The KDE Project today
the release of KDE 3.0.4.
Besides a number of usability and stability enhancements,
it provides two important security
corrections. The first corrects the file sharing program KPF, which
since KDE 3.0.1 has permitted a remote user to retrieve any file
readable by the user running KPF
The second corrects the PostScript® / PDF viewer KGhostView, which since KDE 1.1
permits carefully-crafted PostScript and PDF files to execute arbitrary
If you cannot upgrade to KDE 3.0.4, which is strongly recommended,
you should immediately stop using both KPF and KGhostView.