Slashdot Mirror

← Back to Stories (view on slashdot.org)

KDE Heap Overflow Vulnerability Found

Posted by CowboyNeal on from the holes-in-the-dike dept.

sayanchak writes "An incorrect bounds check has been discovered in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. It might allow malicious Javascript code to perform a heap overflow and crash Konqueror or even execute arbitrary code. Source diff patches for KDE 3.2.0 - 3.3.2 and KDE 3.4.0 - 3.5.0 are available."

2 of 233 comments (clear)

  1. Re:This is why I use Windows by belg4mit · · Score: 0, Troll

    You're a troll but you still need to be whacked with a clue-by-four, a desktop and windowing environment is not
    "a part of the OS" in linux. At least not as you intend
    to parrot in your mangle way. The complaint about MS is
    the running of said things in or at the kernel. HAND

    --
    Were that I say, pancakes?
  2. Re:This is why I use Windows by NutscrapeSucks · · Score: 0, Troll

    a desktop and windowing environment is not "a part of the OS" in linux.

    This sort of argument is basically specious CSci hairsplitting. The "operating system" provides a runtime environment for application software. There's no fundemental difference between the KDE system and the MS Windows system.

    The complaint about MS is the running of said things in or at the kernel.

    No it isn't. This is something that technically clueless Linux users invented.

    --
    Whenever I hear the word 'Innovation', I reach for my pistol.