Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Red Hat, Suse patch critical KDE security hole
InfoWorld ^ | 23 January 2006 | James Niccolai

Posted on 01/23/2006 8:21:55 AM PST by ShadowAce

Red Hat and Suse have released patches for a critical security hole in their Linux distributions that stem from a vulnerability in the KDE desktop environment.

KDE is a user interface package used with several versions of Unix and Linux. The KDE hole was discovered Thursday and rated critical by both Red Hat and the French Security Incident Response Team (FrSIRT).

It affects the JavaScript engine used in various parts of KDE, including its Konqueror Web browser. The flaw could allow a remote attacker to launch an overflow attack and run arbitrary code on the user's machine, FrSIRT said.

Users could disable JavaScript in Konqueror as a workaround, but some Web sites might not display properly and installing the patches is better, said Suse, which is part of Novell.

The problem affects version 4 of Red Hat Enterprise Linux AS, ES, and WS, and also version 4 of Red Hat Desktop. Red Hat released patches for those products late last week on the Red Hat Network, it said.

The versions of Suse Linux affected are 10.0, 9.3, 9.2 and 9.1, according to a Suse advisory at http://www.novell.com/linux/security/advisories/2006_03_kdelibs3.html/

KDE also released patches for the hole, and an advisory at http://kde.org/info/security/advisory-20060119-1.txt. The flaw affects KDE 3.2.0 up to and including KDE 3.5.0, it said.

The newest version of KDE released in November, KDE 3.5, is apparently not affected. Also not affected are Red Hat Enterprise Linux 3 or 2.1, Red Hat said.

The FrSIRT advisory is at http://www.frsirt.com/english/advisories/2006/0279


TOPICS: Technical
KEYWORDS: kde; linux; patch
Navigation: use the links below to view more comments.
first previous 1-2021-31 last
To: blues_guitarist

What distro are you running under that WindowMaker. I tried it a few years ago on Mandrake, and wasn't too happy with. I'm a NextStep veteran, so I had some sentimental interest in WindowMaker and OpenStep...


21 posted on 01/23/2006 2:13:39 PM PST by KayEyeDoubleDee (const Tag &referenceToConstTag)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ShadowAce
This, plus the motivation of the involved developers being more project-oriented than closed-source developers, and yes--all bugs are shallow in comparison with closed-source projects.

That's a buttload of crap. Closed-source developers aren't any less "project-oriented" than open source developers. Probably more so. I know you'd like to think so but bugs aren't shallow in either methodology.
22 posted on 01/23/2006 2:32:00 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Bush2000
Closed-source developers aren't any less "project-oriented" than open source developers.

So your position is that if you quit paying the MS developers, they'd gladly stay on and work?

23 posted on 01/23/2006 2:34:45 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 22 | View Replies]

To: ShadowAce
So your position is that if you quit paying the MS developers, they'd gladly stay on and work?

Non-sequitor. If the companies that pay the devs that do open source in their free time stop paying them, they're not going to afford to stay on and work on the OSS projects, either.
24 posted on 01/23/2006 3:19:14 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 23 | View Replies]

To: KayEyeDoubleDee
I've found that the configuration that comes with Suse is preconfigured pretty well. It's set up to have access to the default Suse menus right from your right click menu.
25 posted on 01/23/2006 3:31:58 PM PST by blues_guitarist (Ez. 38 & 39 <--- It's closer than you think!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Bush2000
Non-sequitor.

No, it's not. Less than half of all FLOSS developers are paid to develop software for the project they are woring on. Yes, most of the large, well-known projects have paid developers, but those comprise a very small minority of projects.

26 posted on 01/24/2006 5:31:13 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 24 | View Replies]

To: ShadowAce
No, it's not. Less than half of all FLOSS developers are paid to develop software for the project they are woring on. Yes, most of the large, well-known projects have paid developers, but those comprise a very small minority of projects.

Yes, it is. Take away a paycheck from either closed source or open source developers -- regardless of that source of income -- and you're not going to see people dedicating their time to their projects.
27 posted on 01/24/2006 10:29:48 AM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Bush2000
The point is where that paycheck comes from. How many MS developers contribute their free/spare time to coding for MS? Contrast that to how many FLOSS developers are contributing their time and effort in addition to their full-time jobs. The difference is because of the orientation of those developers--FLOSS developers contribute is spite of not being paid by that project. MS developers contribute solely because they are being paid by that project.

That is the difference, and that is my point.

28 posted on 01/24/2006 10:43:22 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 27 | View Replies]

To: ShadowAce
The point is where that paycheck comes from. How many MS developers contribute their free/spare time to coding for MS?

A majority of them. Overtime is not reimbursed at MS. Every dev that I know that works there is a workaholic. And many of them work on joint projects between several teams that aren't reimbursed. For example, DirectX started as a joint effort initiated by Alex St. John. People simply believed in the concept and made it happen. Without anybody paying them to do it. Consequently, based on what I've seen, your original statement is BS.
29 posted on 01/24/2006 11:35:13 AM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 28 | View Replies]

To: ShadowAce
I'll disagree with that. I don't think that OSS programmers are necessarily more motivated or more able than their closed-source counterparts. Professional programmers are like everyone else, in the sense that most of them take some amount of pride in their work, and few of them want to be seen as Charlie Codegrinder, doing whatever bare minimum is necessary to keep from getting fired.

As far as ability goes, most OSS programmers are limited in what they can contribute by the simple fact that almost all of them have to have day jobs, so as to put food on the table and keep the lights on and so forth. It's awfully hard to put in an 80-hour week when you're up against a deadline for your real job, and then come home and not be too fried to put some real effort into hobby programming. Unless by "ability" you mean "talent", but I don't think either OSS or closed-source projects have a monopoly on talent.

Anyway, where you have OSS projects with a dedicated core of talented programmers, the output is generally of high quality. But of course, that's equally true for closed-source software.

30 posted on 01/24/2006 11:50:57 AM PST by Senator Bedfellow
[ Post Reply | Private Reply | To 20 | View Replies]

To: ShadowAce

"What are you suggesting? "Many eyeballs" translates into instantaneous discovery?"


Sure, because that is the value point the Open Source crowd claims of having "Many eyeballs".


31 posted on 01/24/2006 12:13:28 PM PST by CodeToad
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-31 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson