Author Topic: KDE Overflow  (Read 3977 times)

0 Members and 2 Guests are viewing this topic.

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
KDE Overflow
« on: January 22, 2006, 12:29:59 am »
http://it.slashdot.org/article.pl?sid=06/01/21/0936249

Quote
"An incorrect bounds check has been discovered in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. It might allow malicious Javascript code to perform a heap overflow and crash Konqueror or even execute arbitrary code. Source diff patches for KDE 3.2.0 - 3.3.2 and KDE 3.4.0 - 3.5.0 are available."
And like a fool I believed myself, and thought I was somebody else...

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: KDE Overflow
« Reply #1 on: January 22, 2006, 12:51:27 am »
I got a BugTraq email about that.. Neat!
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: KDE Overflow
« Reply #2 on: January 22, 2006, 11:27:16 am »
Luckily, KDE sucks anyway :)

By the way, you should post the patches, just in case:
Quote
        Patch for KDE 3.4.0 - 3.5.0 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        ecc0ec13ce3b06e94e35aa8e937e02bf  post-3.4.3-kdelibs-kjs.diff

        Patch for KDE 3.2.0 - 3.3.2 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        9bca9b44ca2d84e3b2f85ffb5d30e047  post-3.2.3-kdelibs-kjs.diff

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: KDE Overflow
« Reply #3 on: January 22, 2006, 11:53:21 am »
* Newby is glad he uses FluxBox now. :)
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: KDE Overflow
« Reply #4 on: January 22, 2006, 02:06:35 pm »
Psh, XFCE!
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: KDE Overflow
« Reply #5 on: January 22, 2006, 02:23:36 pm »
And like a fool I believed myself, and thought I was somebody else...

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: KDE Overflow
« Reply #6 on: January 27, 2006, 10:03:15 pm »
wmaker ftw.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: KDE Overflow
« Reply #7 on: January 28, 2006, 03:37:38 am »
I'm going to start locking every thread that digresses into a discussion about window managers/desktop environment.  Take it somewhere else, please. 

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: KDE Overflow
« Reply #8 on: January 28, 2006, 10:57:36 am »
I'm going to start locking every thread that digresses into a discussion about window managers/desktop environment.  Take it somewhere else, please. 

Moved to Unix/Linux Discussion.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine