Gallery 2.1 Release Candidate 2 a released - many new features

Posted on Sunday, March 19, 2006 @ 08:53:28 UTC in Security
by Raven

nukeevangelist writes:  
brandnew on gallery.menalto.com - new and enhanced gallery-modules for PHP-Nuke :: travel over and get your copy today!

actual releases: Gallery 2.0.4 :: Gallery 2.1 Release Candidate 2a :: Gallery 1.5.2-pl2 :: Gallery Remote 1.5

Gallery 2.0.4 release / 2.1-RC-2a [article]: "
Thanks once again to James Bercegay from GulfTech Security Research for tipping us off to a security vulnerability in Gallery 2.0.3 and the 2.1 release candidates. Your installation is only vulnerable if you have the register_globals PHP setting enabled. If you're vulnerable, an attacker can use this to execute a "local inclusion" exploit, or run code that's already on your server. This is especially dangerous if you allow upload privileges to users you don't trust, and your g2data directory is in a predictable location. We have released Gallery 2.0.4 and 2.1-RC-2a to fix this vulnerability, but it's also very easily patched by hand if you don't want to install a complete update. Read on for more details on how to quickly secure your Gallery install.
This vulnerability affects all versions of Gallery 2.x, but Gallery 1.x is not affected. If you're using Gallery 2.x we strongly recommend that you upgrade or secure your Gallery installation as soon as possible!
Please follow our upgrading instructions and download and install the latest release."


get more infos and read the fully covered story on our dev-site. get your copy today - download it from here. please share your infos with the community. Thanks for your continued support! Read on for more details about the newest galleries
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,639,768
  • Today: 7,070
Server InfoServer Info
  • Mar 29, 2024
  • 05:44 am UTC