KDE 3.5.1 Info Page

KDE 3.5.1 was released on January 31st, 2006. Read the official announcement.

Security Issues

Please report possible problems to security@kde.org.

Patches for the issues mentioned below are available from ftp://ftp.kde.org/pub/kde/security_patches unless stated otherwise.

• kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
  Read the detailed advisory. All versions of KDE 3.3.0 up to and including KDE 3.5.1 are affected.
• KDM contains a symlink attack vulnerability that allows a normal user to read files from other users including root.
  Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.2 are affected.
• kpdf contains a denial of service vulnerability in xpdf based code that can cause the client to crash via a specially crafted pdf file.
  Read the detailed advisory. All versions of KDE up to and including KDE 3.5.5 are affected.
• Konqueror contains a vulnerability that allows a malicious web site to spoof the address bar entry to a different one, possibly tricking the user into believing that they actually visited a different site. Read the detailed advisory. All versions of Konqueror as included with KDE up to including KDE 3.5.7 are affected.
• KDM can be tricked into allowing a passwordless login for logins with password configured. Read the detailed advisory. Versions of KDM as included in KDE 3.3.0 up to including 3.5.7 are affected.

Bugs

This is a list of grave bugs and common pitfalls surfacing after the release was packaged:

• None known yet

Please check the bug database before filing any bug reports. Also check for possible updates on this page that might describe or fix your problem.

FAQ

See the KDE FAQ for any specific questions you may have. Questions about Konqueror should be directed to the Konqueror FAQ.

Download and Installation

Library Requirements. KDE 3.5 requires or benefits from the given list of libraries, most of which should be already installed on your system or available from your OS CD or your vendor's website.

The complete source code for KDE 3.5.1 is available for download:

The Konstruct build toolset can help you downloading and installing these tarballs.

Binary packages

Some Linux/UNIX OS vendors have kindly provided binary packages of KDE 3.5.1 for some versions of their distribution, and in other cases community volunteers have done so. Some of these binary packages are available for free download from KDE's http or FTP mirrors.

Currently pre-compiled packages are available for:

• Arch Linux :
  • Packages: ftp://ftp.archlinux.org/extra/os/i686
  • To install: pacman -S kde

• Gentoo :
  • Packages: http://packages.gentoo.org/packages/?category=kde-base
  • To install: emerge kde-meta

• KDE-RedHat (unofficial) Packages: (README)
  • All distributions: (noarch,SRPMS)
  • Red Hat 7.3: (i386)
  • Red Hat 9: (i386)
  • Red Hat Enterprise Linux 3: (i386)
  • Red Hat Enterprise Linux 4: (kde.repo), (i386)
  • Fedora Core 3: (kde.repo), (i386)
  • Fedora Core 4: (kde.repo), (i386),
• Kubuntu
  • 5.10 (Breezy) and development version (Dapper): Intel i386, AMD64 and PowerPC

• Slackware (Unofficial contribution) (README) :
  • Language packages
  • 10.2: Intel i486
  • 10.1: Intel i486

• SuSE Linux (README) :
  • Language packages (all versions and architectures)
  • 10.0: Intel i586 and AMD x86-64
  • 9.3: Intel i586 and AMD x86-64
  • 9.2: Intel i586 and AMD x86-64

Additional binary packages might become available in the coming weeks, as well as updates to the current packages.

Developer Info

If you need help porting your application to KDE 3.x see the porting guide or subscribe to the KDE Devel Mailinglist to ask specific questions about porting your applications.

There is also info on the architecture and the programming interface of KDE 3.5.