DONATE (Why?)
paypal

KDE 3.0.2 Info Page

KDE 3.0.2 was released on July 2nd, 2002. Read the official announcement.

This page will be updated to reflect changes in the status of 3.0.2 release so check back for new information.

This page is no longer maintained. Currently, only KDE 4.2.0 and newer are maintained. Please have a look at the KDE 4.4.0 Info Page instead.

FAQ

See the KDE FAQ for any specific questions you may have. Questions about Konqueror should be directed to the Konqueror FAQ and sound related questions are answered in the FAQ of the aRts Project

Download and Installation

Source code
Location Size MD5 Sum
arts-1.0.2 996kB ede77b629aa05547f68b36c6682493dc
kdeaddons-3.0.2 900kB cdde5fddbf8a5d964ae3ba51bdf554cf
kdeadmin-3.0.2 1.3MB a96f1c1520f65aa4f1add53e61650a83
kdeartwork-3.0.2 11MB 340736f1de329a0089d2125c1a1306f0
kdebase-3.0.2 13MB db63f6cdb586b64ffe666be2badec940
kdebindings-3.0.2 4.9MB f31788015b96a72095462a96bbe3fa6a
kdeedu-3.0.2 8.7MB 0c7950ada06e11ac4e62c7105aeca32c
kdegames-3.0.2 7.0MB f0f9878697e843eb83d5b5c66524bff3
kdegraphics-3.0.2 2.6MB 95d2678e84886cdcc6183fd93ea7dec7
kdelibs-3.0.2 7.3MB 0ad90a338aed63e54d073f511a99f0f2
kdemultimedia-3.0.2 5.6MB b794f63425e5584a4de1a0f7e07d9ff7
kdenetwork-3.0.2 3.7MB 5407d4b315c522ab88ffe55c5ff6a155
kdepim-3.0.2 3.1MB 84f531b8e4c201d8a048eedd274a4d2d
kdesdk-3.0.2 1.8MB b453200b29d8ea22c5cec966f61ea5fc
kdetoys-3.0.2 1.4MB 5eaef60dc78de9eda008d15565dd4fba
kdeutils-3.0.2 1.5MB 285a7efd9e3379e823bf36ca4c839b5e
kdevelop-2.1.2_for_KDE_2.2 3.2MB 99a180301f5c9c68cd60acd60789e21d
kdevelop-2.1.2_for_KDE_3.0 3.3MB b644aec61fedd8af5ef2305a09d1e2df
kde-i18n-3.0.292MBf82ee49f4f2269c0548a97c934b73a3a

These source packages have been digitally signed with GnuPG using the KDE Archives PGP Key (available from the KDE Signature page or public key servers).

The translation package has been split into individual language packages so you can download only the translations you need.

Binary packages

Binary packages have meanwhile be removed from FTP.

Updates

Security Issues

  • Konqueror fails to correctly initialize the site domains for sub-(i)frames and may as a result allow access to forein cookies.

    It is strongly recommended to upgrade at least kdelibs to KDE 3.0.3a in which this bug is fixed.

    A patch is also available for download to address this particular problem.

  • KDE's SSL implementation fails to check the basic constraints on certificates and as a result may accept certificates as valid that were signed by an issuer who was not authorized to do so.

  • Konqueror fails to detect the "secure" flag in HTTP cookies and as a result may send secure cookies back to the originating site over an unencrypted network connection.

    It is strongly recommended to upgrade at least kdelibs to KDE 3.0.3 in which this bug is fixed.

    A patch is also available for download to address this particular problem.

  • KDE's SSL implementation fails to check the basic constraints on certificates and as a result may accept certificates as valid that were signed by an issuer who was not authorized to do so.

    Due to this, users of Konqueror and other SSL enabled KDE software may fall victim to a malicious man-in-the-middle attack without noticing. In such case the user will be under the impression that there is a secure connection with a trusted site while in fact a different site has been connected to.

    It is strongly recommended to upgrade at least kdelibs to KDE 3.0.3 in which this bug is fixed.

  • A Denial of Service vulnerability has been found in the aRts soundserver. All versions of KDE 2.2.x and KDE 3.0.x are affected. If you allow untrusted users to login, it is recommended to remove the sUID bit of the artswrapper application. To achieve this, please run the following command in the directory artswrapper is installed in:
      chmod u-s artswrapper
    
  • Several buffer overflows have been found in code KGhostview shared from other postscript viewers. Read the detailed advisory. Update to KDE 3.0.4 is recommended.

    A patch is also available for download to address this particular problem.

  • A path traversal exploit has been found in kpf. Read the detailed advisory. Update to KDE 3.0.4 is recommended.

    A patch is also available for download to address this particular problem.

  • Several vulnerabilites have been found in LISa/resLISa and the rlan:// protocol, including the possibility to escalate the privileges to root via a remote attack. See the detailed advisory for an explanation and instructions for immediate workaround. A patch is available for download. The use of LISa/resLISa is strongly discouraged in any security relevant area. Never make it available outside your local, trusted network.
  • the rlogin protocol implementation in KIO allows remote command execution. See the detailed advisory for an explanation and instructions for immediate workaround. A patch is available for download.
  • Several shell escaping vulnerabilities have been found throughout KDE which allow a remote attacker to execute commands as the local user. Read the detailed advisory. It is strongly recommended to update to KDE 3.0.5a.

  • Several problems with KDE's use of Ghostscript where discovered that allow the execution of arbitrary commands contained in PostScript (PS) or PDF files with the privileges of the victim. Read the detailed advisory. It is strongly recommended to update to KDE 3.0.5b
  • A HTTP authentication credentials leak via the a "Referrer" was discovered by George Staikos in Konqueror. If the HTTP authentication credentials were part of the URL they would be possibly sent in the referer header to a 3rd party web site. Read the detailed advisory. KDE 3.1.3 and newer are not vulnerable.

Bugs

This is a list of grave bugs and common pitfalls surfacing after the release date:

  • URL handling has a regression which breaks handling of files/URLs with non-ascii characters in them. (Fixed for KDE 3.0.3)

Please check the bug database before filing any bug reports. Also check for possible updates on this pag that might describe or fix your problem.

Developer Info

If you need help porting your application to KDE 3.x see the porting guide or subscribe to the KDE Devel Mailinglist to ask specific questions about porting your applications.

There is also info on the architecture and the programming interface of KDE 3.0.

Global navigation links