KDE 3.4 Info Page

KDE 3.4 was released on March 16th, 2005. Read the official announcement.

Security Issues

Please report possible problems to security@kde.org.

Patches for the issues mentioned below are available from ftp://ftp.kde.org/pub/kde/security_patches unless stated otherwise.

  • The kdewebdev tool Kommander is vulnerable to unconfirmed execution of code from untrusted locations.
    Read the detailed advisory. All versions of KDE between KDE 3.2 and KDE 3.4.0 are affected.
  • KImgio, the KDE image loader plugins, are vulnerable to several input validation errors, possibly allowing to execute arbitrary code.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.4.0 are affected.
  • The Kate KPart (used by the applications kate and kwrite, possibly others) generates a backup file with default permissions upon saving. Depending on the setup, this could cause file content leak to local and remote (due to network transparency) users.
    Read the detailed advisory. KDE 3.2.x up to including KDE 3.4.0 are affected.
  • The Gadu-Gadu protocol handler of Kopete 3.3 and above contains a copy of libgadu, that is used if there is no system installed libgadu library. Multiple integer overflow vulnerabilities have been found in libgadu.
    Read the detailed advisory. KDE 3.3.x up to including KDE 3.4.1 are affected.
  • Kpdf shares code with xpdf, which contains a vulnerability that can cause it to write a temp file with almost infinite size to $TMPDIR upon parsing malformed PDF documents. detailed advisory. All KDE versions from 3.3.1 up to and including KDE 3.4.1 are affected.
  • The langen2kvtml script (included in kdeedu/kvoctrain) contains multiple temp file generation vulnerabilities.
    Read the detailed advisory. KDE 3.0.x up to including KDE 3.4.2 are affected.
  • The kcheckpass utility contains on certain platforms a local root vulnerability.
    Read the detailed advisory. KDE 3.2.0 up to including KDE 3.4.2 are affected.
  • kpdf contains several buffer overflows in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.5.0 are affected.
  • kjs contains a heap based buffer overflow when decoding certain malcrafted utf8 uri sequences.
    Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.0 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE 3.3.0 up to and including KDE 3.5.1 are affected.
  • KDM contains a symlink attack vulnerability that allows a normal user to read files from other users including root.
    Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.2 are affected.
  • kpdf contains a denial of service vulnerability in xpdf based code that can cause the client to crash via a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.5.5 are affected.

Bugs

This is a list of grave bugs and common pitfalls surfacing after the release date:

  • A severe bug was found in the groupware support of kontact/kmail, which was too late for the KDE 3.4 release. Get kdepim-fix-imap-resource-type.diff (md5 sum: 1ec4778f0dbac85bc27bc2c2541e5c64) applied to the sources before you're using the groupware wizard.

Please check the bug database before filing any bug reports. Also check for possible updates on this page that might describe or fix your problem.

FAQ

See the KDE FAQ for any specific questions you may have. Questions about Konqueror should be directed to the Konqueror FAQ

Download and Installation

Library Requirements. KDE 3.4 requires or benefits from the given list of libraries, most of which should be already installed on your system or available from your OS CD or your vendor's website.

The complete source code for KDE 3.4 is available for download:

LocationSizeMD5 Sum
arts-1.4.0979kBa155bb00f56c71bc475890249e2dcaa9
kdeaccessibility-3.4.06.8MB274bd9335219f0fefb6fdc4a17891cf7
kdeaddons-3.4.01.5MB5a0d82ee1bbaeec8dab74b2e5e604f94
kdeadmin-3.4.01.4MBd1db9fac4faca194cbda1e8189453363
kdeartwork-3.4.017MB89df94d9e6c63887e5a66312b6514d0d
kdebase-3.4.021MBc88659e558ca98dc45377bf8ddfc26c9
kdebindings-3.4.06.8MBbac87a665ce5e5704f48336122052fb4
kdeedu-3.4.022MBc2aab0c4f6439abb6c0eb09413b6532c
kdegames-3.4.09.0MBab144b71caeda34579817b01855ec287
kdegraphics-3.4.06.3MB5a0a32e314422e2ce051290c08390367
kde-i18n-3.4.0249MB14359b7a14d507b3f9e8302b46031aa2
kdelibs-3.4.016MBe5961a78b44a3005a7af6ada249e5888
kdemultimedia-3.4.05.3MB4e42790bbea7c4ac0c436da3c7c664ac
kdenetwork-3.4.06.9MB47a8d21ce486426caf56bf6129ce993f
kdepim-3.4.010MB7f8cc9a40c0190c5a6723f6325bcba06
kdesdk-3.4.04.3MB5b88692972e65c5e7d3aafc6400bea2c
kdetoys-3.4.03.0MBaad06c1e9cc8909bba4db4f3a746f666
kdeutils-3.4.02.2MBcb7e5402eedaca816e210d460e22e53a
kdevelop-3.2.07.9MB37352d6f5496849d5704e1503ab0273a
kdewebdev-3.4.05.9MBa131b9a14c5da402417b43ed8bc61df1

The Konstruct build toolset can help you downloading and installing these tarballs.

Binary packages

Some Linux/UNIX OS vendors have kindly provided binary packages of KDE 3.4 for some versions of their distribution, and in other cases community volunteers have done so. Some of these binary packages are available for free download from KDE's http or FTP mirrors.

At the time of this release, pre-compiled packages are available for:

Additional binary packages might become available in the coming weeks, as well as updates to the current packages.

Developer Info

If you need help porting your application to KDE 3.x see the porting guide or subscribe to the KDE Devel Mailinglist to ask specific questions about porting your applications.

There is also info on the architecture and the programming interface of KDE 3.4.