Fedora 7 : gallery2-2.2.4-1.fc7 (2007-4777)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Gallery 2.2.4 addresses the following security vulnerabilities :

- Publish XP module - Fixed unauthorized album creation
and file uploads.

- URL rewrite module - Fixed local file inclusion
vulnerability in unsecured admin controller and
information disclosure in hotlink protection.

- Core / add-item modules - Fixed Cross Site Scripting
(XSS) vulnerabilities through malicious file names.

- Installation (Gallery application) - Update
web-accessibility protection of the storage folder for
Apache 2.2.

- Core (Gallery application) / MIME module - Fixed
vulnerability in checks for disallowed file extensions
in file uploads.

- Gallery Remote module - Added missing permissions
checks for some GR commands.

- WebDAV module - Fixed Cross Site Scripting (XSS)
vulnerability through HTTP PROPPATCH.

- WebDAV module - Fixed information (item data)
disclosure in a WebDAV view.

- WebDAV module - Bug fix for directory listing issue
(not security related).

- Comment module - Fixed information (item data)
disclosure in comment views.

- Core module (Gallery application) - Improved
resilience against item information disclosure
attacks.

- Slideshow module - Fixed information (item data)
disclosure in the slideshow.

- Print modules - Fixed information (item data)
disclosure in several print modules.

- Core / print modules - Fixed arbitrary URL redirection
(phishing attacks) in the core module and several
print modules.

- WebCam module - Fixed proxied request weakness.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?9f00a532

Solution :

Update the affected packages.

Risk factor :

High

Family: Fedora Local Security Checks

Nessus Plugin ID: 29794 (fedora_2007-4777.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now