Subject: SECURITY: KDE Libraries 2.1.2 Released Date: Mon, 30 Apr 2001 13:27:46 -0700
DATELINE APRIL 30, 2001
FOR IMMEDIATE RELEASE
SECURITY: NEW KDE LIBRARIES RELEASED
kde adds security and bug fixes to core libraries
April 30, 2001 (The INTERNET)– The KDE Project
(http://www.kde.org/) today
announced the release of kdelibs 2.1.2, a security and bugfix
release of the core KDE libraries. The other core KDE packages,
including kdebase, have not been updated. The KDE Project
recommends that all KDE users upgrade to kdelibs 2.1.2 and KDE
2.1.1.
This release provides the following fixes:
- Security fixes:
- KDEsu. The KDEsu which shipped with earlier releases of KDE 2
writes a (very) temporary but world-readable file with
authentication information. A local user can potentially abuse this
behavior to gain access to the X server and, if KDEsu is used to
perform tasks that require root-access, can result in comprimise of
the root account.
- KDEsu. The KDEsu which shipped with earlier releases of KDE 2
- Bug fixes:
- kio_http. Fixed problems with “protocol for http://x.y.z died unexpectedly” and with proxy
authentication with Konqueror. - kparts. Fixed crash in KOffice 1.1 when splitting views.
- khtml. Fixed memory leak in Konqueror. Fixed minor HTML
rendering problems. - kcookiejar. Fixed minor problems with HTTP cookies.
- kconfig. Fixed problem with leading/trailing spaces in
configuration values. - kdebug. Fixed memory leak in debug output.
- klineedit. Fixed problem with klineedit emitting “return
pressed” twice.
- kio_http. Fixed problems with “protocol for http://x.y.z died unexpectedly” and with proxy
For more information about the KDE 2.1 series, please see the
KDE 2.1.1 press release (http://www.kde.org/announcements/announce-2.1.1.html)
and the KDE 2.1.1 Info Page (http://www.kde.org/info/2.1.1.html),
which is an evolving FAQ about the latest stable release.
Information on using anti-aliased fonts with KDE is available at
http://dot.kde.org/984693709/.
DOWNLOADING AND COMPILING KDELIBS 2.1.2
The source package for kdelibs 2.1.2 (including a diff file
against 2.1.1) is available for free download at
http://ftp.kde.org/stable/2.1.2/distribution/src/
or in the equivalent directory at one of the many KDE ftp server
mirrors (http://www.kde.org/mirrors.html).
KDE 2.1.2 requires qt-2.2.3, which is available from Trolltech at
ftp://ftp.trolltech.com/qt/source/
under the name qt-x11-2.2.3.tar.gz/, although
qt-2.2.4 or qt-2.3.0 is recommended (for anti-aliased fonts,
qt-2.3.0 and XFree 4.0.3 or newer is required). kdelibs 2.1.2 will
not work with versions of Qt older than 2.2.3.
For further instructions on compiling and installing KDE, please
consult the installation instructions (http://www.kde.org/install-source.html)
and, if you encounter problems, the compilation FAQ (http://www.kde.org/compilationfaq.html).
INSTALLING BINARY PACKAGES
Some distributors choose to provide binary packages of KDE for
certain versions of their distribution. Some of these binary
packages for kdelibs 2.1.2 will be available for free download
under http://ftp.kde.org/stable/2.1.2/distribution/
or under the equivalent directory at one of the many KDE ftp server
mirrors http://www.kde.org/mirrors.html).
Please note that the KDE team is not responsible for these packages
as they are provided by third parties — typically, but not always,
the distributor of the relevant distribution (if you have any
questions, please read the KDE Binary Packages Policy (http://dot.kde.org/986933826/)).
kdelibs 2.1.2 requires qt-2.2.3, the free version of which is
available from the above locations usually under the name
qt-x11-2.2.3, although qt-2.2.4 or qt-2.3.0 is recommended (for
anti-aliased fonts, qt-2.3.0 and XFree 4.0.3 or newer is required).
KDE 2.1.2 will not work with versions of Qt older than 2.2.3.
At the time of this release, pre-compiled packages are available
for:
- Caldera eDesktop 2.4: i386:
http://ftp.kde.org/stable/2.1.2/distribution/Caldera/eDesktop-2.4/ - RedHat Linux: 7.1: i386: http://ftp.kde.org/stable/2.1.2/distribution/RedHat/7.1/i386/
- SuSE Linux: README: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/README
- 7.1: i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/7.1/
Sparc: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/sparc/7.1/
PPC: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/ppc/7.1/ - 7.0: i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/7.0/
PPC: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/ppc/7.0/
S390: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/s390/ - 6.4: i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/6.4/
- 6.3: i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/6.3/
- 7.1: i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/7.1/
- Tru64 Systems: README: http://ftp.kde.org/stable/2.1.2/distribution/Tru64/README.Tru64
4.0e,f,g, or 5.x: http://ftp.kde.org/stable/2.1.2/distribution/Tru64/
Please check the servers periodically for pre-compiled packages
for other distributions. More binary packages may become available
over the coming days and weeks.