Security vulnerability in Gallery [FIXED in v1.2.3-cvs-b8]
Submitted by bharat on Wed, 2001-11-21 09:19
Over the weekend, I was made aware of a security hole in Gallery that can allow malicious users to read files on your system by hand crafting a URL. This means that if a hacker has the ability to upload a text file to your box, they can then use this exploit to execute the code (as the webserver user).You can find more information about the bug here
I've fixed this bug in version 1.2.3-cvs-b8. I'll be releasing v1.2.3 shortly (tonight or tomorrow) but if you want to close this hole immediately, you can download a version from Jesse Mullan's updates page here.
At the time of this writing, I recommend that you download and install "gallery.current.1.2.3-cvs-b9.tar.gz". This is a release candidate and I believe that it is stable code.
Relevant notes from the UPGRADING document:
I've fixed this bug in version 1.2.3-cvs-b8. I'll be releasing v1.2.3 shortly (tonight or tomorrow) but if you want to close this hole immediately, you can download a version from Jesse Mullan's updates page here.
At the time of this writing, I recommend that you download and install "gallery.current.1.2.3-cvs-b9.tar.gz". This is a release candidate and I believe that it is stable code.
Relevant notes from the UPGRADING document:
6. NOTES ON UPGRADING TO V1.2.3
Due to a security fix, you now have to modify index.php if you want
to use the Gallery random photo block for Nuke. After upgrading, if
you're using this block, instead of seeing the actual photo you'll
now see a message like this:
Security error! The file you tried to include
is not on the approved file list. To include
this file you must edit Gallery's index.php
and add XXX to the $safe_to_include array
except that instead of XXX above it will specify the file that you're
trying to include. You'll need to edit index.php and add this file
to the list of _approved_ files that can be included. There are
instructions in index.php for doing this.