http://it.slashdot.org/article.pl?sid=06/01/21/0936249
Quote
"An incorrect bounds check has been discovered in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. It might allow malicious Javascript code to perform a heap overflow and crash Konqueror or even execute arbitrary code. Source diff patches for KDE 3.2.0 - 3.3.2 and KDE 3.4.0 - 3.5.0 are available."
I got a BugTraq email about that.. Neat!
Luckily, KDE sucks anyway :)
By the way, you should post the patches, just in case:
QuotePatch for KDE 3.4.0 - 3.5.0 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
ecc0ec13ce3b06e94e35aa8e937e02bf post-3.4.3-kdelibs-kjs.diff
Patch for KDE 3.2.0 - 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
9bca9b44ca2d84e3b2f85ffb5d30e047 post-3.2.3-kdelibs-kjs.diff
/me is glad he uses FluxBox now. :)
Psh, XFCE!
wmaker ftw.
I'm going to start locking every thread that digresses into a discussion about window managers/desktop environment. Take it somewhere else, please.
Quote from: iago on January 28, 2006, 03:37:38 AM
I'm going to start locking every thread that digresses into a discussion about window managers/desktop environment. Take it somewhere else, please.
Moved to Unix/Linux Discussion.