KDE's serious vulnerabilities put Linux,Unix Systems on risk

Do You shift to GNOME or other Window Managers ?

  • Yes.I am moving/already using to GNOME/other WMs

    Votes: 254 100.0%

  • No.I never leave KDE is such a nice Desktop Environment

    Votes: 0 0.0%
  • Total voters
    254
Status
Not open for further replies.
praka123

praka123

left this forum longback
A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems. KDE is a desktop software package for Linux and Unix systems and includes the Konqueror Web browser and other applications.

The vulnerability lies in the JavaScript interpreter engine used by Konqueror and other parts of KDE, according to a security advisory posted Thursday. An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory. For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.
Click to expand...
Source
patches are available at kde ftp mirrors..
I think this is the time KDE Users should @tleast try to move toGNOME DE or anyother lightweight WM/DE.GNOME is based on pure OSS.As U know KDE's QT has got a confusing License terms resembling a propreitory License.
 
Satissh S

Satissh S

Youngling
Ah! Hope we dont split into kde n GNOMe guys. OSS communities are quite dynamic and rest assured prakash, Vulnerabilities wud be patched soon. I personally use neither.
I use a personalised fluxbox with personalised menus. lots of keyboard shortcuts and dashboards etc., and my work wud be seriously hampered if switched to any other WM. So kinda addicted to it.
I haven't read the 'trolltech qt' license fully but have seen first few lines of it in the 'qt designer' About dialog.. Something like 'qt' commercial license and 'qt' OSs license which does not allow the code developed to be used for commercial purposes and the like.. not sure. correct if wrong. :)
 
infra_red_dude

infra_red_dude

Wire muncher!
yeah you are right about the terms & conditions satish s. but seriously till a few years ago i was a bigtime fan of gnome + enlightenment. ever since i saw kde3, i switched over! well the kde vs gnome was is an old one!
 
M

mehulved

18 Till I Die............
I find KDE better than GNOME so I would go for KDE as my default DE. Haven't used any WM's so extensively so will be moving to them soon.
 
eddie

eddie

El mooooo
Since it is about security it is imperative to mention here that the vulnerability was found by a KDE developer only (Maksim) and was patched without any delay.
www.kde.org/info/security/advisory-20060119-1.txt

Also even if this vulnerability was ever exploited by an attacker, he could've taken control of your system "only if" you used konqueror as your web browser and that too as root. Otherwise the maximum that the attacker could've done was do something bad to the user's account. Agreed that is not a small thing either, but just wanted to clarify this thing.

prakash kerala said:
I think this is the time KDE Users should @tleast try to move toGNOME DE or anyother lightweight WM/DE.
Click to expand...
If you have reasons other than security then I am all ears but if you are talking about security then the following links might be of interest to you.
*secunia.com/product/219/
*secunia.com/product/3277/

GNOME 2.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical
Click to expand...
KDE 3.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical
Click to expand...
I am not saying that one product is better then another one. Just giving a view about security advisories, so please don't flame.
 
eddie

eddie

El mooooo
prakash kerala said:
As U know KDE's QT has got a confusing License terms resembling a propreitory License.
Click to expand...
The following links might interest you.

"Qt is not free": Qt is licensed under the GNU GPL license: The same license than many GNU projects and the Linux kernel. Yes, Qt has an additional commercial license. This doesn't makes Qt less free, because the GPL version already gives you all the freedom you need. You can read more on the topic on the KDE myths web page. In case you don't trust me, let me quote Richard Stallman on the Qt 2.2 announcement: "I am very pleased to see that Qt is now available under the GPL. This is a big win free software and a great gift from Trolltech to the community".
Click to expand...
*kdemyths.urbanlizard.com/topic/10
*www.terra.es/personal/diegocg/kde/
 
OP
praka123

praka123

left this forum longback
I dont want to flame.regarding security things,these are been fixed and if older versions of vulnerable software exists are pathched by the distro vendor.for eg;Debian.and searching for KDE/QT in secunia site will display a whopping number[Found: 216 Secunia Security Advisories, displaying 1-25]while GNOME shows smaller number of vulnerabilities[Found: 105 Secunia Security Advisories, displaying 1-25]but GNOME is the product coming from floss volunteers,when KDE started as propreitory.Because of the very existance of GNOME DE,QT announced KDE/QT as GPLed as U quote.As about GNOME's vulnerabilities,it is got fixed really fast..and i donknow why KDE's given an uphand though GNOME exists as a 100% free DE.Trolltech's ambitions with qt/kde are not that good looking for OSS.And i hate KDE's Wingdowish look if U mind it or not.Why should we hold the ghost of Wingdows in GNU/Linux as KDE?.Hope Linux will grow with GNOME and other open window managers.Happy GNU/Linuxing!
 
eddie

eddie

El mooooo
prakash kerala said:
..searching for KDE/QT in secunia site will display a whopping number[Found: 216 Secunia Security Advisories, displaying 1-25]while GNOME shows smaller number of vulnerabilities[Found: 105 Secunia Security Advisories, displaying 1-25]
Click to expand...
When it comes to vulnerabilities, its not the number but the severity that matters and GNOME clearly has more severe of them.

As about GNOME's vulnerabilities,it is got fixed really fast..
Click to expand...
I don't think so. You should see the "Solution status" on the Secunia links I posted in my earlier post. You will find that out of the 5 vulnerabilities found in GNOME since 2003, none has been patched till date while out of 30 found in KDE, only one is still unpatched. Now you should decide yourself as to who is fixing the vulnerabilities faster.

GNOME exists as a 100% free DE.
Click to expand...
So does KDE.

Trolltech's ambitions with qt/kde are not that good looking for OSS.
Click to expand...
Please be kind enough to explain that statement.

And i hate KDE's Wingdowish look if U mind it or not.Why should we hold the ghost of Wingdows in GNU/Linux as KDE?
Click to expand...
Lets just stay with security issues, else this topic will become a flame war :)
 
OP
praka123

praka123

left this forum longback
Aww..Yeah..Me waiting for Next GNOME release /\
KDE *differentdawn.com/board/images/icons/icon13.gif
 
Status
Not open for further replies.
Top Bottom