Gallery v1.3x, v1.4.1x Remote Exploit

[exocet () exocet-industries cx]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gallery v1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.4-pl1, 1.4, 1.4-pl1, 1.4-pl2
and 1.4.1 have a remote exploit security flaw.  Debian has already
released an update for Gallery (to v1.4.2) but since a lot of people
use Gallery and may not necessarily use Debian, I thought people on
Vulnwatch might want to know.

More info on the exploit available here:
http://gallery.menalto.com/modules.php?op=modload&name=News&file=artic
le&sid=107&mode=thread&order=0&thold=0

The exploit has been known about since (approx) Jan 24th of this
year.  A patch was quickly posted and, on the 12th of Feb v1.4.2 was
released.

The developers of Gallery estimate approximately 100k installs of
Gallery worldwide.


- --
Sent via Outlook 2002
...By way of Deepthought: Debian GNU/Linux 2.4.23 Openwall OW1
The PGP signature verifies that I, not an imposter, sent this email.


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBQDJh/hrkhezi/gXoEQK9RwCgseQr/75Kl9nTF6Qt/K+FUs2e4T0An3K9
rT6XWxi48wlIVoUGCwvazk4b
=P5k/
-----END PGP SIGNATURE-----