Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
from <http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=107&sid=107>: Notice if you use Gallery versions 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1 (current release): We have discovered a well-hidden but potentially serious security flaw in these versions of Gallery which can allow a hacker to remotely exploit your webserver. All Gallery users are strongly urged to upgrade to 1.4.1-pl1 immediately, which fixes this serious problem and will secure your system. Thanks to Fred (vrotogel) for quickly alerting us to this issue. Gallery 1.4.1-pl1 can be downloaded from the Gallery Download Page. If you use version 1.4.1 and would like to patch your existing installation rather than downloading the full updated version, click to read on... see also <http://www.securityfocus.com/archive/1/351449> new version in portage, marked stable. glsa to be sent.
This is the 3rd time I think I've seen this program has become exploitable. shame on the coders!
this was version bumped into stable 25 Jan 2004 by mholzer GLSA can be sent out as soon as one is made
GLSA is out: http://article.gmane.org/gmane.linux.gentoo.announce/287 Thanks!
