Vulnwatch mailing list archives
Gallery v1.3x, v1.4.1x Remote Exploit
From: exocet () exocet-industries cx
Date: Tue, 17 Feb 2004 10:50:00 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gallery v1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.4-pl1, 1.4, 1.4-pl1, 1.4-pl2 and 1.4.1 have a remote exploit security flaw. Debian has already released an update for Gallery (to v1.4.2) but since a lot of people use Gallery and may not necessarily use Debian, I thought people on Vulnwatch might want to know. More info on the exploit available here: http://gallery.menalto.com/modules.php?op=modload&name=News&file=artic le&sid=107&mode=thread&order=0&thold=0 The exploit has been known about since (approx) Jan 24th of this year. A patch was quickly posted and, on the 12th of Feb v1.4.2 was released. The developers of Gallery estimate approximately 100k installs of Gallery worldwide. - -- Sent via Outlook 2002 ...By way of Deepthought: Debian GNU/Linux 2.4.23 Openwall OW1 The PGP signature verifies that I, not an imposter, sent this email. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBQDJh/hrkhezi/gXoEQK9RwCgseQr/75Kl9nTF6Qt/K+FUs2e4T0An3K9 rT6XWxi48wlIVoUGCwvazk4b =P5k/ -----END PGP SIGNATURE-----
Current thread:
- Gallery v1.3x, v1.4.1x Remote Exploit exocet (Feb 17)