KDE has already fixed the Plasma security flaw. Patch now available in KDE neon and soon in the official repositories

Safe plasma

They have hurried. And we are not surprised. Last Tuesday, a security investigator published un security flaw in Plasma and it did so without notifying its developers. The gesture, ugly and politely held in his face, he did because «I just wanted to leave a 0day before Defcon'I mean, because he wanted to get a bit of fame or to be talked about at the Defcon security conference. KDE Community has had to work against the clock, but it has already fixed the problem.

As they have published on social networks, the patches are now available in KDE neon, while they will soon appear in the official Ubuntu repositories for Canonical system-based operating systems that use the Plasma graphical environment, such as Kubuntu. This is a perfect example that explains one of the differences between Kubuntu and KDE neon: Plasma bugs, security or not, are fixed and available sooner in KDE neon, while Kubuntu users have to wait for the patches to be delivered to Canonical and it uploads them to their official repositories.

KDE Community fixes Plasma security flaw in about 24 hours

The KDE developers have fixed the bug that allowed potentially dangerous code to run. The update is already in neon and will appear soon in your distribution.

Although the patch is already available (neon) or will be soon (official repositories), the KDE Community published last night the three possibilities to apply it manually:

  • Update Frameworks to version 5.61. Frameworks 5.61 will be officially released next Saturday, but it usually takes about a week to reach the official repositories.
  • Apply available patch here.
  • Kdlibs 4.14 users should apply this other patch.
  • And a fourth option added by the editor: patience. The simplest thing, considering that the failure can only be exploited if we download a .desktop or .directory file, is to wait and apply the patches from Discovery.

As we expected, KDE has responded. From here I can only say: thank you.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.