Which desktop is better KDE/GNOME.

6 replies [Last post]
SabirSaleem90
Offline
Joined: 10/03/2021

HI,

I had installed KDE Desktop triskel

But I came to know the virus of .directory and .desktop which was creating malicious scripts and performing their tasks in background as KDE Team was not aware after circulating that questions KDE Team took that question and furthermore fixed that issue in their newer versions of kubuntu and released backports.

But I came to know trisquel in triskel KDE Version using previous version which is not upgrading when I do

sudo apt-get update
sudo apt-get upgrade.

so using triskel but un upgraded version is something risky ?...

I just moved to gnome desktop in trisquel right now because I am very concerned about KDE Team bugs and trisquel using previous versions still.

References :

KDE .desktop directory virus.

https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/

Legimet
Offline
Joined: 12/10/2013

This was fixed in Trisquel 8 two years ago, in kconfig version 5.44.0-0ubuntu1.1. If your system is up to date, you don't have this vulnerability. If you run
zless /usr/share/doc/libkf5configcore5/changelog.Debian.gz
you will see the changelog entry for this bug fix. (Also, this is not a virus but a vulnerability. A virus is a type of malware that replicates its code and inserts it into other programs.)

Legimet
Offline
Joined: 12/10/2013

Btw I meant Trisquel 9, not 8.

SabirSaleem90
Offline
Joined: 10/03/2021

Well I see version 5.44 of KDE Framework can you help me to upgrade it it above 5.61 newer version I installed backport

sudo add-apt-repository ppa:kubuntu-ppa/backports
sudo apt-get update
sudo apt-get dist-upgrade

but no changes it is same version still

Thank you

Beformed
Offline
Joined: 01/12/2017

Hello, that is not the way to add backports to Triskel. Those are kubuntu backports and you could cause issues by using them. To enable backports in Triskel, edit your /etc/apt/sources.list or the command 'sudo apt edit-sources' then comment in the backports lines. Keep in mind KDE may not have a backport.

On the other hand as some people have already told you. That vulnerability has been fixed in the version of kde triskel ships.

SabirSaleem90
Offline
Joined: 10/03/2021

I am seeing this seems not fixed last comment right ?

kconfig (5.44.0-0ubuntu1.1) bionic-security; urgency=medium

* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the affected feature as
currently 'unused'.
- CVE-2019-14744

-- Rik Mills <name at domain> Fri, 09 Aug 2019 08:24:44 +0100

kconfig (5.44.0-0ubuntu1) bionic; urgency=medium

* New upstream release (5.44.0)

-- Rik Mills <name at domain> Mon, 12 Mar 2018 19:56:32 +0000

kconfig (5.43.0-0ubuntu1) bionic; urgency=medium

* New upstream release (5.43.0)

-- Rik Mills <name at domain> Sun, 11 Feb 2018 11:14:14 +0000

kconfig (5.42.0-0ubuntu1) bionic; urgency=medium
:

Legimet
Offline
Joined: 12/10/2013

As you can see in the changelog entry,

* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).

This indicates that the vulnerability has been fixed. No need to install backports. Your system is not vulnerable.