Back
Linux Security
Linux Security
Linux Security

Debian: 'gallery'

Date 31 Jul 2002
Category Debian Linux Distribution - Security Advisories
2594
Posted By LinuxSecurity Advisories
A problem was found in gallery (a web-based photo album toolkit): itwas possible to pass in the GALLERY_BASEDIR variable remotely. Thismade it possible to execute commands under the uid of web-server. 

------------------------------------------------------------------------
Debian Security Advisory DSA-138-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
https://www.debian.org/security/ Wichert Akkerman
August  1, 2002
------------------------------------------------------------------------


Package        : gallery
Problem type   : remote exploit
Debian-specific: no

A problem was found in gallery (a web-based photo album toolkit): it
was possible to pass in the GALLERY_BASEDIR variable remotely. This
made it possible to execute commands under the uid of web-server.

This has been fixed in version 1.2.5-7 of the Debian package and upstream
version 1.3.1.


------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb  https://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security web-pages
at  https://www.debian.org/security/

------------------------------------------------------------------------

Debian GNU/Linux 2.2 alias potato
---------------------------------

  Potato does not contain the gallery package


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc.


  Source archives:

     https://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.dsc
Size/MD5 checksum:      577 34188f0145b780cabc087dc273710428
     https://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
Size/MD5 checksum:   132099 1a32e57b36ca06d22475938e1e1b19f9
     https://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.diff.gz
Size/MD5 checksum:     7125 707ec3020491869fa59f66d28e646360

  Architecture independent packages:

     https://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0_all.deb
Size/MD5 checksum:   132290 8f6f152a45bdd3f632fa1cee5e994132

--
----------------------------------------------------------------------------
Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
https://www.debian.org/security/
Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

Related News

Torvalds’ Bug Warning is a Lesson for Linux Users
Torvalds’ Bug Warning is a Lesson for Linux Users
Google’s Vested Interest in Linux Security
Google’s Vested Interest in Linux Security
KDE Plasma 5.21.4 Improves Support for the Fortinet SSL VPN, Plasma System Monitor App
KDE Plasma 5.21.4 Improves Support for the Fortinet SSL VPN, Plasma System Monitor App
Linux Lite 5.4 Released With Bug Fixes And UI Enhancements
Linux Lite 5.4 Released With Bug Fixes And UI Enhancements

Advisories

openSUSE: 2021:0535-1 moderate: bcc
Date 10 Apr 2021 @ 19:16
openSUSE: 2021:0536-1 moderate: openexr
Date 10 Apr 2021 @ 19:15
openSUSE: 2021:0533-1 important: isync
Date 10 Apr 2021 @ 16:16
Debian LTS: DLA-2623-1: qemu security update
Date 10 Apr 2021 @ 15:21

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"42","type":"x","order":"1","pct":84,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200
Phishing Is The #1 Cybersecurity Threat Businesses Face

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Our Cookie Policy