DONATE (Why?)
paypal

KDE 3.3 Info Page

KDE 3.3 was released on August 19th, 2004. Read the official announcement.

This page is no longer maintained. Currently, only KDE 4.2.0 and newer are maintained. Please have a look at the KDE 4.4.0 Info Page instead.

Security Issues

Please report possible problems to security@kde.org.

Patches for the issues mentioned below are available from ftp://ftp.kde.org/pub/kde/security_patches unless stated otherwise.

  • KPDF contains multiple integer overflow and integer arithmetic flaws that may make it possible to execute arbitrary code on the client machine via remotely supplied PDF files.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.1 are affected.
  • KDE may unexpectedly expose user provided passwords in certain cases, especially passwords for SMB shares.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • KFax contains several vulnerabilities that may cause specially crafted fax files to trigger buffer overflows and execute arbitrary code.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.1 are affected.
    No source patches are available for this problem, users are advised to either remove KFax or to upgrade to KDE 3.3.2.
  • The Konqueror webbrowser allows websites to load webpages into a window or tab currently used by another website.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.1 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • ftp kioslave contains a vulnerability which allows to inject arbitrary ftp or smtp commands.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • fliccd of kdeedu/kstars/indi contains multiple buffer overflow vulnerabilites.
    Read the detailed advisory. All versions of KDE 3.3 up to and including KDE 3.3.2 are affected.
  • A local user can lock up the dcopserver of arbitrary other users on the same machine by stalling the DCOP authentication process.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • International Domain Name (IDN) support in Konqueror/KDE makes KDE vulnerable to a phishing technique known as a Homograph attack.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • The dcopidlng script is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. This only affects users who compile KDE or KDE applications themselves.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.3.2 are affected.
  • The kdewebdev tool Kommander is vulnerable to unconfirmed execution of code from untrusted locations.
    Read the detailed advisory. All versions of KDE between KDE 3.2 and KDE 3.4.0 are affected.
  • KImgio, the KDE image loader plugins, are vulnerable to several input validation errors, possibly allowing to execute arbitrary code.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.4.0 are affected.
  • The Kate KPart (used by the applications kate and kwrite, possibly others) generates a backup file with default permissions upon saving. Depending on the setup, this could cause file content leak to local and remote (due to network transparency) users.
    Read the detailed advisory. KDE 3.2.x up to including KDE 3.4.0 are affected.
  • The Gadu-Gadu protocol handler of Kopete 3.3 and above contains a copy of libgadu, that is used if there is no system installed libgadu library. Multiple integer overflow vulnerabilities have been found in libgadu.
    Read the detailed advisory. KDE 3.3.x up to including KDE 3.4.1 are affected.
  • The langen2kvtml script (included in kdeedu/kvoctrain) contains multiple temp file generation vulnerabilities.
    Read the detailed advisory. KDE 3.0.x up to including KDE 3.4.2 are affected.
  • The kcheckpass utility contains on certain platforms a local root vulnerability.
    Read the detailed advisory. KDE 3.2.0 up to including KDE 3.4.2 are affected.
  • kpdf contains several buffer overflows in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE up to and including KDE 3.5.0 are affected.
  • kjs contains a heap based buffer overflow when decoding certain malcrafted utf8 uri sequences.
    Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.0 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE 3.3.0 up to and including KDE 3.5.1 are affected.
  • kpdf contains a buffer overflow in its xpdf-based code which can be triggered by a specially crafted pdf file.
    Read the detailed advisory. All versions of KDE 3.3.0 up to and including KDE 3.3.2 are affected.
  • KDM contains a symlink attack vulnerability that allows a normal user to read files from other users including root.
    Read the detailed advisory. All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.2 are affected.

Bugs

This is a list of grave bugs and common pitfalls surfacing after the release date:

None so far

Please check the bug database before filing any bug reports. Also check for possible updates on this page that might describe or fix your problem.

FAQ

See the KDE FAQ for any specific questions you may have. Questions about Konqueror should be directed to the Konqueror FAQ and sound related questions are answered in the FAQ of the aRts Project

Download and Installation

Library Requirements. KDE 3.3 requires or benefits from the given list of libraries, most of which should be already installed on your system or available from your OS CD or your vendor's website.

The complete source code for KDE 3.3 is available for download:

Location Size MD5 Sum
arts-1.3.0 952kB 6a0a03c24a20c43a8e443a5484bb9fef
kdeaccessibility-3.3.0 1.6MB 17dc4ae94d0307a00e2b676818f49d63
kdeaddons-3.3.0 1.9MB 6ba019d8b3ce0811ae2c861d6819aaab
kdeadmin-3.3.0 1.9MB 7a4480c4e3b73206252397345d2055b2
kdeartwork-3.3.0 17MB 6e8ea5c980a770708ab639c49a8d5e0f
kdebase-3.3.0 19MB e8fc098ffb09fcc0a8fdc4446149a8e3
kdebindings-3.3.0 7.2MB 63f7cd3ae52397c2182527899efb4c80
kdeedu-3.3.0 21MB da972b3d4090290b6852dd50a32a2eee
kdegames-3.3.0 9.3MB bac48b11e98f7722954ec7327d36b74f
kdegraphics-3.3.0 6.6MB 7bb9843f7b03cd2716079ac83b9c9304
kde-i18n-3.3.0 176MB f1927048807146969f6497b5d789fb5d
kdelibs-3.3.0 15MB 1c208724987433fc1929d22928c1a358
kdemultimedia-3.3.0 5.6MB 2579f41004b39168da25cb4db0043f00
kdenetwork-3.3.0 7.1MB ae7d989594ec2a7c073478e4535c284b
kdepim-3.3.0 10MB 94520aeae0db2fac5da7d1ece7b575a5
kdesdk-3.3.0 4.6MB d3f02d71b7211265a89a7e499faa1b61
kdetoys-3.3.0 3.1MB 935e3e2e6d84c9fedb2f8acb8e36cdc7
kdeutils-3.3.0 2.6MB 9a3788e7ee386080b66254e515fa6e49
kdevelop-3.1.0 8.0MB a08e2792f895d4c96723edec17617567
kdewebdev-3.3.0 5.0MB e29a344f426bb9875f6e731678bc159a

The Konstruct build toolset can help you downloading and installing these tarballs.

Binary packages

Some Linux/UNIX OS vendors have kindly provided binary packages of Klassroom for some versions of their distribution, and in other cases community volunteers have done so. Some of these binary packages are available for free download from KDE's http or FTP mirrors.

At the time of this release, pre-compiled packages are available for:

Additional binary packages might become available in the coming weeks, as well as updates to the current packages.

Developer Info

If you need help porting your application to KDE 3.x see the porting guide or subscribe to the KDE Devel Mailinglist to ask specific questions about porting your applications.

There is also info on the architecture and the programming interface of KDE 3.3.

Global navigation links