14 DAY TRIAL // A few moments ago, KDE Neon project leader and long-time KDE developer Jonathan Riddell published a security advisory to inform users of the KDE Neon GNU/Linux distribution about an insecure package archive.
According to the security advisory, it would appear that the package archive of the KDE Neon operating system was misconfigured in such a way that it could allow anyone to upload any package to it. Most probably, no one uploaded any package there, but just in case, the maintainers have emptied the archives and removed all the ISO images.
"Anyone discovering the insecure archive server could have uploaded packages to it which would be installed and run on computers running KDE neon. We do not believe this has happened but would welcome reports of any problems," said Jonathan Riddell. "This does not impact KDE software distributed by any other means."
KDE Neon users are urged to upgrade their systems to the latest packages
The issue was fixed and, at the moment of writing this article, the KDE Neon package archives are being rebuilt, and new ISO images will be re-generated shortly. As such, users of the GNU/Linux distribution are being urged to upgrade their installations to the latest packages as soon as the software repositories are up and running.
When upgrading your KDE Neon installation, please note that the new packages have larger version numbers then what you currently have installed on your PC. However, if you have any doubts about the safety of your personal computer, the KDE Neon maintainers recommend that you reinstall the GNU/Linux distro using a new ISO image.
The latest KDE Neon User Edition and KDE Neon Developer Edition ISO images will soon be available for download from the distribution's website. If you have any questions, you can contact the developers using the email address provided in the security advisory.
KDE Project Security Advisory: KDE neon: insecure package archive https://t.co/nW2gETS902 @KdeNeon — KDE Community (@kdecommunity) November 14, 2016