and it beginsKDE flaws put Linux, Unix systems at risk
By Joris Evers
Staff Writer, CNET News.com
Published: January 20, 2006, 11:44 AM PST
A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems. KDE is a desktop software package for Linux and Unix systems and includes the Konqueror Web browser and other applications.
The vulnerability lies in the JavaScript interpreter engine used by Konqueror and other parts of KDE, according to a security advisory posted Thursday. An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory. For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.
Source
just because Linux wasn't that widely used I think not too many vulnerabilities were exploited but it seems that is about to change.I hope am wrong.
btw ,did you guys know about this:
http://secunia.com/advisories/14295/
good site to chk on stuff like that;
http://www.insecure.org/sploits_linux.html
http://www.linuxsecurity.com/advisories/
can we have a section for security updates and alerts?
did i mention that I'm paranoid
