KDE 3.4 Release Candidate has been released
KNetworkConf 0.6.1 has been released
ooo-build-1.9.78.2 has been released
knoda 0.7.3-test2 has been released
OSNews has published a KDE 3.4 Beta 2 preview
Yzis M3 has been released
KDE Security Advisory: Buffer overflow in fliccd of kdeedu/kstars/indi
Original Release Date: 2005-02-15
URL: http://www.kde.org/info/security/advisory-20050215-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011
1. Systems affected:
KDE 3.3 up to including KDE 3.3.2.
Original Release Date: 2005-02-15
URL: http://www.kde.org/info/security/advisory-20050215-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0011
1. Systems affected:
KDE 3.3 up to including KDE 3.3.2.
Rosegarden-4 1.0 has been released
amaroK 1.2 has been released
OSDir has posted a screenshot slideshow of KDE 3.4 Beta 2
OpenOffice.org build 1.9.78 has been released
KDE 3.4 Beta 2 has been released
February 9, 2005 (The Internet) - The KDE Project is pleased to announce the immediate availability of KDE 3.4 Beta 2, dubbed "Keinstein".
February 9, 2005 (The Internet) - The KDE Project is pleased to announce the immediate availability of KDE 3.4 Beta 2, dubbed "Keinstein".
KipiPlugins-0.1.0-beta2 and libkipi-0.1.1 are available
digiKam 0.7.2-beta1 is out
DigikamImagePlugins 0.7.2-beta1 has been released
Version 1.2-beta4 of the amaroK audio player has been released
KDE Security Advisory: Multiple vulnerabilities in Konversation
Original Release Date: 20050121
URL: http://www.kde.org/info/security/advisory-20050121-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0131
http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html
1. Systems affected:
All Konversation versions up to and including 0.15
Original Release Date: 20050121
URL: http://www.kde.org/info/security/advisory-20050121-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0131
http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html
1. Systems affected:
All Konversation versions up to and including 0.15
KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Original Release Date: 2005-01-20
URL: http://www.kde.org/info/security/advisory-20050120-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
1. Systems affected:
KOffice 1.3 up to including KOffice 1.3.5
2. Overview:
The KOffice PDF Import Filter shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
Original Release Date: 2005-01-20
URL: http://www.kde.org/info/security/advisory-20050120-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
1. Systems affected:
KOffice 1.3 up to including KOffice 1.3.5
2. Overview:
The KOffice PDF Import Filter shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
KDE Security Advisory: kpdf Buffer Overflow Vulnerability
Original Release Date: 2005-01-19
URL: http://www.kde.org/info/security/advisory-20050119-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
1. Systems affected:
KDE 3.2 up to including KDE 3.2.3.
KDE 3.3 up to including KDE 3.3.2.
Original Release Date: 2005-01-19
URL: http://www.kde.org/info/security/advisory-20050119-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
1. Systems affected:
KDE 3.2 up to including KDE 3.2.3.
KDE 3.3 up to including KDE 3.3.2.
The third release in the 1.3 series of the KDE Disk archiver (KDar) has been released
KDE 3.4 Beta 1 has been released
KDE Security Advisory: ftp kioslave command injection
Original Release Date: 2005-01-01
URL: http://www.kde.org/info/security/advisory-20050101-1.txt
0. References
http://www.securityfocus.com/bid/11827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165
1. Systems affected:
All KDE releases up to including KDE 3.3.2.
2. Overview:
KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp://URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session.
Due to similiarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email.
Original Release Date: 2005-01-01
URL: http://www.kde.org/info/security/advisory-20050101-1.txt
0. References
http://www.securityfocus.com/bid/11827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165
1. Systems affected:
All KDE releases up to including KDE 3.3.2.
2. Overview:
KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp://URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session.
Due to similiarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email.
KPlayer 0.5.3 has been released
amaroK 1.2-beta3 has been released
Knotebook, a KDE applet for notebooks, has been released
KDE Security Advisory: ftp kioslave command injection
Original Release Date: 2005-01-01
URL: http://www.kde.org/info/security/advisory-20050101-1.txt
0. References
http://www.securityfocus.com/bid/11827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165
1. Systems affected:
All KDE releases up to including KDE 3.3.2.
Original Release Date: 2005-01-01
URL: http://www.kde.org/info/security/advisory-20050101-1.txt
0. References
http://www.securityfocus.com/bid/11827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165
1. Systems affected:
All KDE releases up to including KDE 3.3.2.
DigikamImagePlugins 0.7.1 is out
KDE Security Advisory: kpdf integer overflows
Original Release Date: 2004-10-21
URL: http://www.kde.org/info/security/advisory-20041021-1.txt
Chris Evans notified the KDE security team about multiple integer overflow and integer arithmetic flaws in xpdf 3.0. These flaws, if exploited, can cause xpdf (and therefore kpdf) to hang using 100% CPU, crash the viewer or corrupt the program heaproblem:
Chris Evans notified the KDE security team about multiple integer overflow and integer arithmetic flaws in xpdf 3.0. These flaws, if exploited, can cause xpdf (and therefore kpdf) to hang using 100% CPU, crash the viewer or corrupt the program heap.
Original Release Date: 2004-10-21
URL: http://www.kde.org/info/security/advisory-20041021-1.txt
Chris Evans notified the KDE security team about multiple integer overflow and integer arithmetic flaws in xpdf 3.0. These flaws, if exploited, can cause xpdf (and therefore kpdf) to hang using 100% CPU, crash the viewer or corrupt the program heaproblem:
Chris Evans notified the KDE security team about multiple integer overflow and integer arithmetic flaws in xpdf 3.0. These flaws, if exploited, can cause xpdf (and therefore kpdf) to hang using 100% CPU, crash the viewer or corrupt the program heap.
Digikam 0.7.1 beta1 has been released
Rekall version 2.2.3 (the latest stable release) and version 2.3.2 (development) are now available
ROSEGARDEN 1.0pre1 has been released
KTTS 0.2.0 has been released
KolourPaint 1.2.2 has been released
KDE 3.3.2 has been released
The second release in the 1.3 series of the KDE Disk archiver (KDar) is now available
Vversion 1.2-beta1 of the amaroK audio player has been released
Kst 1.0.0 has been reeleased
KOffice 1.3.5 has been released
A new test version of knoda is available
digikam 0.7 has been released
digiKam-0.7-rc1 has been released
A kpdf security update has been released
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889
CESA-2004-002 - rev 1
CESA-2004-007 - rev 1
1. Systems affected:
All KDE 3.2.x releases, KDE 3.3.0 and KDE 3.3.1.
2. Overview:
Chris Evans notified the KDE security team about multiple integer overflow and integer arithmetic flaws in xpdf 3.0.
These flaws, if exploited, can cause xpdf (and therefore kpdf) to hang using 100% CPU, crash the viewer or corrupt the program heap. It might be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project assigned CAN-2004-0889 to this issue.
kpdf, the KDE pdf viewer, shares code with xpdf 2.02. This code is significantly different from the xpdf 3.0 codebase, but is also affected by similiar issues. Sebastian Krahmer from the SUSE security team developed a patch that corrects integer overflows in the XRef code. This patch is made available below for kpdf as shipped in the KDE 3.2.x releases. The Common Vulnerabilities and Exposures project assigned CAN-2004-0888 to this issue.
KDE 3.3.1 contains a kpdf based on xpdf 3.0. We're providing a patch to fix the remaining integer overflows in this code base.
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0889
CESA-2004-002 - rev 1
CESA-2004-007 - rev 1
1. Systems affected:
All KDE 3.2.x releases, KDE 3.3.0 and KDE 3.3.1.
2. Overview:
Chris Evans notified the KDE security team about multiple integer overflow and integer arithmetic flaws in xpdf 3.0.
These flaws, if exploited, can cause xpdf (and therefore kpdf) to hang using 100% CPU, crash the viewer or corrupt the program heap. It might be possible to execute arbitrary code. The Common Vulnerabilities and Exposures project assigned CAN-2004-0889 to this issue.
kpdf, the KDE pdf viewer, shares code with xpdf 2.02. This code is significantly different from the xpdf 3.0 codebase, but is also affected by similiar issues. Sebastian Krahmer from the SUSE security team developed a patch that corrects integer overflows in the XRef code. This patch is made available below for kpdf as shipped in the KDE 3.2.x releases. The Common Vulnerabilities and Exposures project assigned CAN-2004-0888 to this issue.
KDE 3.3.1 contains a kpdf based on xpdf 3.0. We're providing a patch to fix the remaining integer overflows in this code base.
Knoda 0.7.2-test2 has been released
Version 1.7 of Kile 1.7, an Integrated LaTeX Environment for KDE, is available for download
The first beta release of digiKam Image Editor Plugins 0.7.0 has been released
The first beta release of digiKam 0.7 has been released
KDE 3.3.1 has been released. Here the full press release:
October 12, 2004 (The INTERNET). The KDE Project today announced the immediate availability of KDE 3.3.1, a maintenance release for the latest generation of the most advanced and powerful free desktop for GNU/Linux and other UNIXes. KDE 3.3.1 ships with a basic desktop and eighteen other packages (PIM, administration, network, edutainment, utilities, multimedia, games, artwork, web development and more). KDE's award-winning tools and applications are available in 50 languages.
KDE, including all its libraries and its applications, is available for free under Open Source licenses. KDE can be obtained in source and numerous binary formats from http://download.kde.org and can also be obtained on CD-ROM or with any of the major GNU/Linux - UNIX systems shipping today.
October 12, 2004 (The INTERNET). The KDE Project today announced the immediate availability of KDE 3.3.1, a maintenance release for the latest generation of the most advanced and powerful free desktop for GNU/Linux and other UNIXes. KDE 3.3.1 ships with a basic desktop and eighteen other packages (PIM, administration, network, edutainment, utilities, multimedia, games, artwork, web development and more). KDE's award-winning tools and applications are available in 50 languages.
KDE, including all its libraries and its applications, is available for free under Open Source licenses. KDE can be obtained in source and numerous binary formats from http://download.kde.org and can also be obtained on CD-ROM or with any of the major GNU/Linux - UNIX systems shipping today.
Version 1.1.1 of the amaroK audio player
Atlantik 0.7.1 has been released
KPlayer 0.5.2 has been released
