[ GLSA 200811-02 ] Gallery: Multiple vulnerabilities

[Tobias Heinlein <keytoaster () gentoo org>]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200811-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Gallery: Multiple vulnerabilities
      Date: November 09, 2008
      Bugs: #234137, #238113
        ID: 200811-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in Gallery may lead to execution of arbitrary
code, disclosure of local files or theft of user's credentials.

Background
==========

Gallery is an open source web based photo album organizer.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  www-apps/gallery       < 2.2.6                           >= 2.2.6
                                                             *>= 1.5.9

Description
===========

Multiple vulnerabilities have been discovered in Gallery 1 and 2:

* Digital Security Research Group reported a directory traversal
  vulnerability in contrib/phpBB2/modules.php in Gallery 1, when
  register_globals is enabled (CVE-2008-3600).

* Hanno Boeck reported that Gallery 1 and 2 did not set the secure
  flag for the session cookie in an HTTPS session (CVE-2008-3662).

* Alex Ustinov reported that Gallery 1 and 2 does not properly handle
  ZIP archives containing symbolic links (CVE-2008-4129).

* The vendor reported a Cross-Site Scripting vulnerability in Gallery
  2 (CVE-2008-4130).

Impact
======

Remote attackers could send specially crafted requests to a server
running Gallery, allowing for the execution of arbitrary code when
register_globals is enabled, or read arbitrary files via directory
traversals otherwise. Attackers could also entice users to visit
crafted links allowing for theft of login credentials.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Gallery 2 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6"

All Gallery 1 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9"

References
==========

  [ 1 ] CVE-2008-3600
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3600
  [ 2 ] CVE-2008-3662
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662
  [ 3 ] CVE-2008-4129
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129
  [ 4 ] CVE-2008-4130
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200811-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Attachment: signature.asc
Description: OpenPGP digital signature