Which desktop is better KDE/GNOME.
- Inicie sesión o regístrese para enviar comentarios
HI,
I had installed KDE Desktop triskel
But I came to know the virus of .directory and .desktop which was creating malicious scripts and performing their tasks in background as KDE Team was not aware after circulating that questions KDE Team took that question and furthermore fixed that issue in their newer versions of kubuntu and released backports.
But I came to know trisquel in triskel KDE Version using previous version which is not upgrading when I do
sudo apt-get update
sudo apt-get upgrade.
so using triskel but un upgraded version is something risky ?...
I just moved to gnome desktop in trisquel right now because I am very concerned about KDE Team bugs and trisquel using previous versions still.
References :
KDE .desktop directory virus.
https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/
This was fixed in Trisquel 8 two years ago, in kconfig version 5.44.0-0ubuntu1.1. If your system is up to date, you don't have this vulnerability. If you run
zless /usr/share/doc/libkf5configcore5/changelog.Debian.gz
you will see the changelog entry for this bug fix. (Also, this is not a virus but a vulnerability. A virus is a type of malware that replicates its code and inserts it into other programs.)
Btw I meant Trisquel 9, not 8.
Well I see version 5.44 of KDE Framework can you help me to upgrade it it above 5.61 newer version I installed backport
sudo add-apt-repository ppa:kubuntu-ppa/backports
sudo apt-get update
sudo apt-get dist-upgrade
but no changes it is same version still
Thank you
Hello, that is not the way to add backports to Triskel. Those are kubuntu backports and you could cause issues by using them. To enable backports in Triskel, edit your /etc/apt/sources.list or the command 'sudo apt edit-sources' then comment in the backports lines. Keep in mind KDE may not have a backport.
On the other hand as some people have already told you. That vulnerability has been fixed in the version of kde triskel ships.
I am seeing this seems not fixed last comment right ?
kconfig (5.44.0-0ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
- debian/patches/CVE-2019-14744.diff: removes the affected feature as
currently 'unused'.
- CVE-2019-14744
-- Rik Mills <name at domain> Fri, 09 Aug 2019 08:24:44 +0100
kconfig (5.44.0-0ubuntu1) bionic; urgency=medium
* New upstream release (5.44.0)
-- Rik Mills <name at domain> Mon, 12 Mar 2018 19:56:32 +0000
kconfig (5.43.0-0ubuntu1) bionic; urgency=medium
* New upstream release (5.43.0)
-- Rik Mills <name at domain> Sun, 11 Feb 2018 11:14:14 +0000
kconfig (5.42.0-0ubuntu1) bionic; urgency=medium
:
As you can see in the changelog entry,
* SECURITY UPDATE: malicious .desktop files (and others) would execute
code (LP: #1839432).
This indicates that the vulnerability has been fixed. No need to install backports. Your system is not vulnerable.
- Inicie sesión o regístrese para enviar comentarios