Skip to content

KDE 3.0.3 Info Page

KDE 3.0.3 was released on August 19th, 2002. Read the official announcement.

This page will be updated to reflect changes in the status of 3.0.3 release so check back for new information.

FAQ

See the KDE FAQ for any specific questions you may have. Questions about Konqueror should be directed to the Konqueror FAQ and sound related questions are answered in the FAQ of the aRts Project

Download and Installation

Source code

LocationSizeMD5 Sum
arts-1.0.3997kBdba1c36a3e8bad05ccda981ef00fcb99
kde-i18n-3.0.393MB4e0da12a8cfd78f0fd2935b93bdf78d1
kdeaddons-3.0.3901kB05b29f1c944fa57dfcbf214563ed2006
kdeadmin-3.0.31.3MB90141493c24bc3c9c424cb1b83c32a62
kdeartwork-3.0.311MB7c368d16dc0a933e649cb7f7c12f7a84
kdebase-3.0.313MBa1c6cb06468608318c5e59e362773360
kdebindings-3.0.34.9MBb641cbc106e221ab9a071bcc9e06b14b
kdeedu-3.0.38.7MB44917139bc3d4199df080509de8f4207
kdegames-3.0.37.0MB906b5c4ecb808b853d1e5ea7a337a208
kdegraphics-3.0.32.6MB9c3b99cec43dccd3957158ee32573da1
kdelibs-3.0.37.3MBf26acfafbd3a00451b6e344a7d75386d
kdemultimedia-3.0.35.6MBf191cc8476fb67fd1ca0c240f620d2b1
kdenetwork-3.0.33.7MB11262498861b445190ad6d66eb3d7193
kdepim-3.0.33.1MB1cf00b8d2c4742e79569c2c43142a3e3
kdesdk-3.0.31.8MBf7a7ae3118849636b123ebf813863e19
kdetoys-3.0.31.4MB99a0c42d4ed0a677f9bc0d8230203c6a
kdeutils-3.0.31.5MBe2b492fb02f51a6e807be724e56dfc12

The translation package has been split into individual language packages so you can download only the translations you need.

Binary packages

Binary packages can be found under http://download.kde.org/stable/3.0.3/ or in the equivalent directory at one of the KDE FTP mirrors.

The current list of available binary packages:

Several users have contributed packages for this release. You can find them in the contrib subdir of the KDE 3.0.3 download area.

Additional binary packages might become available in the coming weeks, as well as updates to the current packages.

Updates

Security Issues

Please report possible problems to security@kde.org.

  • Konqueror fails to correctly initialize the site domains for sub-(i)frames and may as a result allow access to forein cookies.

    It is strongly recommended to upgrade at least kdelibs to KDE 3.0.3a in which this bug is fixed.

    A patch is also available for download to address this particular problem.

  • Several buffer overflows have been found in code KGhostview shared from other postscript viewers. Read the detailed advisory. Update to KDE 3.0.4 is recommended.

    A patch is also available for download to address this particular problem.

  • A path traversal exploit has been found in kpf. Read the detailed advisory. Update to KDE 3.0.4 is recommended.

    A patch is also available for download to address this particular problem.

  • Several vulnerabilites have been found in LISa/resLISa and the rlan:// protocol, including the possibility to escalate the privileges to root via a remote attack. See the detailed advisory for an explanation and instructions for immediate workaround. A patch is available for download. The use of LISa/resLISa is strongly discouraged in any security relevant area. Never make it available outside your local, trusted network.
  • the rlogin protocol implementation in KIO allows remote command execution. See the detailed advisory for an explanation and instructions for immediate workaround. A patch is available for download.
  • Several shell escaping vulnerabilities have been found throughout KDE which allow a remote attacker to execute commands as the local user. Read the detailed advisory. It is strongly recommended to update to KDE 3.0.5a.

  • Several problems with KDE's use of Ghostscript where discovered that allow the execution of arbitrary commands contained in PostScript (PS) or PDF files with the privileges of the victim. Read the detailed advisory. It is strongly recommended to update to KDE 3.0.5b
  • A HTTP authentication credentials leak via the a "Referrer" was discovered by George Staikos in Konqueror. If the HTTP authentication credentials were part of the URL they would be possibly sent in the referer header to a 3rd party web site. Read the detailed advisory. KDE 3.1.3 and newer are not vulnerable.

Bugs

This is a list of grave bugs and common pitfalls surfacing after the release date:

  • currently none known.

Developer Info

If you need help porting your application to KDE 3.x see the porting guide or subscribe to the KDE Devel Mailinglist to ask specific questions about porting your applications.

There is also info on the architecture and the programming interface of KDE 3.0.