[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: SECURITY: KDE Libraries 2.1.2 Released
From: Waldo Bastian <bastian () kde ! org>
Date: 2001-04-30 20:28:23
[Download RAW message or body]
DATELINE APRIL 30, 2001
FOR IMMEDIATE RELEASE
SECURITY: NEW KDE LIBRARIES RELEASED
kde adds security and bug fixes to core libraries
April 30, 2001 (The INTERNET). The KDE Project (http://www.kde.org/) today
announced the release of kdelibs 2.1.2, a security and bugfix release of the
core KDE libraries. The other core KDE packages, including kdebase, have
not been updated. The KDE Project recommends that all KDE users upgrade to
kdelibs 2.1.2 and KDE 2.1.1.
This release provides the following fixes:
* Security fixes:
o KDEsu. The KDEsu which shipped with earlier releases of KDE 2
writes a (very) temporary but world-readable file with
authentication information. A local user can potentially abuse
this behavior to gain access to the X server and, if KDEsu is used
to perform tasks that require root-access, can result in
comprimise of the root account.
* Bug fixes:
o kio_http. Fixed problems with "protocol for http://x.y.z died
unexpectedly" and with proxy authentication with Konqueror.
o kparts. Fixed crash in KOffice 1.1 when splitting views.
o khtml. Fixed memory leak in Konqueror. Fixed minor HTML rendering
problems.
o kcookiejar. Fixed minor problems with HTTP cookies.
o kconfig. Fixed problem with leading/trailing spaces in
configuration values.
o kdebug. Fixed memory leak in debug output.
o klineedit. Fixed problem with klineedit emitting "return pressed"
twice.
For more information about the KDE 2.1 series, please see the KDE 2.1.1
press release (http://www.kde.org/announcements/announce-2.1.1.html) and
the KDE 2.1.1 Info Page (http://www.kde.org/info/2.1.1.html), which is an
evolving FAQ about the latest stable release. Information on using
anti-aliased fonts with KDE is available at http://dot.kde.org/984693709/.
DOWNLOADING AND COMPILING KDELIBS 2.1.2
The source package for kdelibs 2.1.2 (including a diff file against 2.1.1)
is available for free download at
http://ftp.kde.org/stable/2.1.2/distribution/src/ or in the equivalent
directory at one of the many KDE ftp server mirrors
(http://www.kde.org/mirrors.html). KDE 2.1.2 requires qt-2.2.3, which is
available from Trolltech at ftp://ftp.trolltech.com/qt/source/ under the
name qt-x11-2.2.3.tar.gz, although qt-2.2.4 or qt-2.3.0 is recommended
(for anti-aliased fonts, qt-2.3.0 and XFree 4.0.3 or newer is required).
kdelibs 2.1.2 will not work with versions of Qt older than 2.2.3.
For further instructions on compiling and installing KDE, please consult the
installation instructions (http://www.kde.org/install-source.html) and, if
you encounter problems, the compilation FAQ
(http://www.kde.org/compilationfaq.html).
INSTALLING BINARY PACKAGES
Some distributors choose to provide binary packages of KDE for certain
versions of their distribution. Some of these binary packages for kdelibs
2.1.2 will be available for free download under
http://ftp.kde.org/stable/2.1.2/distribution/ or under the equivalent
directory at one of the many KDE ftp server mirrors
http://www.kde.org/mirrors.html). Please note that the KDE team is not
responsible for these packages as they are provided by third parties --
typically, but not always, the distributor of the relevant distribution
(if you have any questions, please read the KDE Binary Packages
Policy (http://dot.kde.org/986933826/)).
kdelibs 2.1.2 requires qt-2.2.3, the free version of which is available from
the above locations usually under the name qt-x11-2.2.3, although qt-2.2.4
or qt-2.3.0 is recommended (for anti-aliased fonts, qt-2.3.0 and XFree 4.0.3
or newer is required). KDE 2.1.2 will not work with versions of Qt older
than 2.2.3.
At the time of this release, pre-compiled packages are available for:
* Caldera eDesktop 2.4:
i386: http://ftp.kde.org/stable/2.1.2/distribution/Caldera/eDesktop-2.4/
* RedHat Linux: 7.1:
i386: http://ftp.kde.org/stable/2.1.2/distribution/RedHat/7.1/i386/
* SuSE Linux:
README: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/README
o 7.1:
i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/7.1/
Sparc: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/sparc/7.1/
PPC: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/ppc/7.1/
o 7.0:
i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/7.0/
PPC: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/ppc/7.0/
S390: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/s390/
o 6.4:
i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/6.4/
o 6.3:
i386: http://ftp.kde.org/stable/2.1.2/distribution/SuSE/i386/6.3/
* Tru64 Systems:
README: http://ftp.kde.org/stable/2.1.2/distribution/Tru64/README.Tru64
4.0e,f,g, or 5.x: http://ftp.kde.org/stable/2.1.2/distribution/Tru64/
Please check the servers periodically for pre-compiled packages for other
distributions. More binary packages may become available over the coming
days and weeks.
ABOUT KDE
KDE is an independent, collaborative project by hundreds of developers
worldwide to create a sophisticated, customizable and stable desktop
environment employing a component-based, network-transparent architecture.
KDE is working proof of the power of the Open Source "Bazaar-style" software
development model to create first-rate technologies on par with and superior
to even the most complex commercial software.
KDE and all its components are available for free under Open Source licenses
from the KDE server (http://ftp.kde.org/) and its mirrors
(http://www.kde.org/mirrors.html) and can also be obtained on CD-ROM
(http://www.kde.org/cdrom.html). As a result of the dedicated efforts of
hundreds of translators, KDE is available in 34 languages and dialects
(http://i18n.kde.org/teams/distributed.html). KDE includes the core KDE
libraries, the core desktop environment (including Konqueror), developer
packages (including KDevelop), as well as the over 100 applications from
the other standard base KDE packages (administration, games, graphics,
multimedia, network, PIM and utilities).
For more information about KDE, please visit KDE's web site at
http://www.kde.org/whatiskde/. More information about KDE 2 is available
in two slideshow presentations
(http://devel-home.kde.org/~granroth/LWE2000/index.html,
http://mandrakesoft.com/~david/OSDEM/) and on KDE's web site
(http://www.kde.org/), including an evolving FAQ
(http://www.kde.org/info/2.1.html) to answer questions about
migrating to KDE 2.1 from KDE 1.x, anti-aliased font tutorials
(http://dot.kde.org/984693709/), a number of screenshots
(http://www.kde.org/screenshots/kde2shots.html), developer information
(http://developer.kde.org/documentation/kde2arch.html) and a developer's
KDE 1 - KDE 2 porting guide
(http://webcvs.kde.org/cgi-bin/cvsweb.cgi/~checkout~/kdelibs/KDE2PORTING.html).
---------------------------------------------------------------------
TRADEMARKS NOTICES. KDE and K Desktop Environment are trademarks of KDE e.V.
Linux is a registered trademark of Linus Torvalds. Unix is a registered
trademark of The Open Group. Trolltech and Qt are trademarks of Trolltech
AS. All other trademarks and copyrights referred to in this announcement are
the property of their respective owners.
---------------------------------------------------------------------
Press Contacts:
United States: Kurt Granroth
granroth@kde.org
(1) 480 732 1752
Andreas Pour
pour@kde.org
(1) 917 312 3122
Europe (French and English): David Faure
faure@kde.org
(44) 1225 837409
Europe (English and German): Martin Konold
konold@kde.org
(49) 179 2252249
--
bastian@kde.org | SuSE Labs KDE Developer | bastian@suse.com
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic