[SECURITY] Fedora 7 Update: gallery2-2.2.4-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Wed Dec 26 02:15:18 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4777
2007-12-26 00:47:00
--------------------------------------------------------------------------------

Name        : gallery2
Product     : Fedora 7
Version     : 2.2.4
Release     : 1.fc7
URL         : http://gallery.menalto.com
Summary     : Customizable photo gallery web site
Description :
The base Gallery 2 installation - the equivalent of upstream's -minimal
package.  This package requires a database to be operational.  Acceptable
database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x,
PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server.  All given
package versions are minimums, greater package versions are acceptable.

--------------------------------------------------------------------------------
Update Information:

Gallery 2.2.4 addresses the following security vulnerabilities:

 * Publish XP module - Fixed unauthorized album creation and file uploads.
 * URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection.
 * Core / add-item modules - Fixed Cross Site Scripting (XSS) vulnerabilities through malicious file names.
 * Installation (Gallery application) - Update web-accessibility protection of the storage folder for Apache 2.2.
 * Core (Gallery application) / MIME module - Fixed vulnerability in checks for disallowed file extensions in file uploads.
 * Gallery Remote module - Added missing permissions checks for some GR commands.
 * WebDAV module - Fixed Cross Site Scripting (XSS) vulnerability through HTTP PROPPATCH.
 * WebDAV module - Fixed information (item data) disclosure in a WebDAV view.
 * WebDAV module - Bug fix for directory listing issue (not security related).
 * Comment module - Fixed information (item data) disclosure in comment views.
 * Core module (Gallery application) - Improved resilience against item information disclosure attacks.
 * Slideshow module - Fixed information (item data) disclosure in the slideshow.
 * Print modules - Fixed information (item data) disclosure in several print modules.
 * Core / print modules - Fixed arbitrary URL redirection (phishing attacks) in the core module and several print modules.
 * WebCam module - Fixed proxied request weakness.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 24 2007 Lubomir Kundrak <lkundrak at redhat.com> 2.2.4-1
- A christmas present -- critical security update to 2.2.4
* Fri Aug 31 2007 John Berninger <john at ncphotography dot com> - 2.2-0.7.svn20070831
- update to 2.2.3 SVN snapshot to fix security vuln's - bz 267421
* Tue Jun  5 2007 John Berninger <johnw at berningeronline dot net> - 2.2-0.6.svn20070506
- Fix escaping syntax problem in post scriptlet
* Tue May 15 2007 John Berninger <johnw at berningeronline dot net> - 2.2-0.5.svn20070506
- README file update and new build
--------------------------------------------------------------------------------
Updated packages:

7468ab4b2740190b9e8fc7daa1db5b280aef25c3 gallery2-getid3-2.2.4-1.fc7.noarch.rpm
a3196a8b0f5d0e24c8527a646cce4f5f8f278262 gallery2-webdav-2.2.4-1.fc7.noarch.rpm
98084156262beafc6dda43c83ee44f39f5b9d6b9 gallery2-webcam-2.2.4-1.fc7.noarch.rpm
a5d94f4f257512cb509fe7a0fdd9e36b52918a8e gallery2-newitems-2.2.4-1.fc7.noarch.rpm
35ae8051695e992828253800b6e48e68f6cd3204 gallery2-keyalbum-2.2.4-1.fc7.noarch.rpm
4199464ef69520f3db9357b142ea4da1c57b5d5c gallery2-exif-2.2.4-1.fc7.noarch.rpm
a7d8b216c3833b13e30bc972a04d216790776895 gallery2-uploadapplet-2.2.4-1.fc7.noarch.rpm
996d222d4ee61680355ad15f006c9952abb22471 gallery2-multiroot-2.2.4-1.fc7.noarch.rpm
cc5d4a73b0b6da100c9e70c00b92cb51356d555c gallery2-reupload-2.2.4-1.fc7.noarch.rpm
30e1cd276de262df550949c3bef0423d75e9adfa gallery2-captcha-2.2.4-1.fc7.noarch.rpm
cb9a9856395f350595f1e5ad41939c815b4e7af0 gallery2-carbon-2.2.4-1.fc7.noarch.rpm
22e25604e1c59c22c2d62a1e22700b85849fe41c gallery2-replica-2.2.4-1.fc7.noarch.rpm
4f0b36a254c568ec147e6564b7986579290ddca0 gallery2-hybrid-2.2.4-1.fc7.noarch.rpm
1e801f61a5df1bc6f6570bf05000a4a38365cc5f gallery2-siriux-2.2.4-1.fc7.noarch.rpm
54d9174ad8c8c75ff76eb17e8dd537a91bf8590e gallery2-digibug-2.2.4-1.fc7.noarch.rpm
efeb459cf2bd55ca0c42351484a40720b9e77c5a gallery2-shutterfly-2.2.4-1.fc7.noarch.rpm
9d9fd66b8ab6971804d44de49ba9aff73089c965 gallery2-migrate-2.2.4-1.fc7.noarch.rpm
9c2f7b8c0394403dcbbfe7c00677464e7d894abe gallery2-zipcart-2.2.4-1.fc7.noarch.rpm
d80d2257f12775a8e369b359e891895098879663 gallery2-debug-2.2.4-1.fc7.noarch.rpm
1bc08f69932f298324229acd1a18ee7dbb931c15 gallery2-thumbpage-2.2.4-1.fc7.noarch.rpm
d3a965810629ac02eded01bb6facadae5b89c8ac gallery2-imageframe-2.2.4-1.fc7.noarch.rpm
82b5d959868bf1845fe7993efca18d84831c479b gallery2-matrix-2.2.4-1.fc7.noarch.rpm
534dd17d868581184ab3cd36111da53ddc73c162 gallery2-gd-2.2.4-1.fc7.noarch.rpm
ee6e8d9d36d9a6da2882f1db5132c8e672578e8e gallery2-slideshow-2.2.4-1.fc7.noarch.rpm
f667ed51bb6e636c7bcefa472bfcc2446c4d22e9 gallery2-search-2.2.4-1.fc7.noarch.rpm
eaffc7dbe948825e6e43181081b7ce74afe7ef0f gallery2-quotas-2.2.4-1.fc7.noarch.rpm
df4c5e5aa99c47a1a4090c1548ea27a26eec7be0 gallery2-publishxp-2.2.4-1.fc7.noarch.rpm
42be146390d3a47345819295d8ed735c08846774 gallery2-comment-2.2.4-1.fc7.noarch.rpm
a60780c32b3d58644e6262573f7e37c7cbfbedab gallery2-dcraw-2.2.4-1.fc7.noarch.rpm
bdd1d4e0071eaa79c925c983de04e670ce7f9377 gallery2-register-2.2.4-1.fc7.noarch.rpm
f17027a180afe6eff9970b51db2d229621d9d627 gallery2-remote-2.2.4-1.fc7.noarch.rpm
922dfa058f54c3808239dc5ccafe7fb3e334b5c2 gallery2-mime-2.2.4-1.fc7.noarch.rpm
978a44449617b7e8172d06dfa6fd3dcab8bc77e0 gallery2-ecard-2.2.4-1.fc7.noarch.rpm
38794b03b74e250f9bf73f747b77630b93b697e4 gallery2-password-2.2.4-1.fc7.noarch.rpm
32afd163324f00523a92968957ee9663a1e0137e gallery2-sizelimit-2.2.4-1.fc7.noarch.rpm
887a8476439cdbd46431f76559dd8a5cfd66cb00 gallery2-rewrite-2.2.4-1.fc7.noarch.rpm
7c0348bfd4c0fd41e107c67515920f0c695f17a3 gallery2-permalinks-2.2.4-1.fc7.noarch.rpm
df8df84e09e082383860de866cda0f277fa06910 gallery2-randomhighlight-2.2.4-1.fc7.noarch.rpm
c0634f6957319537fee698650cb86e2ec11e2028 gallery2-useralbum-2.2.4-1.fc7.noarch.rpm
9ff7cf37aea7f71a1ed5732a7b31c3d1e2418187 gallery2-floatrix-2.2.4-1.fc7.noarch.rpm
a228c3bb528ee194663ebddff9488f79c603893a gallery2-itemadd-2.2.4-1.fc7.noarch.rpm
9ef4dbb35588fa502695f25687e453e6cbedd940 gallery2-rating-2.2.4-1.fc7.noarch.rpm
5363166a47cc0c59b245fe499a0cbbe62cb2cccb gallery2-netpbm-2.2.4-1.fc7.noarch.rpm
509598ba01ac6bd1fd2561547accca61f9049c24 gallery2-customfield-2.2.4-1.fc7.noarch.rpm
6b1c9b613804bc9ca74ae5276fb26c0cc2a34337 gallery2-mp3audio-2.2.4-1.fc7.noarch.rpm
6483d0bba835671915ba73894a629fbb24233a24 gallery2-picasa-2.2.4-1.fc7.noarch.rpm
a73baa88b60aa94bb2192ec056c1004929ae6406 gallery2-fotokasten-2.2.4-1.fc7.noarch.rpm
edd10ade63ff9bd739ff3dfcb3c72dc85341520c gallery2-classic-2.2.4-1.fc7.noarch.rpm
325f5501c5a3c8a2a2e5c23c2b2403aee9a915c2 gallery2-2.2.4-1.fc7.noarch.rpm
78ad46c603d03970f5b4e2e074e07806982ff5a7 gallery2-dynamicalbum-2.2.4-1.fc7.noarch.rpm
6c4b46881c19dc25c35b2e84ad86d4509c7b6e25 gallery2-tile-2.2.4-1.fc7.noarch.rpm
9a23bade788d751566cdeb41aced929699247c62 gallery2-nokiaupload-2.2.4-1.fc7.noarch.rpm
54a4291783269f1b40d316b47450958681b9b71a gallery2-archiveupload-2.2.4-1.fc7.noarch.rpm
7214ea366599f9482b4ef60d1e857b00b5de31cb gallery2-slideshowapplet-2.2.4-1.fc7.noarch.rpm
d8098cd1e68c724d02c817c0a0a665b979fe59c4 gallery2-thumbnail-2.2.4-1.fc7.noarch.rpm
c9652c7930884b702a8b4c71dcc087c36bd70563 gallery2-multilang-2.2.4-1.fc7.noarch.rpm
9acabfd47019b36717fa9ee117faa46535ac10aa gallery2-photoaccess-2.2.4-1.fc7.noarch.rpm
c5a2a304c1b48d6e5ab5dffa124e2f6663602e26 gallery2-members-2.2.4-1.fc7.noarch.rpm
edf5be57ab09a950b94f66c705ec9c93ac8d3317 gallery2-slider-2.2.4-1.fc7.noarch.rpm
48a4f6a915c76dfd1fbaf987ce469bb0e421ea72 gallery2-watermark-2.2.4-1.fc7.noarch.rpm
9089cabb33b8b6241cc393883439bb0af5a61d4d gallery2-cart-2.2.4-1.fc7.noarch.rpm
5230ee706c9e9500d4acdcb7cf7df9827cbaabb4 gallery2-sitemap-2.2.4-1.fc7.noarch.rpm
d023efa13db5f3242da6d0d6cb2b004b7190022e gallery2-colorpack-2.2.4-1.fc7.noarch.rpm
d996facbe3f64b7de7b794a1b9458a6e039edd27 gallery2-imagemagick-2.2.4-1.fc7.noarch.rpm
97cc1941349133abf41e224a4bc7ea564dcf06ae gallery2-icons-2.2.4-1.fc7.noarch.rpm
4544e4bd162e23b3e4b9612d5be6e022026dcb6a gallery2-flashvideo-2.2.4-1.fc7.noarch.rpm
78f285feba53bc4b0d2769083a0bda297351309b gallery2-rearrange-2.2.4-1.fc7.noarch.rpm
1ba99b2d17acbc200508fe0e1dcaf2696e5fd202 gallery2-rss-2.2.4-1.fc7.noarch.rpm
fc2f523526ca2295a70d6899611bc213bf8fb0b2 gallery2-linkitem-2.2.4-1.fc7.noarch.rpm
17e4344b95f1e55d5081b2bad537d4d5546c0fc2 gallery2-hidden-2.2.4-1.fc7.noarch.rpm
9d8e6c90be61a141c1d226ed3df89c261629e5de gallery2-panorama-2.2.4-1.fc7.noarch.rpm
f860b6471f79494a44441092b0b910f56102d23f gallery2-albumselect-2.2.4-1.fc7.noarch.rpm
8ff0c4ca440ba03172118a55fd6ddcd43ab05852 gallery2-squarethumb-2.2.4-1.fc7.noarch.rpm
9dd41f918212545af00ecce8ea056a7fbf4a386b gallery2-httpauth-2.2.4-1.fc7.noarch.rpm
56cc50db4a0ebc0ee8fa88c3b0cfec367281ef44 gallery2-ajaxian-2.2.4-1.fc7.noarch.rpm
60fae5ccf668bd7e02c2a85d2680dbe5ee22ff5f gallery2-imageblock-2.2.4-1.fc7.noarch.rpm
96a9a191f870dbc6ed356081760f1cfd2b5e0a2c gallery2-ffmpeg-2.2.4-1.fc7.noarch.rpm
8646c95b471644a07510e9a059e30d7db79eba32 gallery2-2.2.4-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gallery2' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list