KDE 3.0.5 Info Page
KDE 3.0.5 was released on November 18th, 2002. Read the official announcement.
Download and Installation
The translation package has been split into individual language packages so you can download only the translations you need.
Binary packages have meanwhile be removed from our FTP.
Please report possible problems to firstname.lastname@example.org.
Several shell escaping vulnerabilities have been found throughout KDE which allow a remote attacker to execute commands as the local user. Read the detailed advisory. It is strongly recommended to update to KDE 3.0.5a.
- Several problems with KDE's use of Ghostscript where discovered that allow the execution of arbitrary commands contained in PostScript (PS) or PDF files with the privileges of the victim. Read the detailed advisory. It is strongly recommended to update to KDE 3.0.5b
- A HTTP authentication credentials leak via the a "Referrer" was discovered by George Staikos in Konqueror. If the HTTP authentication credentials were part of the URL they would be possibly sent in the referer header to a 3rd party web site. Read the detailed advisory. KDE 3.1.3 and newer are not vulnerable.
This is a list of grave bugs and common pitfalls surfacing after the release date:
- currently none known.