DONATE (Why?)
paypal

KDE 3.2.3 Info Page

KDE 3.2.3 was released on June 9th, 2004. Read the official announcement.

This page is no longer maintained. Currently, only KDE 4.2.0 and newer are maintained. Please have a look at the KDE 4.4.0 Info Page instead.

Security Issues

Please report possible problems to security@kde.org.

Patches for the issues mentioned below are available from ftp://ftp.kde.org/pub/kde/security_patches unless stated otherwise.

  • KDE fails to ensure the integrity of certain symlinks. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.2.3 are affected.
  • KDE's DCOPServer creates temporary files in an insecure manner. Since the temporary files are used for authentication related purposes this can potentially allow a local attacker to compromise the account of any user which runs a KDE application.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.2.3 are affected.
  • The Konqueror webbrowser allows websites to load webpages into a frame of any other frame-based webpage that the user may have open.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.2.3 are affected.
  • Konqueror allows websites to set cookies for certain country specific secondary top level domains. (Cross-domain cookie injection)
    Read the detailed advisory. All versions of KDE up to and including KDE 3.2.3 are affected.
  • KPDF contains multiple integer overflow and integer arithmetic flaws that may make it possible to execute arbitrary code on the client machine via remotely supplied PDF files.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.1 are affected.
  • KDE may unexpectedly expose user provided passwords in certain cases, especially passwords for SMB shares.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • KFax contains several vulnerabilities that may cause specially crafted fax files to trigger buffer overflows and execute arbitrary code.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.1 are affected.
    No source patches are available for this problem, users are advised to either remove KFax or to upgrade to KDE 3.3.2.
  • The Konqueror webbrowser allows websites to load webpages into a window or tab currently used by another website.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.1 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • ftp kioslave contains a vulnerability which allows to inject arbitrary ftp or smtp commands.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • A local user can lock up the dcopserver of arbitrary other users on the same machine by stalling the DCOP authentication process.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • International Domain Name (IDN) support in Konqueror/KDE makes KDE vulnerable to a phishing technique known as a Homograph attack.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • The dcopidlng script is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. This only affects users who compile KDE or KDE applications themselves.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • The Kate KPart (used by the applications kate and kwrite, possibly others) generates a backup file with default permissions upon saving. Depending on the setup, this could cause file content leak to local and remote (due to network transparency) users.
    Read the detailed advisory. KDE 3.2.x up to including KDE 3.4.0 are affected.
  • The Gadu-Gadu protocol handler of Kopete 3.3 and above contains a copy of libgadu, that is used if there is no system installed libgadu library. Multiple integer overflow vulnerabilities have been found in libgadu.
    Read the detailed advisory. KDE 3.2.3 up to including KDE 3.4.1 are affected.
  • The langen2kvtml script (included in kdeedu/kvoctrain) contains multiple temp file generation vulnerabilities.
    Read the detailed advisory. KDE 3.0.x up to including KDE 3.4.2 are affected.
  • The kcheckpass utility contains on certain platforms a local root vulnerability.
    Read the detailed advisory. KDE 3.2.0 up to including KDE 3.4.2 are affected.
  • kpdf contains several buffer overflows in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.5.0 are affected.
  • kjs contains a heap based buffer overflow when decoding certain malcrafted utf8 uri sequences.
    Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.0 are affected.
  • KDM contains a symlink attack vulnerability that allows a normal user to read files from other users including root.
    Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.2 are affected.

Bugs

This is a list of grave bugs and common pitfalls surfacing after the release date:

Please check the bug database before filing any bug reports. Also check for possible updates on this page that might describe or fix your problem.

FAQ

See the KDE FAQ for any specific questions you may have. Questions about Konqueror should be directed to the Konqueror FAQ and sound related questions are answered in the FAQ of the aRts Project

Download and Installation

Library Requirements. KDE 3.2 requires or benefits from the given list of libraries, most of which should be already installed on your system or available from your OS CD or your vendor's website.

The complete source code for KDE 3.2.3 is available for download:

Location Size MD5 Sum
arts-1.2.3 948kB fca8a9ec7538c4fe8e4c79767bb2a7e8
kdeaccessibility-3.2.3 1.6MB 18a949124ff7f5ba8c7e7d107d8ec794
kdeaddons-3.2.3 1.7MB 5997388ff74ed1c95dd07c778d66fdae
kdeadmin-3.2.3 1.9MB 52cac3afb5ae527f7d65cdd27937ecf4
kdeartwork-3.2.3 16MB 86bc54962ffee206fda15acfd228d52c
kdebase-3.2.3 17MB fd05a338d155610856b06988d8dff117
kdebindings-3.2.3 11MB fca460d7331208ae2fd89f44350a0c25
kdeedu-3.2.3 21MB 1c41b731f26269fdb39f2c097a95dd9a
kdegames-3.2.3 9.1MB 801b257188acca5e525a997bd03f1234
kdegraphics-3.2.3 5.9MB af7092f2afc5a8565eb5017ecee6b67e
kde-i18n-3.2.3 148MB 7a2ff8e848b6347e41e450f5aaaf75a3
kdelibs-3.2.3 12MB d9d1c4bd2016a96f156b491ca908dc16
kdemultimedia-3.2.3 5.1MB f49a1cf9c5d405aed791808b4bbf035d
kdenetwork-3.2.3 6.4MB a58915e964d8f6ec87c76acaab9f8929
kdepim-3.2.3 7.8MB 06d3e5d1ee0cd7f2a55bd26d05ee4987
kdesdk-3.2.3 4.2MB 82808f2780ae970fb38d44512ff9e2f3
kdetoys-3.2.3 2.7MB 22bb5193eaaea38a7eb9a16d935af20f
kdeutils-3.2.3 2.8MB 3a98f8a0a6f4582e03d4503708cb218a
kdevelop-3.0.4 6.1MB c4a84b34927e6f1c7fb2bfb9a74b5b34
quanta-3.2.3 3.8MB 7a0718b0fe1b4e833f0a9fff9987368a

The Konstruct build toolset can help you downloading and installing these tarballs.

Binary packages

Some Linux/UNIX OS vendors have kindly provided binary packages of KDE 3.2 for some versions of their distribution, and in other cases community volunteers have done so. Some of these binary packages are available for free download from KDE's http or FTP mirrors.

At the time of this release, pre-compiled packages are available for:

Additional binary packages might become available in the coming weeks, as well as updates to the current packages.

Developer Info

If you need help porting your application to KDE 3.x see the porting guide or subscribe to the KDE Devel Mailinglist to ask specific questions about porting your applications.

There is also info on the architecture and the programming interface of KDE 3.2.

Global navigation links