Back
    Linux Security
    Linux Security
    Linux Security

    Debian: 'gallery'

    Date 31 Jul 2002
    Category Debian Linux Distribution - Security Advisories
    2579
    Posted By LinuxSecurity Advisories
    A problem was found in gallery (a web-based photo album toolkit): itwas possible to pass in the GALLERY_BASEDIR variable remotely. Thismade it possible to execute commands under the uid of web-server. 
    
------------------------------------------------------------------------
Debian Security Advisory DSA-138-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
https://www.debian.org/security/ Wichert Akkerman
August  1, 2002
------------------------------------------------------------------------


Package        : gallery
Problem type   : remote exploit
Debian-specific: no

A problem was found in gallery (a web-based photo album toolkit): it
was possible to pass in the GALLERY_BASEDIR variable remotely. This
made it possible to execute commands under the uid of web-server.

This has been fixed in version 1.2.5-7 of the Debian package and upstream
version 1.3.1.


------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb  https://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security web-pages
at  https://www.debian.org/security/

------------------------------------------------------------------------

Debian GNU/Linux 2.2 alias potato
---------------------------------

  Potato does not contain the gallery package


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc.


  Source archives:

     https://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.dsc
Size/MD5 checksum:      577 34188f0145b780cabc087dc273710428
     https://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
Size/MD5 checksum:   132099 1a32e57b36ca06d22475938e1e1b19f9
     https://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.diff.gz
Size/MD5 checksum:     7125 707ec3020491869fa59f66d28e646360

  Architecture independent packages:

     https://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0_all.deb
Size/MD5 checksum:   132290 8f6f152a45bdd3f632fa1cee5e994132

--
----------------------------------------------------------------------------
Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
https://www.debian.org/security/
Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
    DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
    Red Hat introduces free RHEL for small production workloads and development teams
    Red Hat introduces free RHEL for small production workloads and development teams
    GeoIP for nftables
    GeoIP for nftables
    Freakout Botnet Targets Unpatched Linux Systems Showcase Image 7 A 15814 Esm W120
    'FreakOut' Botnet Targets Unpatched Linux Systems

    Advisories

    openSUSE: 2021:0144-1 critical: hawk2
    Date 23 Jan 2021 @ 02:15
    SUSE: 2021:30-1 suse/sle15 Security Update
    Date 23 Jan 2021 @ 00:01
    Fedora 32: chromium 2021-d9faeff8eb
    Date 22 Jan 2021 @ 15:30
    Mageia 2021-0052: undertow security update
    Date 22 Jan 2021 @ 14:51

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200
    Phishing Is The #1 Cybersecurity Threat Businesses Face

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Our Cookie Policy