Follow

There is a vulnerability in the Plasma desktop that KDE developers are currently working to patch. The details are here.

zdnet.com/article/unpatched-kd

For the moment avoid downloading .desktop or .directory files and extracting archives from untrusted sources.

Also, if you discover a similar vulnerability, it is best to send an email security@kde.org before making it public. This will give us time to patch it and keep users safe before the bad guys try to exploit it.

.@kde@mastodon.technology Downloads of .desktop files should in general be treated about as suspiciously as .lnk files on Windows.

@kde
"Researcher did not notify KDE team" What a shit and what a strange excuse.
But please, make KDE safer and stay that way, because I really like it.

@kde sucks Penner just wanted props before defcon. I hope its not too much hassle for you.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either! We adhere to an adapted version of the TootCat Code of Conduct and have documented a list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators. Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!