[SECURITY] Fedora 8 Update: gallery2-2.2.4-1.fc8

updates at fedoraproject.org updates at fedoraproject.org
Wed Dec 26 02:15:23 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4778
2007-12-26 00:47:02
--------------------------------------------------------------------------------

Name        : gallery2
Product     : Fedora 8
Version     : 2.2.4
Release     : 1.fc8
URL         : http://gallery.menalto.com
Summary     : Customizable photo gallery web site
Description :
The base Gallery 2 installation - the equivalent of upstream's -minimal
package.  This package requires a database to be operational.  Acceptable
database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x,
PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server.  All given
package versions are minimums, greater package versions are acceptable.

--------------------------------------------------------------------------------
Update Information:

Gallery 2.2.4 addresses the following security vulnerabilities:

 * Publish XP module - Fixed unauthorized album creation and file uploads.
 * URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink protection.
 * Core / add-item modules - Fixed Cross Site Scripting (XSS) vulnerabilities through malicious file names.
 * Installation (Gallery application) - Update web-accessibility protection of the storage folder for Apache 2.2.
 * Core (Gallery application) / MIME module - Fixed vulnerability in checks for disallowed file extensions in file uploads.
 * Gallery Remote module - Added missing permissions checks for some GR commands.
 * WebDAV module - Fixed Cross Site Scripting (XSS) vulnerability through HTTP PROPPATCH.
 * WebDAV module - Fixed information (item data) disclosure in a WebDAV view.
 * WebDAV module - Bug fix for directory listing issue (not security related).
 * Comment module - Fixed information (item data) disclosure in comment views.
 * Core module (Gallery application) - Improved resilience against item information disclosure attacks.
 * Slideshow module - Fixed information (item data) disclosure in the slideshow.
 * Print modules - Fixed information (item data) disclosure in several print modules.
 * Core / print modules - Fixed arbitrary URL redirection (phishing attacks) in the core module and several print modules.
 * WebCam module - Fixed proxied request weakness.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 24 2007 Lubomir Kundrak <lkundrak at redhat.com> 2.2.4-1
- A christmas present -- critical security update to 2.2.4
--------------------------------------------------------------------------------
Updated packages:

c5938d37eb3a782ed6464c51a9fa4c03e34bdb42 gallery2-tile-2.2.4-1.fc8.noarch.rpm
5d5da09559f218759e124092a008f20e99f848b9 gallery2-slider-2.2.4-1.fc8.noarch.rpm
688eae495648132ecac745a04d9c9f509ad4d53c gallery2-siriux-2.2.4-1.fc8.noarch.rpm
ffb39961228b36eadf6c07758213180e7adf80e7 gallery2-matrix-2.2.4-1.fc8.noarch.rpm
bc33214ce3f2dc4ad9de570d2d0dc5f67327eb89 gallery2-hybrid-2.2.4-1.fc8.noarch.rpm
7f824793e8049c44866bb1dc0046e62463a4151c gallery2-floatrix-2.2.4-1.fc8.noarch.rpm
36cb79c5b8c293835d9f1b6ce053834bb47e82cf gallery2-classic-2.2.4-1.fc8.noarch.rpm
a3518c1f1882965695b4498c9ae1110ec25aeedf gallery2-carbon-2.2.4-1.fc8.noarch.rpm
034d77d7fb1d2499f79906d0c8da115eff117c03 gallery2-ajaxian-2.2.4-1.fc8.noarch.rpm
8ae09a40f2c0bb906bd7c72734dc8bf7e3f65fde gallery2-zipcart-2.2.4-1.fc8.noarch.rpm
76cb6114f665e3e2f17aee844b68ae635a689834 gallery2-webdav-2.2.4-1.fc8.noarch.rpm
db424b3a0ba75f4f63e3f7cb032637d96a1e5ccc gallery2-webcam-2.2.4-1.fc8.noarch.rpm
45e5c4768a8eaa552f0d28b22694dadaeb9eacf4 gallery2-watermark-2.2.4-1.fc8.noarch.rpm
ac643b8c4f66a0d2f1ddd3e2d6b91b9e698abdd5 gallery2-useralbum-2.2.4-1.fc8.noarch.rpm
079af7652cbf7e992d9376667fa6a06f0b44f54c gallery2-uploadapplet-2.2.4-1.fc8.noarch.rpm
d98bc09d0d839b062dead1bb53cf37b5694eaf39 gallery2-thumbpage-2.2.4-1.fc8.noarch.rpm
a0ce706bfdc3c63b189921f0d452c70b9b72299c gallery2-thumbnail-2.2.4-1.fc8.noarch.rpm
83273fc9bddd8b8e946b96276ea0c498389f906f gallery2-squarethumb-2.2.4-1.fc8.noarch.rpm
b20c6cdcb1b63e9630c705f1a03795f9222e9550 gallery2-slideshowapplet-2.2.4-1.fc8.noarch.rpm
2c454b2f8505b8bb6645d13eb18d43164ed1ec5c gallery2-slideshow-2.2.4-1.fc8.noarch.rpm
ae102f8d34378f0bf309b2325da5138e1ebed565 gallery2-sizelimit-2.2.4-1.fc8.noarch.rpm
662a3cacf0c8f3cb297359bebc0ea0cfd02bd983 gallery2-sitemap-2.2.4-1.fc8.noarch.rpm
0bcf155a7d077997b37a7e8c3102f200dc9c048b gallery2-shutterfly-2.2.4-1.fc8.noarch.rpm
0f1e669d9a4af05bd0e10bb06c5b5c803fc48afc gallery2-search-2.2.4-1.fc8.noarch.rpm
d39547201ad2de7db67ca2c4dc960e42f60bad9a gallery2-rss-2.2.4-1.fc8.noarch.rpm
14508baff7fff55c099f195f1de84a3e6821869f gallery2-rewrite-2.2.4-1.fc8.noarch.rpm
a6eed7dbc0a477b2ba88e7903938616fbac95a0c gallery2-reupload-2.2.4-1.fc8.noarch.rpm
6ec5ddb29c25f55622e844e074519cfae180bb49 gallery2-replica-2.2.4-1.fc8.noarch.rpm
7244776d9c653ac63217e4d0441fa441bbc08aa2 gallery2-remote-2.2.4-1.fc8.noarch.rpm
274f7c1edddc23bdc4df480b24c5a02e5b469ad7 gallery2-register-2.2.4-1.fc8.noarch.rpm
5cbe8ca4aa708020c52d598be77979ec40433e7f gallery2-rearrange-2.2.4-1.fc8.noarch.rpm
5bca5e6d08ebbed93bb1329fc555662ac6fa8341 gallery2-randomhighlight-2.2.4-1.fc8.noarch.rpm
f86109f56f7ee4b38b54b9a2b75837023f41e074 gallery2-rating-2.2.4-1.fc8.noarch.rpm
87a2e5c1c00e0201c1b17624e8d2bb8448b87334 gallery2-quotas-2.2.4-1.fc8.noarch.rpm
1aaff26cc3a560011fe998d66e0df5ebca1e4f08 gallery2-publishxp-2.2.4-1.fc8.noarch.rpm
aaf70d67b530d5126c86a4063926b35893e02e12 gallery2-picasa-2.2.4-1.fc8.noarch.rpm
401bf028968d7ec5a572fe949a83727dcf5b19bc gallery2-photoaccess-2.2.4-1.fc8.noarch.rpm
7718dc7a7f90cdc97f7bee57a4b5dd4837cb84ad gallery2-permalinks-2.2.4-1.fc8.noarch.rpm
5e646cc5201e6e66abb2169722f1a9af2b7dd1bb gallery2-password-2.2.4-1.fc8.noarch.rpm
c472ebd5d7538c31c01d40259634d633b8367ebb gallery2-panorama-2.2.4-1.fc8.noarch.rpm
cc59e9d83948a0b5508bfcf99cb7e25177a7d6a1 gallery2-nokiaupload-2.2.4-1.fc8.noarch.rpm
3639fe07b4b3a4f07ddbe41cfe3b4b18763cec93 gallery2-newitems-2.2.4-1.fc8.noarch.rpm
cea1ae5e29946939663f9b8d32444de5e4c8fc65 gallery2-netpbm-2.2.4-1.fc8.noarch.rpm
11b978d7540c31de8d9190fd0f7ae9aa7ef9dc7c gallery2-multiroot-2.2.4-1.fc8.noarch.rpm
2a778a17c1999a074abfc40b618d7ef9edf178c4 gallery2-multilang-2.2.4-1.fc8.noarch.rpm
b0256f4b688c0cd4f992d0e05686be0b73225fcc gallery2-mp3audio-2.2.4-1.fc8.noarch.rpm
287a4d973d007cd84ab16cbcc978a201ba6307f7 gallery2-mime-2.2.4-1.fc8.noarch.rpm
4425b34c1a7c1b46bf1b1ba8a7555887ffa154a3 gallery2-migrate-2.2.4-1.fc8.noarch.rpm
31d362d95bb5ed271558eab596f6b9aedde86cae gallery2-members-2.2.4-1.fc8.noarch.rpm
b8d496e946ed9c865c5b1daeb0e668b702bbb8ad gallery2-linkitem-2.2.4-1.fc8.noarch.rpm
b0c6fe411f831bc695e3c8d6363b938fee6f9019 gallery2-keyalbum-2.2.4-1.fc8.noarch.rpm
50b2d3130594a225f54512287d55f5521e13156b gallery2-itemadd-2.2.4-1.fc8.noarch.rpm
b7cde1ffe074b5709a72e6d48e2c994546c6708d gallery2-imagemagick-2.2.4-1.fc8.noarch.rpm
2dbef1917d6642085283651fbd05909c31033aa8 gallery2-imageframe-2.2.4-1.fc8.noarch.rpm
f8436b510819caaeb6323d081b2f808ebcb761c5 gallery2-imageblock-2.2.4-1.fc8.noarch.rpm
1b3b6f18a4a5ea9a97e33a3af5624811d5555720 gallery2-icons-2.2.4-1.fc8.noarch.rpm
efb844695a669a87fcce3e04429b6e293f4ec843 gallery2-httpauth-2.2.4-1.fc8.noarch.rpm
2ee723bbdcaa66ab107e492a0e8a53821fbe9ea5 gallery2-hidden-2.2.4-1.fc8.noarch.rpm
5a150f4ef33fe2d724b38186760dc6fc46b7d37c gallery2-getid3-2.2.4-1.fc8.noarch.rpm
a2bf903b07471952f5f5e1a733b9031871ae1f69 gallery2-gd-2.2.4-1.fc8.noarch.rpm
340750a15bacb76ff466219f79da10cd353b9258 gallery2-fotokasten-2.2.4-1.fc8.noarch.rpm
fd9e3553f6761557877e165405367051f61b6bb8 gallery2-flashvideo-2.2.4-1.fc8.noarch.rpm
afd999b41679dcab37b67ae09bc36d23120c904f gallery2-ffmpeg-2.2.4-1.fc8.noarch.rpm
c35a5420ccdde62eab648d7fe93ffedae332f829 gallery2-exif-2.2.4-1.fc8.noarch.rpm
a330bc01557664c45ca5579795b87892fc824973 gallery2-ecard-2.2.4-1.fc8.noarch.rpm
a16089c576e08c5cf771463ed320180d1ed5507a gallery2-dynamicalbum-2.2.4-1.fc8.noarch.rpm
68a658282959bf6cf6ff6f82fc9c0eaf68c1c209 gallery2-digibug-2.2.4-1.fc8.noarch.rpm
ec39633ff31549b89e7f968ce3ffbda81f3222d8 gallery2-debug-2.2.4-1.fc8.noarch.rpm
2c9b61cbd94dc7b2485898ad86d6fd6eed42b3df gallery2-dcraw-2.2.4-1.fc8.noarch.rpm
ab8284e098bf807146369947c72ddb312dd3cf2c gallery2-customfield-2.2.4-1.fc8.noarch.rpm
ba23f6305edce5e2608d8382191462ae76315875 gallery2-comment-2.2.4-1.fc8.noarch.rpm
c388bf2469d15031c6b58529285316fb600666d8 gallery2-colorpack-2.2.4-1.fc8.noarch.rpm
34a8be54a2a9bb2a1e210d00ec447ead4c99971c gallery2-cart-2.2.4-1.fc8.noarch.rpm
f4c453be251a4a54f76eb8ddafb92f021e52a114 gallery2-captcha-2.2.4-1.fc8.noarch.rpm
deadd324c56f7bfef307650f48372458992a787c gallery2-archiveupload-2.2.4-1.fc8.noarch.rpm
8a2dee20cb1a61bff1d0ccb02f7f610c4a7bd546 gallery2-albumselect-2.2.4-1.fc8.noarch.rpm
0bdebba69c2f33e130416b7caec3fdb7c42423da gallery2-2.2.4-1.fc8.noarch.rpm
9f830f3cdd0cb837eb02c59cf48e777481e9fab9 gallery2-2.2.4-1.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gallery2' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list