Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 204244

Summary: Gallery 2.2.3 has security porblems, version bump requested
Product: Gentoo Security Reporter: Frank Breedijk <frank>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: critical    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/27035/discuss
Whiteboard:
Package list:
Runtime testing required: ---

Description Frank Breedijk 2008-01-04 06:05:48 UTC 
Gallery Versions Prior to 2.2.4 Multiple Remote Vulnerabilities and Unspecified Weakness

Gallery is prone to multiple remote issues, including:

- An arbitrary-file-upload vulnerability
- A local file-include vulnerability
- Multiple cross-site scripting vulnerabilities
- Multiple information-disclosure vulnerabilities
- A security vulnerability that allows attackers to perform phishing attacks
- Multiple unspecified vulnerabilities
- An unspecified weakness

An attacker can exploit these issues to compromise the affected application, execute arbitrary code within the context of the webserver process, steal cookie-based authentication credentials, obtain sensitive information, and gain unauthorized access to the application. Other attacks are also possible.

These issues affect versions prior to Gallery 2.2.4.

Reproducible: Always

Steps to Reproduce:
1. emerge gallery
2. gallery 2.2.3 is emerged


Actual Results:  
gallery 2.2.3 is emerged

Expected Results:  
gallery 2.2.4 is emerged
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-01-04 06:46:08 UTC 

*** This bug has been marked as a duplicate of bug 203217 ***