Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Wed Jan 26, 2005 8:09 pm Reply with quote

A security flaw was found in Menalto Gallery 1.4.4 pl-4.

Info link Only registered users can see links on this board! Get registered or login!

Menalto Gallery wrote:
Several days ago, Rafel Ivgi informed us of a possible cross site scripting (definition) problem in current versions of Gallery. The problem and some similar problems discovered by our team has been addressed in Gallery 2 CVS as well as in this release of 1.4.4-pl5.

As with most other cross site scripting problems, No risk is posed to the webserver itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.

In addition to the security fix, Gallery 1.4.4-pl5 uses the proper parameters for new versions of ImageMagick and fixes some small issues with PHP 5.

All Gallery users are strongly urged to upgrade to 1.4.4-pl5 immediately, which fixes this problem and will secure your system.

Gallery 1.4.4-pl5 can be downloaded from the Only registered users can see links on this board! Get registered or login!.


If you use Gallery, please update your software. I've upgraded Menalto before, and it literally only takes a few mins of your time.

PHrEEk
 
View user's profile Send private message
dean
Worker
Worker


Joined: Apr 14, 2004
Posts: 193

PostPosted: Thu Jan 27, 2005 11:13 am Reply with quote

Hmm, I just installed gallery last week, the version ported for nuke from nukedgallery.net. Nothing has been said at their site and am wondering, would I be wrong to use the download from the main site like you suggested?
 
View user's profile Send private message
PHrEEkie
PostPosted: Thu Jan 27, 2005 4:35 pm Reply with quote

I don't know what you mean by 'ported', as Menalto Gallery doesn't require a port. You download the filesystem, uncompress to {nuke_root}/modules/gallery and run the install. Upgrading is as simple as downloading the upgrade and overwriting your old filesystem. Version number is maintained in the filesystem, not the DB, so your version will reflect your current filesystem.

Does yours say 1.4.4-pl4 or 1.4.4-pl5?

If it's pl4, your software is vulnerable to the new XSS attack. Download the pl5 upgrade and follow the upgrade instructions.

PHrEEk
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©