DONATE (Why?)
paypal

KDE 3.3.2 Info Page

KDE 3.3.2 was released on December 8th, 2004. Read the official announcement.

This page is no longer maintained. Currently, only KDE 4.2.0 and newer are maintained. Please have a look at the KDE 4.4.0 Info Page instead.

Security Issues

Please report possible problems to security@kde.org.

Patches for the issues mentioned below are available from ftp://ftp.kde.org/pub/kde/security_patches unless stated otherwise.

  • KDE may unexpectedly expose user provided passwords in certain cases, especially passwords for SMB shares.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • The Konqueror webbrowser allows websites to load webpages into a window or tab currently used by another website.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • ftp kioslave contains a vulnerability which allows to inject arbitrary ftp or smtp commands.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • fliccd of kdeedu/kstars/indi contains multiple buffer overflow vulnerabilites.
    Read the detailed advisory. All versions of KDE 3.3 up to and including KDE 3.3.2 are affected.
  • A local user can lock up the dcopserver of arbitrary other users on the same machine by stalling the DCOP authentication process.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • International Domain Name (IDN) support in Konqueror/KDE makes KDE vulnerable to a phishing technique known as a Homograph attack.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • The dcopidlng script is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. This only affects users who compile KDE or KDE applications themselves.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • The kdewebdev tool Kommander is vulnerable to unconfirmed execution of code from untrusted locations.
    Read the detailed advisory. All versions of KDE between KDE 3.2 and KDE 3.4.0 are affected.
  • KImgio, the KDE image loader plugins, are vulnerable to several input validation errors, possibly allowing to execute arbitrary code.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.4.0 are affected.
  • The Kate KPart (used by the applications kate and kwrite, possibly others) generates a backup file with default permissions upon saving. Depending on the setup, this could cause file content leak to local and remote (due to network transparency) users.
    Read the detailed advisory. KDE 3.2.x up to including KDE 3.4.0 are affected.
  • The Gadu-Gadu protocol handler of Kopete 3.3 and above contains a copy of libgadu, that is used if there is no system installed libgadu library. Multiple integer overflow vulnerabilities have been found in libgadu.
    Read the detailed advisory. KDE 3.3.x up to including KDE 3.4.1 are affected.
  • Kpdf shares code with xpdf, which contains a vulnerability that can cause it to write a temp file with almost infinite size to $TMPDIR upon parsing malformed PDF documents. detailed advisory. All KDE versions from 3.3.1 up to and including KDE 3.4.1 are affected.
  • The langen2kvtml script (included in kdeedu/kvoctrain) contains multiple temp file generation vulnerabilities.
    Read the detailed advisory. KDE 3.0.x up to including KDE 3.4.2 are affected.
  • The kcheckpass utility contains on certain platforms a local root vulnerability.
    Read the detailed advisory. KDE 3.2.0 up to including KDE 3.4.2 are affected.
  • kpdf contains several buffer overflows in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.5.0 are affected.
  • kjs contains a heap based buffer overflow when decoding certain malcrafted utf8 uri sequences.
    Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.0 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE 3.3.0 up to and including KDE 3.5.1 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE 3.3.0 up to and including KDE 3.3.2 are affected.
  • KDM contains a symlink attack vulnerability that allows a normal user to read files from other users including root.
    Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.2 are affected.

Bugs

Please check the bug database before filing any bug reports. Also check for possible updates on this page that might describe or fix your problem.

FAQ

See the KDE FAQ for any specific questions you may have. Questions about Konqueror should be directed to the Konqueror FAQ and sound related questions are answered in the FAQ of the aRts Project

Download and Installation

Library Requirements. KDE 3.3 requires or benefits from the given list of libraries, most of which should be already installed on your system or available from your OS CD or your vendor's website.

The complete source code for KDE 3.3.2 is available for download:

Location Size MD5 Sum
arts-1.3.2 952kB a3d22f7cc5c641204a28d3f77e441a84
kdeaccessibility-3.3.2 1.6MB 2d1fc370ce1e6a58c82d4dc283ee206d
kdeaddons-3.3.2 1.9MB d1ad11def2ac30965642144ef29d738a
kdeadmin-3.3.2 1.9MB d12b12925dda1f4e6ba162e856730a5e
kdeartwork-3.3.2 17MB 9a712da253bacb87e0d4fd28cec183a1
kdebase-3.3.2 19MB edbd721a2a4970977dfe5f45d9e38923
kdebindings-3.3.2 7.3MB a8ae8e2ef4dd3680d0756adf76086d85
kdeedu-3.3.2 21MB 2ea54bb7aee669582eb0877d3c6f0b3d
kdegames-3.3.2 9.4MB 41791396e595b9fc8a84e08ae63b552d
kdegraphics-3.3.2 6.4MB 03092b8be2f7054d71895b8fd58ad26e
kde-i18n-3.3.2 187MB 20135e722cd5f94cbe4997765941b455
kdelibs-3.3.2 15MB 0473fb4c6c2cd2bc0f267cfa201f3fd8
kdemultimedia-3.3.2 5.6MB 2f393da809542dab5bf75bf7a91d1ec0
kdenetwork-3.3.2 7.1MB 652a5703b8dc937c4009e002dc3035f3
kdepim-3.3.2 10MB 73852792762c4f229e870314c51c081a
kdesdk-3.3.2 4.6MB 906bbcde1b3db2eaac8a257c8574e033
kdetoys-3.3.2 3.1MB 5d911f7f0034e71beb087fac3e8e68af
kdeutils-3.3.2 2.6MB bf50db108408da11e2f2fcacd6b46b51
kdevelop-3.1.2 8.0MB 706dfcf25f013c544220a0ca69b74846
kdewebdev-3.3.2 5.0MB 582d0f3073d5829b4ab21b03411ba697

The Konstruct build toolset can help you downloading and installing these tarballs.

Binary packages

Some Linux/UNIX OS vendors have kindly provided binary packages of KDE 3.3 for some versions of their distribution, and in other cases community volunteers have done so. Some of these binary packages are available for free download from KDE's http or FTP mirrors.

At the time of this release, pre-compiled packages are available for:

Additional binary packages might become available in the coming weeks, as well as updates to the current packages.

Developer Info

If you need help porting your application to KDE 3.x see the porting guide or subscribe to the KDE Devel Mailinglist to ask specific questions about porting your applications.

There is also info on the architecture and the programming interface of KDE 3.3.

Global navigation links