Latest KDE Security Vulnerabilities Are Patched in Ubuntu and Debian, Update Now
The Debian Project and Canonical released security updates for their supported operating systems to address some recently disclosed vulnerabilities in the KDE libraries.
A couple of weeks ago, the KDE community fixed a security vulnerability discovered by Dominik Penner in the KConfig component, the configuration settings framework of the KDE Plasma desktop environment, which could allow an attacker to execute malicious code through a specially crafted .desktop file included in an archive that was opened in the file manager.
“Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it’s embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature,” reads the Debian security advisory.
T… (read more)