Fedora 7 : gallery2-2.2.4-1.fc7 (2007-4777)

high Nessus Plugin ID 29794

Synopsis

The remote Fedora host is missing a security update.

Description

Gallery 2.2.4 addresses the following security vulnerabilities :

- Publish XP module - Fixed unauthorized album creation and file uploads.

- URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection.

- Core / add-item modules - Fixed Cross Site Scripting (XSS) vulnerabilities through malicious file names.

- Installation (Gallery application) - Update web-accessibility protection of the storage folder for Apache 2.2.

- Core (Gallery application) / MIME module - Fixed vulnerability in checks for disallowed file extensions in file uploads.

- Gallery Remote module - Added missing permissions checks for some GR commands.

- WebDAV module - Fixed Cross Site Scripting (XSS) vulnerability through HTTP PROPPATCH.

- WebDAV module - Fixed information (item data) disclosure in a WebDAV view.

- WebDAV module - Bug fix for directory listing issue (not security related).

- Comment module - Fixed information (item data) disclosure in comment views.

- Core module (Gallery application) - Improved resilience against item information disclosure attacks.

- Slideshow module - Fixed information (item data) disclosure in the slideshow.

- Print modules - Fixed information (item data) disclosure in several print modules.

- Core / print modules - Fixed arbitrary URL redirection (phishing attacks) in the core module and several print modules.

- WebCam module - Fixed proxied request weakness.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?9f00a532

Plugin Details

Severity: High

ID: 29794

File Name: fedora_2007-4777.nasl

Version: 1.12

Type: local

Agent: unix

Published: 12/26/2007

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:gallery2, p-cpe:/a:fedoraproject:fedora:gallery2-ajaxian, p-cpe:/a:fedoraproject:fedora:gallery2-albumselect, p-cpe:/a:fedoraproject:fedora:gallery2-archiveupload, p-cpe:/a:fedoraproject:fedora:gallery2-captcha, p-cpe:/a:fedoraproject:fedora:gallery2-carbon, p-cpe:/a:fedoraproject:fedora:gallery2-cart, p-cpe:/a:fedoraproject:fedora:gallery2-classic, p-cpe:/a:fedoraproject:fedora:gallery2-colorpack, p-cpe:/a:fedoraproject:fedora:gallery2-comment, p-cpe:/a:fedoraproject:fedora:gallery2-customfield, p-cpe:/a:fedoraproject:fedora:gallery2-dcraw, p-cpe:/a:fedoraproject:fedora:gallery2-debug, p-cpe:/a:fedoraproject:fedora:gallery2-digibug, p-cpe:/a:fedoraproject:fedora:gallery2-dynamicalbum, p-cpe:/a:fedoraproject:fedora:gallery2-ecard, p-cpe:/a:fedoraproject:fedora:gallery2-exif, p-cpe:/a:fedoraproject:fedora:gallery2-ffmpeg, p-cpe:/a:fedoraproject:fedora:gallery2-flashvideo, p-cpe:/a:fedoraproject:fedora:gallery2-floatrix, p-cpe:/a:fedoraproject:fedora:gallery2-fotokasten, p-cpe:/a:fedoraproject:fedora:gallery2-gd, p-cpe:/a:fedoraproject:fedora:gallery2-getid3, p-cpe:/a:fedoraproject:fedora:gallery2-hidden, p-cpe:/a:fedoraproject:fedora:gallery2-httpauth, p-cpe:/a:fedoraproject:fedora:gallery2-hybrid, p-cpe:/a:fedoraproject:fedora:gallery2-icons, p-cpe:/a:fedoraproject:fedora:gallery2-imageblock, p-cpe:/a:fedoraproject:fedora:gallery2-imageframe, p-cpe:/a:fedoraproject:fedora:gallery2-imagemagick, p-cpe:/a:fedoraproject:fedora:gallery2-itemadd, p-cpe:/a:fedoraproject:fedora:gallery2-keyalbum, p-cpe:/a:fedoraproject:fedora:gallery2-linkitem, p-cpe:/a:fedoraproject:fedora:gallery2-matrix, p-cpe:/a:fedoraproject:fedora:gallery2-members, p-cpe:/a:fedoraproject:fedora:gallery2-migrate, p-cpe:/a:fedoraproject:fedora:gallery2-mime, p-cpe:/a:fedoraproject:fedora:gallery2-mp3audio, p-cpe:/a:fedoraproject:fedora:gallery2-multilang, p-cpe:/a:fedoraproject:fedora:gallery2-multiroot, p-cpe:/a:fedoraproject:fedora:gallery2-netpbm, p-cpe:/a:fedoraproject:fedora:gallery2-newitems, p-cpe:/a:fedoraproject:fedora:gallery2-nokiaupload, p-cpe:/a:fedoraproject:fedora:gallery2-panorama, p-cpe:/a:fedoraproject:fedora:gallery2-password, p-cpe:/a:fedoraproject:fedora:gallery2-permalinks, p-cpe:/a:fedoraproject:fedora:gallery2-photoaccess, p-cpe:/a:fedoraproject:fedora:gallery2-picasa, p-cpe:/a:fedoraproject:fedora:gallery2-publishxp, p-cpe:/a:fedoraproject:fedora:gallery2-quotas, p-cpe:/a:fedoraproject:fedora:gallery2-randomhighlight, p-cpe:/a:fedoraproject:fedora:gallery2-rating, p-cpe:/a:fedoraproject:fedora:gallery2-rearrange, p-cpe:/a:fedoraproject:fedora:gallery2-register, p-cpe:/a:fedoraproject:fedora:gallery2-remote, p-cpe:/a:fedoraproject:fedora:gallery2-replica, p-cpe:/a:fedoraproject:fedora:gallery2-reupload, p-cpe:/a:fedoraproject:fedora:gallery2-rewrite, p-cpe:/a:fedoraproject:fedora:gallery2-rss, p-cpe:/a:fedoraproject:fedora:gallery2-search, p-cpe:/a:fedoraproject:fedora:gallery2-shutterfly, p-cpe:/a:fedoraproject:fedora:gallery2-siriux, p-cpe:/a:fedoraproject:fedora:gallery2-sitemap, p-cpe:/a:fedoraproject:fedora:gallery2-sizelimit, p-cpe:/a:fedoraproject:fedora:gallery2-slider, p-cpe:/a:fedoraproject:fedora:gallery2-slideshow, p-cpe:/a:fedoraproject:fedora:gallery2-slideshowapplet, p-cpe:/a:fedoraproject:fedora:gallery2-squarethumb, p-cpe:/a:fedoraproject:fedora:gallery2-thumbnail, p-cpe:/a:fedoraproject:fedora:gallery2-thumbpage, p-cpe:/a:fedoraproject:fedora:gallery2-tile, p-cpe:/a:fedoraproject:fedora:gallery2-uploadapplet, p-cpe:/a:fedoraproject:fedora:gallery2-useralbum, p-cpe:/a:fedoraproject:fedora:gallery2-watermark, p-cpe:/a:fedoraproject:fedora:gallery2-webcam, p-cpe:/a:fedoraproject:fedora:gallery2-webdav, p-cpe:/a:fedoraproject:fedora:gallery2-zipcart, cpe:/o:fedoraproject:fedora:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 12/26/2007

Reference Information

FEDORA: 2007-4777