The Inquirer-Home

KDE users have to patch twice

Holy penguin
Fri May 20 2005, 09:40
LINUX AND Unix users of KDE who lovingly patched their systems last month to avoid a major security glitch will have to go through the whole process again, it has transpired.

According to the KDE project here, the original patch contained errors.

The original vulnerability caused problems for the kimgio component when processing PCX image files. Basically any hacker could use the weakness to execute malicious code and take over a system. The flaw affects KDE Versions 3.2 to 3.4, according to KDE.

The patches last month fixed the problem, but still allowed local users to exploit the bug by serving files from the /tmp directory. It also introduced a new bug that triggered kimgio's compatibility with .rgb images.

A patch is FTPable here. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?