|
|
Gallery is freeware
We've spent thousands of hours developing and supporting it.
If you enjoy the product, please send in a donation to help support further development and webserver costs!
| |
We have 356 guests and 17 members online
You are an anonymous user. You can register for free by clicking here
| |
|
|
|
 |
|
|
Gallery 1.4.3-pl2 Security Release
Posted by: signe on Tuesday, June 01, 2004 - 04:01 PM
|
|
|
| |
Notice: The affects all versions of Gallery from 1.2 to this release:
We have discovered a well-hidden but potentially serious security flaw in these versions of Gallery which can allow a hacker to log in to your Gallery as an administrator and perform any actions on your albums. No risk is posed to the webserver-itself or any non-Gallery data. All Gallery users are very strongly urged to upgrade to 1.4.3-pl2 immediately, which fixes this serious problem and will secure your system.
Gallery 1.4.3-pl2 can be downloaded from the Gallery Download Page.
[10PM PDT] A patch version of the update has been made available on the downloads page. After downloading the patch, you can apply it by running this command on your (UNIX) server:
gzip -d gallery-1.4.3-pl1_to_pl2.patch.gz
patch -p0 < gallery-1.4.3-pl1_to_pl2.patch
Version 1.4.3-pl2-1 of the Debian gallery package was uploaded on Tuesday, June 1, 2004 and should be available in Debian unstable after the archive run completes in the afternoon (EST) of Wednesday, June 2, 2004.
Version 1.2.5-9woody1 of the Debian gallery package for Debian Stable (aka Woody) was sent to the Debian Security Team on Tuesday, June 1, 2004 and should be available in Debian stable shortly.
|
|
|
|
|
|
|
|
|
| |
|
| Gallery 1.4.3-pl2 Security Release | Login/Create an account | 9 Comments |
|
| | Comments are owned by the poster. We aren't responsible for their content. |
Re: Gallery 1.4.3-pl2 Security Release
(Score: 1)
by capnhairdo on Jun 01, 2004 - 05:38 PM
(User info | Send a message)
|
|
Is it just me, or is 1.4.3-pl2 missing the config.php file? I can't seem to find it in the ZIP file, which makes setting up Gallery somewhat difficult.
|
Re: Gallery 1.4.3-pl2 Security Release
(Score: 1)
by Collectonian on Jun 01, 2004 - 07:43 PM
(User info | Send a message)
http://eclectic-world.com
|
|
I'm rather disappointed with this release. It's marked as a security release, but instead it has MAJOR changes, including the addition of Java stuff. No mention of those major changes are made in the announcement at all...instead I found out after doing the upgrade on both of my gallery installations.
|
Re: Gallery 1.4.3-pl2 Security Release
(Score: 1)
by dragonboat on Jun 01, 2004 - 10:24 PM
(User info | Send a message)
http://http://
|
No metadata is included in the gallery main page. i.e. no chartset data. Album pages are fine.
Is this an expected feature?
|
Re: Gallery 1.4.3-pl2 Security Release
(Score: 1)
by itcheg on Jun 02, 2004 - 12:45 AM
(User info | Send a message)
|
Can anyone tell me how to aply the patch with ws_FTP
Thanks in advance
|
Re: Gallery 1.4.3-pl2 Security Release
(Score: 1)
by valiant on Jun 02, 2004 - 12:56 AM
(User info | Send a message)
http://www.nei.ch
|
Does this security hole also affect prior versions?
Could you post phpbb-style manual mod for this security fix?
"open file x, line y after blabla insert blabla,
line z, replace blabla by blabla"
it's just that i don't wanna learn reading patch files :)
|
|
|
|
