-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-4777 2007-12-26 00:47:00 --------------------------------------------------------------------------------
Name : gallery2 Product : Fedora 7 Version : 2.2.4 Release : 1.fc7 URL : http://gallery.menalto.com Summary : Customizable photo gallery web site Description : The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package versions are minimums, greater package versions are acceptable.
-------------------------------------------------------------------------------- Update Information:
Gallery 2.2.4 addresses the following security vulnerabilities:
* Publish XP module - Fixed unauthorized album creation and file uploads. * URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection. * Core / add-item modules - Fixed Cross Site Scripting (XSS) vulnerabilities through malicious file names. * Installation (Gallery application) - Update web-accessibility protection of the storage folder for Apache 2.2. * Core (Gallery application) / MIME module - Fixed vulnerability in checks for disallowed file extensions in file uploads. * Gallery Remote module - Added missing permissions checks for some GR commands. * WebDAV module - Fixed Cross Site Scripting (XSS) vulnerability through HTTP PROPPATCH. * WebDAV module - Fixed information (item data) disclosure in a WebDAV view. * WebDAV module - Bug fix for directory listing issue (not security related). * Comment module - Fixed information (item data) disclosure in comment views. * Core module (Gallery application) - Improved resilience against item information disclosure attacks. * Slideshow module - Fixed information (item data) disclosure in the slideshow. * Print modules - Fixed information (item data) disclosure in several print modules. * Core / print modules - Fixed arbitrary URL redirection (phishing attacks) in the core module and several print modules. * WebCam module - Fixed proxied request weakness.
-------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 24 2007 Lubomir Kundrak lkundrak@redhat.com 2.2.4-1 - A christmas present -- critical security update to 2.2.4 * Fri Aug 31 2007 John Berninger <john at ncphotography dot com> - 2.2-0.7.svn20070831 - update to 2.2.3 SVN snapshot to fix security vuln's - bz 267421 * Tue Jun 5 2007 John Berninger <johnw at berningeronline dot net> - 2.2-0.6.svn20070506 - Fix escaping syntax problem in post scriptlet * Tue May 15 2007 John Berninger <johnw at berningeronline dot net> - 2.2-0.5.svn20070506 - README file update and new build -------------------------------------------------------------------------------- Updated packages:
7468ab4b2740190b9e8fc7daa1db5b280aef25c3 gallery2-getid3-2.2.4-1.fc7.noarch.rpm a3196a8b0f5d0e24c8527a646cce4f5f8f278262 gallery2-webdav-2.2.4-1.fc7.noarch.rpm 98084156262beafc6dda43c83ee44f39f5b9d6b9 gallery2-webcam-2.2.4-1.fc7.noarch.rpm a5d94f4f257512cb509fe7a0fdd9e36b52918a8e gallery2-newitems-2.2.4-1.fc7.noarch.rpm 35ae8051695e992828253800b6e48e68f6cd3204 gallery2-keyalbum-2.2.4-1.fc7.noarch.rpm 4199464ef69520f3db9357b142ea4da1c57b5d5c gallery2-exif-2.2.4-1.fc7.noarch.rpm a7d8b216c3833b13e30bc972a04d216790776895 gallery2-uploadapplet-2.2.4-1.fc7.noarch.rpm 996d222d4ee61680355ad15f006c9952abb22471 gallery2-multiroot-2.2.4-1.fc7.noarch.rpm cc5d4a73b0b6da100c9e70c00b92cb51356d555c gallery2-reupload-2.2.4-1.fc7.noarch.rpm 30e1cd276de262df550949c3bef0423d75e9adfa gallery2-captcha-2.2.4-1.fc7.noarch.rpm cb9a9856395f350595f1e5ad41939c815b4e7af0 gallery2-carbon-2.2.4-1.fc7.noarch.rpm 22e25604e1c59c22c2d62a1e22700b85849fe41c gallery2-replica-2.2.4-1.fc7.noarch.rpm 4f0b36a254c568ec147e6564b7986579290ddca0 gallery2-hybrid-2.2.4-1.fc7.noarch.rpm 1e801f61a5df1bc6f6570bf05000a4a38365cc5f gallery2-siriux-2.2.4-1.fc7.noarch.rpm 54d9174ad8c8c75ff76eb17e8dd537a91bf8590e gallery2-digibug-2.2.4-1.fc7.noarch.rpm efeb459cf2bd55ca0c42351484a40720b9e77c5a gallery2-shutterfly-2.2.4-1.fc7.noarch.rpm 9d9fd66b8ab6971804d44de49ba9aff73089c965 gallery2-migrate-2.2.4-1.fc7.noarch.rpm 9c2f7b8c0394403dcbbfe7c00677464e7d894abe gallery2-zipcart-2.2.4-1.fc7.noarch.rpm d80d2257f12775a8e369b359e891895098879663 gallery2-debug-2.2.4-1.fc7.noarch.rpm 1bc08f69932f298324229acd1a18ee7dbb931c15 gallery2-thumbpage-2.2.4-1.fc7.noarch.rpm d3a965810629ac02eded01bb6facadae5b89c8ac gallery2-imageframe-2.2.4-1.fc7.noarch.rpm 82b5d959868bf1845fe7993efca18d84831c479b gallery2-matrix-2.2.4-1.fc7.noarch.rpm 534dd17d868581184ab3cd36111da53ddc73c162 gallery2-gd-2.2.4-1.fc7.noarch.rpm ee6e8d9d36d9a6da2882f1db5132c8e672578e8e gallery2-slideshow-2.2.4-1.fc7.noarch.rpm f667ed51bb6e636c7bcefa472bfcc2446c4d22e9 gallery2-search-2.2.4-1.fc7.noarch.rpm eaffc7dbe948825e6e43181081b7ce74afe7ef0f gallery2-quotas-2.2.4-1.fc7.noarch.rpm df4c5e5aa99c47a1a4090c1548ea27a26eec7be0 gallery2-publishxp-2.2.4-1.fc7.noarch.rpm 42be146390d3a47345819295d8ed735c08846774 gallery2-comment-2.2.4-1.fc7.noarch.rpm a60780c32b3d58644e6262573f7e37c7cbfbedab gallery2-dcraw-2.2.4-1.fc7.noarch.rpm bdd1d4e0071eaa79c925c983de04e670ce7f9377 gallery2-register-2.2.4-1.fc7.noarch.rpm f17027a180afe6eff9970b51db2d229621d9d627 gallery2-remote-2.2.4-1.fc7.noarch.rpm 922dfa058f54c3808239dc5ccafe7fb3e334b5c2 gallery2-mime-2.2.4-1.fc7.noarch.rpm 978a44449617b7e8172d06dfa6fd3dcab8bc77e0 gallery2-ecard-2.2.4-1.fc7.noarch.rpm 38794b03b74e250f9bf73f747b77630b93b697e4 gallery2-password-2.2.4-1.fc7.noarch.rpm 32afd163324f00523a92968957ee9663a1e0137e gallery2-sizelimit-2.2.4-1.fc7.noarch.rpm 887a8476439cdbd46431f76559dd8a5cfd66cb00 gallery2-rewrite-2.2.4-1.fc7.noarch.rpm 7c0348bfd4c0fd41e107c67515920f0c695f17a3 gallery2-permalinks-2.2.4-1.fc7.noarch.rpm df8df84e09e082383860de866cda0f277fa06910 gallery2-randomhighlight-2.2.4-1.fc7.noarch.rpm c0634f6957319537fee698650cb86e2ec11e2028 gallery2-useralbum-2.2.4-1.fc7.noarch.rpm 9ff7cf37aea7f71a1ed5732a7b31c3d1e2418187 gallery2-floatrix-2.2.4-1.fc7.noarch.rpm a228c3bb528ee194663ebddff9488f79c603893a gallery2-itemadd-2.2.4-1.fc7.noarch.rpm 9ef4dbb35588fa502695f25687e453e6cbedd940 gallery2-rating-2.2.4-1.fc7.noarch.rpm 5363166a47cc0c59b245fe499a0cbbe62cb2cccb gallery2-netpbm-2.2.4-1.fc7.noarch.rpm 509598ba01ac6bd1fd2561547accca61f9049c24 gallery2-customfield-2.2.4-1.fc7.noarch.rpm 6b1c9b613804bc9ca74ae5276fb26c0cc2a34337 gallery2-mp3audio-2.2.4-1.fc7.noarch.rpm 6483d0bba835671915ba73894a629fbb24233a24 gallery2-picasa-2.2.4-1.fc7.noarch.rpm a73baa88b60aa94bb2192ec056c1004929ae6406 gallery2-fotokasten-2.2.4-1.fc7.noarch.rpm edd10ade63ff9bd739ff3dfcb3c72dc85341520c gallery2-classic-2.2.4-1.fc7.noarch.rpm 325f5501c5a3c8a2a2e5c23c2b2403aee9a915c2 gallery2-2.2.4-1.fc7.noarch.rpm 78ad46c603d03970f5b4e2e074e07806982ff5a7 gallery2-dynamicalbum-2.2.4-1.fc7.noarch.rpm 6c4b46881c19dc25c35b2e84ad86d4509c7b6e25 gallery2-tile-2.2.4-1.fc7.noarch.rpm 9a23bade788d751566cdeb41aced929699247c62 gallery2-nokiaupload-2.2.4-1.fc7.noarch.rpm 54a4291783269f1b40d316b47450958681b9b71a gallery2-archiveupload-2.2.4-1.fc7.noarch.rpm 7214ea366599f9482b4ef60d1e857b00b5de31cb gallery2-slideshowapplet-2.2.4-1.fc7.noarch.rpm d8098cd1e68c724d02c817c0a0a665b979fe59c4 gallery2-thumbnail-2.2.4-1.fc7.noarch.rpm c9652c7930884b702a8b4c71dcc087c36bd70563 gallery2-multilang-2.2.4-1.fc7.noarch.rpm 9acabfd47019b36717fa9ee117faa46535ac10aa gallery2-photoaccess-2.2.4-1.fc7.noarch.rpm c5a2a304c1b48d6e5ab5dffa124e2f6663602e26 gallery2-members-2.2.4-1.fc7.noarch.rpm edf5be57ab09a950b94f66c705ec9c93ac8d3317 gallery2-slider-2.2.4-1.fc7.noarch.rpm 48a4f6a915c76dfd1fbaf987ce469bb0e421ea72 gallery2-watermark-2.2.4-1.fc7.noarch.rpm 9089cabb33b8b6241cc393883439bb0af5a61d4d gallery2-cart-2.2.4-1.fc7.noarch.rpm 5230ee706c9e9500d4acdcb7cf7df9827cbaabb4 gallery2-sitemap-2.2.4-1.fc7.noarch.rpm d023efa13db5f3242da6d0d6cb2b004b7190022e gallery2-colorpack-2.2.4-1.fc7.noarch.rpm d996facbe3f64b7de7b794a1b9458a6e039edd27 gallery2-imagemagick-2.2.4-1.fc7.noarch.rpm 97cc1941349133abf41e224a4bc7ea564dcf06ae gallery2-icons-2.2.4-1.fc7.noarch.rpm 4544e4bd162e23b3e4b9612d5be6e022026dcb6a gallery2-flashvideo-2.2.4-1.fc7.noarch.rpm 78f285feba53bc4b0d2769083a0bda297351309b gallery2-rearrange-2.2.4-1.fc7.noarch.rpm 1ba99b2d17acbc200508fe0e1dcaf2696e5fd202 gallery2-rss-2.2.4-1.fc7.noarch.rpm fc2f523526ca2295a70d6899611bc213bf8fb0b2 gallery2-linkitem-2.2.4-1.fc7.noarch.rpm 17e4344b95f1e55d5081b2bad537d4d5546c0fc2 gallery2-hidden-2.2.4-1.fc7.noarch.rpm 9d8e6c90be61a141c1d226ed3df89c261629e5de gallery2-panorama-2.2.4-1.fc7.noarch.rpm f860b6471f79494a44441092b0b910f56102d23f gallery2-albumselect-2.2.4-1.fc7.noarch.rpm 8ff0c4ca440ba03172118a55fd6ddcd43ab05852 gallery2-squarethumb-2.2.4-1.fc7.noarch.rpm 9dd41f918212545af00ecce8ea056a7fbf4a386b gallery2-httpauth-2.2.4-1.fc7.noarch.rpm 56cc50db4a0ebc0ee8fa88c3b0cfec367281ef44 gallery2-ajaxian-2.2.4-1.fc7.noarch.rpm 60fae5ccf668bd7e02c2a85d2680dbe5ee22ff5f gallery2-imageblock-2.2.4-1.fc7.noarch.rpm 96a9a191f870dbc6ed356081760f1cfd2b5e0a2c gallery2-ffmpeg-2.2.4-1.fc7.noarch.rpm 8646c95b471644a07510e9a059e30d7db79eba32 gallery2-2.2.4-1.fc7.src.rpm
This update can be installed with the "yum" update program. Use su -c 'yum update gallery2' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. --------------------------------------------------------------------------------