> The KDE Project is not aware of any existing exploits of these > vulnerabilities
I'd like to stress out that, due to the nature of these vulnerabilities, exploitation can be very easy and "basic". Security-enhanced kernels (preventing buffer overflows and format string attacks) will not help. A bit like most MS Internet Explorer bugs BTW... ;-) After I found out some of these problems, the KDE Security Team has done a good job in finding and fixing all the potentially vulnerable instances of code. This is a major fix, so consider upgrading soon ! Fozzy The Hackademy Audit http://www.thehackademy.net/audit.php (french)
