[gentoo-announce] [ GLSA 200811-02 ] Gallery: Multiple vulnerabilities - gentoo-announce

From:	Tobias Heinlein <keytoaster@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200811-02 ] Gallery: Multiple vulnerabilities
Date:	Sun, 09 Nov 2008 21:00:31
Message-Id:	`49174E89.8090307@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200811-02

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Gallery: Multiple vulnerabilities

9

      Date: November 09, 2008

10

      Bugs: #234137, #238113

11

        ID: 200811-02

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities in Gallery may lead to execution of arbitrary

19

code, disclosure of local files or theft of user's credentials.

20

21

Background

22

==========

23

24

Gallery is an open source web based photo album organizer.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package           /  Vulnerable  /                     Unaffected

31

    -------------------------------------------------------------------

32

  1  www-apps/gallery       < 2.2.6                           >= 2.2.6

33

                                                             *>= 1.5.9

34

35

Description

36

===========

37

38

Multiple vulnerabilities have been discovered in Gallery 1 and 2:

39

40

* Digital Security Research Group reported a directory traversal

41

  vulnerability in contrib/phpBB2/modules.php in Gallery 1, when

42

  register_globals is enabled (CVE-2008-3600).

43

44

* Hanno Boeck reported that Gallery 1 and 2 did not set the secure

45

  flag for the session cookie in an HTTPS session (CVE-2008-3662).

46

47

* Alex Ustinov reported that Gallery 1 and 2 does not properly handle

48

  ZIP archives containing symbolic links (CVE-2008-4129).

49

50

* The vendor reported a Cross-Site Scripting vulnerability in Gallery

51

  2 (CVE-2008-4130).

52

53

Impact

54

======

55

56

Remote attackers could send specially crafted requests to a server

57

running Gallery, allowing for the execution of arbitrary code when

58

register_globals is enabled, or read arbitrary files via directory

59

traversals otherwise. Attackers could also entice users to visit

60

crafted links allowing for theft of login credentials.

61

62

Workaround

63

==========

64

65

There is no known workaround at this time.

66

67

Resolution

68

==========

69

70

All Gallery 2 users should upgrade to the latest version:

71

72

    # emerge --sync

73

    # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6"

74

75

All Gallery 1 users should upgrade to the latest version:

76

77

    # emerge --sync

78

    # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9"

79

80

References

81

==========

82

83

  [ 1 ] CVE-2008-3600

84

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3600

85

  [ 2 ] CVE-2008-3662

86

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662

87

  [ 3 ] CVE-2008-4129

88

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129

89

  [ 4 ] CVE-2008-4130

90

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130

91

92

Availability

93

============

94

95

This GLSA and any updates to it are available for viewing at

96

the Gentoo Security Website:

97

98

  http://security.gentoo.org/glsa/glsa-200811-02.xml

99

100

Concerns?

101

=========

102

103

Security is a primary focus of Gentoo Linux and ensuring the

104

confidentiality and security of our users machines is of utmost

105

importance to us. Any security concerns should be addressed to

106

security@g.o or alternatively, you may file a bug at

107

http://bugs.gentoo.org.

108

109

License

110

=======

111

112

Copyright 2008 Gentoo Foundation, Inc; referenced text

113

belongs to its owner(s).

114

115

The contents of this document are licensed under the

116

Creative Commons - Attribution / Share Alike license.

117

118

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200811-02
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Gallery: Multiple vulnerabilities
9	Date: November 09, 2008
10	Bugs: #234137, #238113
11	ID: 200811-02
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities in Gallery may lead to execution of arbitrary
19	code, disclosure of local files or theft of user's credentials.
20
21	Background
22	==========
23
24	Gallery is an open source web based photo album organizer.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 www-apps/gallery < 2.2.6 >= 2.2.6
33	*>= 1.5.9
34
35	Description
36	===========
37
38	Multiple vulnerabilities have been discovered in Gallery 1 and 2:
39
40	* Digital Security Research Group reported a directory traversal
41	vulnerability in contrib/phpBB2/modules.php in Gallery 1, when
42	register_globals is enabled (CVE-2008-3600).
43
44	* Hanno Boeck reported that Gallery 1 and 2 did not set the secure
45	flag for the session cookie in an HTTPS session (CVE-2008-3662).
46
47	* Alex Ustinov reported that Gallery 1 and 2 does not properly handle
48	ZIP archives containing symbolic links (CVE-2008-4129).
49
50	* The vendor reported a Cross-Site Scripting vulnerability in Gallery
51	2 (CVE-2008-4130).
52
53	Impact
54	======
55
56	Remote attackers could send specially crafted requests to a server
57	running Gallery, allowing for the execution of arbitrary code when
58	register_globals is enabled, or read arbitrary files via directory
59	traversals otherwise. Attackers could also entice users to visit
60	crafted links allowing for theft of login credentials.
61
62	Workaround
63	==========
64
65	There is no known workaround at this time.
66
67	Resolution
68	==========
69
70	All Gallery 2 users should upgrade to the latest version:
71
72	# emerge --sync
73	# emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6"
74
75	All Gallery 1 users should upgrade to the latest version:
76
77	# emerge --sync
78	# emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9"
79
80	References
81	==========
82
83	[ 1 ] CVE-2008-3600
84	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3600
85	[ 2 ] CVE-2008-3662
86	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662
87	[ 3 ] CVE-2008-4129
88	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129
89	[ 4 ] CVE-2008-4130
90	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130
91
92	Availability
93	============
94
95	This GLSA and any updates to it are available for viewing at
96	the Gentoo Security Website:
97
98	http://security.gentoo.org/glsa/glsa-200811-02.xml
99
100	Concerns?
101	=========
102
103	Security is a primary focus of Gentoo Linux and ensuring the
104	confidentiality and security of our users machines is of utmost
105	importance to us. Any security concerns should be addressed to
106	security@g.o or alternatively, you may file a bug at
107	http://bugs.gentoo.org.
108
109	License
110	=======
111
112	Copyright 2008 Gentoo Foundation, Inc; referenced text
113	belongs to its owner(s).
114
115	The contents of this document are licensed under the
116	Creative Commons - Attribution / Share Alike license.
117
118	http://creativecommons.org/licenses/by-sa/2.5