Debian: New gallery packages fix several vulnerabilities
Summary
- --------------------------------------------------------------------------Debian Security Advisory DSA 1148-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 9th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : gallery Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-2734 CVE-2006-0330 CVE-2006-4030 Debian Bug : 325285 Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2734 A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information. CVE-2006-0330 A cross-site scripting vulnerability in the user registration allows injection of web script code. CVE-2006-4030 Missing input sanitising in the stats modules allows information disclosure. For the stable distribution (sarge) these problems have been fixed in version 1.5-1sarge2. For the unstable distribution (sid) these problems have been fixed in version 1.5-2. We recommend that you upgrade your gallery package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 589 f66813dbb5218b6cae62345331e73de0 Size/MD5 checksum: 15917 4f2cb50ce35dcdce2af96dc251ee695f Size/MD5 checksum: 6654533 7d610b59e7bf9edbbfa0abb38e041754 Architecture independent components: Size/MD5 checksum: 6570476 5fd487a3d9973eb95af4eb4ee85cf545 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.