Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 204244 - Gallery 2.2.3 has security porblems, version bump requested
Summary: Gallery 2.2.3 has security porblems, version bump requested
Status: RESOLVED DUPLICATE of bug 203217
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/2703...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-04 06:05 UTC by Frank Breedijk
Modified: 2011-10-30 22:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Frank Breedijk 2008-01-04 06:05:48 UTC 
Gallery Versions Prior to 2.2.4 Multiple Remote Vulnerabilities and Unspecified Weakness

Gallery is prone to multiple remote issues, including:

- An arbitrary-file-upload vulnerability
- A local file-include vulnerability
- Multiple cross-site scripting vulnerabilities
- Multiple information-disclosure vulnerabilities
- A security vulnerability that allows attackers to perform phishing attacks
- Multiple unspecified vulnerabilities
- An unspecified weakness

An attacker can exploit these issues to compromise the affected application, execute arbitrary code within the context of the webserver process, steal cookie-based authentication credentials, obtain sensitive information, and gain unauthorized access to the application. Other attacks are also possible.

These issues affect versions prior to Gallery 2.2.4.

Reproducible: Always

Steps to Reproduce:
1. emerge gallery
2. gallery 2.2.3 is emerged


Actual Results:  
gallery 2.2.3 is emerged

Expected Results:  
gallery 2.2.4 is emerged
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-01-04 06:46:08 UTC 

*** This bug has been marked as a duplicate of bug 203217 ***