Debian: 'gallery'

    Date31 Jul 2002
    CategoryDebian
    2280
    Posted ByLinuxSecurity Advisories
    A problem was found in gallery (a web-based photo album toolkit): itwas possible to pass in the GALLERY_BASEDIR variable remotely. Thismade it possible to execute commands under the uid of web-server.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-138-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/ Wichert Akkerman
    August  1, 2002
    ------------------------------------------------------------------------
    
    
    Package        : gallery
    Problem type   : remote exploit
    Debian-specific: no
    
    A problem was found in gallery (a web-based photo album toolkit): it
    was possible to pass in the GALLERY_BASEDIR variable remotely. This
    made it possible to execute commands under the uid of web-server.
    
    This has been fixed in version 1.2.5-7 of the Debian package and upstream
    version 1.3.1.
    
    
    ------------------------------------------------------------------------
    
    Obtaining updates:
    
      By hand:
        wget URL
            will fetch the file for you.
        dpkg -i FILENAME.deb
            will install the fetched file.
    
      With apt:
        deb  http://security.debian.org/ stable/updates main
            added to /etc/apt/sources.list will provide security updates
    
    Additional information can be found on the Debian security web-pages
    at  http://www.debian.org/security/
    
    ------------------------------------------------------------------------
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato does not contain the gallery package
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
      powerpc, s390 and sparc.
    
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.dsc
    Size/MD5 checksum:      577 34188f0145b780cabc087dc273710428
         http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
    Size/MD5 checksum:   132099 1a32e57b36ca06d22475938e1e1b19f9
         http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.diff.gz
    Size/MD5 checksum:     7125 707ec3020491869fa59f66d28e646360
    
      Architecture independent packages:
    
         http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0_all.deb
    Size/MD5 checksum:   132290 8f6f152a45bdd3f632fa1cee5e994132
    
    --
    ----------------------------------------------------------------------------
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
    http://www.debian.org/security/
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.