathched by the distro vendor.for eg;Debian.and searching for KDE/QT in secunia site will display a whopping number[Found: 216 Secunia Security Advisories, displaying 1-25]while GNOME shows smaller number of vulnerabilities[Found: 105 Secunia Security Advisories, displaying 1-25]but GNOME is the product coming from floss volunteers,when KDE started as propreitory.Because of the very existance of GNOME DE,QT announced KDE/QT as GPLed as U quote.As about GNOME's vulnerabilities,it is got fixed really fast..and i donknow why KDE's given an uphand though GNOME exists as a 100% free DE.Trolltech's ambitions with qt/kde are not that good looking for OSS.And i hate KDE's Wingdowish look if U mind it or not.Why should we hold the ghost of Wingdows in GNU/Linux as KDE?.Hope Linux will grow with GNOME and other open window managers.Happy GNU/Linuxing! __________________ left this forum long back.Admin Can Delete this Account and posts Permanantly.Thank You Get GNU/Linux - http://getgnulinux.org

03-02-2006, 12:37 AM	#10 (permalink)
infra_red_dude Wire muncher! Join Date: Nov 2003 Posts: 6,164	aaah...do i smell another kde vs gnome war????!!!! __________________ "The true measure of a man is how he treats someone who can do him absolutely no good." http://phoenix-ani.blogspot.com

03-02-2006, 10:46 AM	#12 (permalink)
niranjan_mcarenyold Apprentice Join Date: Sep 2004 Location: R u blind, I am in front of you Posts: 74	KDE rocks __________________ It`s great to feel great, but if you overate last night, you don`t. be good to night

03-02-2006, 11:55 AM	#13 (permalink)
praka123 left this forum longback Join Date: Sep 2005 Location: - Posts: 7,513	Aww..Yeah..Me waiting for Next GNOME release /\ KDE

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode