Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryhigh severityremote exploit

Gentoo: GLSA-200802-04 High: Gallery Code Execution Threat

Multiple vulnerabilities were discovered in Gallery.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200802-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Gallery: Multiple vulnerabilities Date: February 11, 2008 Bugs: #203217 ID: 200802-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities were discovered in Gallery. Background ========= Gallery is a web-based application for creating and viewing photo albums. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/gallery < 2.2.4 > = 2.2.4 < 2.0 Description ========== The Gallery developement team reported and fixed critical vulnerabilities during an internal audit (CVE-2007-6685, CVE-2007-6686, CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690, CVE-2007-6691, CVE-2007-6692, CVE-2007-6693). Impact ===== A remote attacker could exploit these vulnerabilities to execute arbitrary code, conduct Cross-Site Scripting and Cross-Site Request Forgery attacks, or disclose sensitive informations. Workaround ========= There is no known workaround at this time. Resolution ========= All Gallery users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/gallery-2.2.4" References ========= [ 1 ] CVE-2007-6685 https://www.cve.org/CVERecord?id=CVE-2007-6685 [ 2 ]CVE-2007-6686 https://www.cve.org/CVERecord?id=CVE-2007-6686 [ 3 ] CVE-2007-6687 https://www.cve.org/CVERecord?id=CVE-2007-6687 [ 4 ] CVE-2007-6688 https://www.cve.org/CVERecord?id=CVE-2007-6688 [ 5 ] CVE-2007-6689 https://www.cve.org/CVERecord?id=CVE-2007-6689 [ 6 ] CVE-2007-6690 https://www.cve.org/CVERecord?id=CVE-2007-6690 [ 7 ] CVE-2007-6691 https://www.cve.org/CVERecord?id=CVE-2007-6691 [ 8 ] CVE-2007-6692 https://www.cve.org/CVERecord?id=CVE-2007-6692 [ 9 ] CVE-2007-6693 https://www.cve.org/CVERecord?id=CVE-2007-6693 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200802-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFHsNVUuhJ+ozIKI5gRAlQUAJ9lFeYFWn1P5j9gCoQZeMPDd2Qv7gCeMHGd 9O6IeInam6ViQoXcHvw1twU=Gzzi -----END PGP SIGNATURE----- . Numerous urgent vulnerabilities identified in the Platform may result in significant data exposure. Take action immediately to safeguard your information.. Gallery Updates, Gentoo Security Advisory, Application Risks. . LinuxSecurity.com Team

Calendar 2 Feb 12, 2008 Gentoo
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoolow severity

Gentoo: GLSA-200711-03 Low: Gallery WebDAV and Reupload Threats

The WebDAV and Reupload modules of Gallery contain multiple unspecified vulnerabilities.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Gallery: Multiple vulnerabilities Date: November 01, 2007 Bugs: #191587 ID: 200711-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The WebDAV and Reupload modules of Gallery contain multiple unspecified vulnerabilities. Background ========= Gallery is a PHP based photo album manager. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/gallery < 2.2.3 > = 2.2.3 Description ========== Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact ===== A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace and change properties of items, or edit item data using WebDAV. Workaround ========= There is no known workaround at this time. Resolution ========= All Gallery users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/gallery-2.2.3" References ========= [ 1 ] CVE-2007-4650 https://www.cve.org/CVERecord?id=CVE-2007-4650 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200711-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFHKnAWuhJ+ozIKI5gRAqGnAKCKzgiyzZZXPxkTkWyR3TPjjjXrkQCfT7TS s7zfZErUBINg8TgVkkrC9FY=nzXL -----END PGP SIGNATURE----- . Numerous unidentified problems detected in Gallery's WebDAV and Reupload components impacting Gentoo. Immediate patch needed.. Gallery Issues, Gentoo Security Advisory, WebDAV Threats. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Nov 02, 2007 Low Gentoo
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiancross-site scripting

Debian 3.1 DSA 1148-1 Critical: Gallery XSS Issues and Mitigations

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1148-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff August 9th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : gallery Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-2734 CVE-2006-0330 CVE-2006-4030 Debian Bug : 325285 Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2734 A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information. CVE-2006-0330 A cross-site scripting vulnerability in the user registration allows injection of web script code. CVE-2006-4030 Missing input sanitising in the stats modules allows information disclosure. For the stable distribution (sarge) these problems have been fixed in version 1.5-1sarge2. For the unstable distribution (sid) these problems have been fixed in version 1.5-2. We recommend that you upgrade your gallery package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 589 f66813dbb5218b6cae62345331e73de0 Size/MD5 checksum: 15917 4f2cb50ce35dcdce2af96dc251ee695f Size/MD5 checksum: 6654533 7d610b59e7bf9edbbfa0abb38e041754 Architecture independent components: Size/MD5 checksum: 6570476 5fd487a3d9973eb95af4eb4ee85cf545 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance the gallery packages to mitigate various remote security concerns pointed out in the latest Debian notification.. Debian Security, Gallery Update, Cyber Threats, Remote Exploits. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 09, 2006 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoosoftware update

Gentoo: GLSA-200601-13 Low: Gallery Cross-Site Scripting Issue

Gallery is possibly vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200601-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Gallery: Cross-site scripting vulnerability Date: January 26, 2006 Bugs: #119590 ID: 200601-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Gallery is possibly vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution. Background ========= Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/gallery < 1.5.2 > = 1.5.2 Description ========== Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability. Impact ===== By setting a specially crafted fullname, an attacker can inject and execute script code in the victim's browser window and potentially compromise the user's gallery. Workaround ========= There is no known workaround at this time. Resolution ========= All Gallery users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/gallery-1.5.2" Note: Users with the vhosts USE flag set should manuallyuse webapp-config to finalize the update. References ========= [ 1 ] Gallery Announcement Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200601-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . Gentoo Linux Security Notice for Media Plugin highlights a flaw enabling code execution; prompt update advised for protection.. Gentoo Security,Cross-Site Scripting,Gallery Update,PHP Application,Security Advisory. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Jan 26, 2006 Low Gentoo
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdatecritical

Debian Sarge DSA 879-1 Critical: Remote Gallery Access Problem

Updated profile.. - --------------------------------------------------------------------------Debian Security Advisory DSA 879-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze November 2nd, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : gallery Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2005-2596 A bug in gallery has been discoverd that grants all registrated postnuke users full access to the gallery. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 1.5-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.5-2. We recommend that you upgrade your gallery package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 589 66094a4fb1cc5429e8fc7815aa0f2c32 Size/MD5 checksum: 15051 2239879af55f3de1abb91c036bf9a7a3 Size/MD5 checksum: 6654533 7d610b59e7bf9edbbfa0abb38e041754 Architecture independent components: Size/MD5 checksum: 6570176 d68b5e9c23c40acb4457882ee2b8a1a8 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------Forapt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian Security Advisory DSA 879-1 addresses a vulnerability in the gallery software that could lead to privilege escalation issues within the sarge release.. Debian Gallery Privileges Update, Security Fixes for Debian, Remote Programming Error Repair. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 02, 2005 Critical Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiancross site scripting

Debian 3.0: DSA-642-1 Severe: Gallery Cross Site Scripting Threat

Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4.. - --------------------------------------------------------------------------Debian Security Advisory DSA 642-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze January 17th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : gallery Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-1106 BugTraq ID : 11602 Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2004-1106 Jim Paris discovered a cross site scripting vulnerability which allows code to be inserted by using specially formed URLs. CVE-NOMATCH The upstream developers of gallery have fixed several cases of possible variable injection that could trick gallery to unintended actions, e.g. leaking database passwords. For the stable distribution (woody) these problems have been fixed in version 1.2.5-8woody3. For the unstable distribution (sid) these problems have been fixed in version 1.4.4-pl4-1. We recommend that you upgrade your gallery package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 573f789c8198ba2b859cfb5cca31aaf6dcd Size/MD5 checksum: 7908 6acd9ee257ddad8c2ffa568b5540e9fe Size/MD5 checksum: 132099 1a32e57b36ca06d22475938e1e1b19f9 Architecture independent components: Size/MD5 checksum: 133126 3527d050800873dc990c1d002478aa7e These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple security flaws detected in Debian gallery necessitate immediate patching. Update addresses cross-site scripting vulnerabilities.. Debian Security, Gallery Package, Cross-Site Scripting. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 17, 2005 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentooarbitrary command execution

Gentoo: GLSA-200409-05 Normal: Gallery Command Execution Issue

The Gallery image upload code contains a temporary file handling vulnerability which could lead to execution of arbitrary commands.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gallery: Arbitrary command execution Date: September 02, 2004 Bugs: #60742 ID: 200409-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The Gallery image upload code contains a temporary file handling vulnerability which could lead to execution of arbitrary commands. Background ========= Gallery is a PHP script for maintaining online photo albums. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/gallery < 1.4.4_p2 > = 1.4.4_p2 Description ========== The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefully crafted script could be initiated by the remote attacker during this 30 second timeout. Note that the temporary directory has to be located inside the webroot and an attacker needs to have upload rights either as an authenticated user or via "EVERYBODY". Impact ===== An attacker could run arbitrary code as the user running PHP. Workaround ========= There are several workarounds to this vulnerability: * Make sure that your temporary directory is not contained in the webroot; bydefault it is located outside the webroot. * Disable upload rights to all albums for "EVERYBODY"; upload is disabled by default. * Disable debug and dev mode; these settings are disabled by default. * Disable allow_url_fopen in php.ini. Resolution ========= All Gallery users should upgrade to the latest version: # emerge sync # emerge -pv "> =www-apps/gallery-1.4.4_p2" # emerge "> =www-apps/gallery-1.4.4_p2" References ========= [ 1 ] Full Disclosure Announcement [ 2 ] Gallery Announcement ;name=News&file=article&sid=134&mode=threadℴ=0&thold=0 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200409-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBN4QuzKC5hMHO6rkRAvjRAJ9ew8O+G6tQ/+wifIJkqYadFCU0cgCeK75X 9F2kemN3tO5SBNb80LQkLjc=KCrK -----END PGP SIGNATURE----- . The Gentoo Linux Security Advisory GLSA 200409-05 details a serious vulnerability in the Gallery app's image upload feature, allowing file upload exploits. Users should upgrade to the latest stable version and enhance upload directory permissions and server security protocols to combat these risks and fortify defenses against future threats. Gallery Upload Issue,Gentoo Security Advisory,Arbitrary Command Execution. . LinuxSecurity.com Team

Calendar 2 Sep 02, 2004 Gentoo
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoosoftware update

Gentoo GLSA 200406-10: Gallery Normal Severity Privilege Escalation

There is a vulnerability in the Gallery photo album software which may allow an attacker to gain administrator privileges within Gallery.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200406-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gallery: Privilege escalation vulnerability Date: June 15, 2004 Bugs: #52798 ID: 200406-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= There is a vulnerability in the Gallery photo album software which may allow an attacker to gain administrator privileges within Gallery. Background ========= Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-misc/gallery = 1.4.3_p2 Description ========== There is a vulnerability in the Gallery photo album software which may allow an attacker to gain administrator privileges within Gallery. A Gallery administrator has full access to all albums and photos on the server, thus attackers may add or delete photos at will. Impact ===== Attackers may gain full access to all Gallery albums. There is no risk to the webserver itself, or the server on which it runs. Workaround ========= There is no known workaround at this time. All users are encouraged to upgrade to the latest availableversion. Resolution ========= All users should upgrade to the latest available version of Gallery. # emerge sync # emerge -pv "> =app-misc/gallery-1.4.3_p2" # emerge "> =app-misc/gallery-1.4.3_p2" References ========= [ 1 ] Gallery Announcement ;name=News&file=article&sid=123&mode=threadℴ=0&thold=0 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200406-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFAz0qMvcL1obalX08RAmuoAKCKcyWXNtt+mdgtX26R9l96V8yE4QCfVFQG 9s9GiyiY83X/VHcx2Kc+mQQ=+z9+ -----END PGP SIGNATURE----- . The GLSA 200406-10 advisory highlights a serious privilege escalation flaw in Gallery software, allowing unauthorized command execution due to user input validation issues. To address this, users must update to the latest Gallery version with security patches, regularly check for updates, and enforce strict access controls to protect their systems. A comprehensive security audit is also recommended for those affected, ensuring all accounts have strong passwords and monitoring tools are in place for suspicious activities.. Gallery Software Security,Gentoo Advisory,Privilege Escalation Threat. . LinuxSecurity.com Team

Calendar 2 Jun 15, 2004 Gentoo
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here