|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[VulnWatch] Gallery v1.3x, v1.4.1x Remote Exploit
exocet
exocet-industries.cx
Date: Tue Feb 17 2004 - 12:50:00 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gallery v1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.4-pl1, 1.4, 1.4-pl1, 1.4-pl2
and 1.4.1 have a remote exploit security flaw. Debian has already
released an update for Gallery (to v1.4.2) but since a lot of people
use Gallery and may not necessarily use Debian, I thought people on
Vulnwatch might want to know.
More info on the exploit available here:
http://gallery.menalto.com/modules.php?op=modload&name=News&file=artic
le&sid=107&mode=thread&order=0&thold=0
The exploit has been known about since (approx) Jan 24th of this
year. A patch was quickly posted and, on the 12th of Feb v1.4.2 was
released.
The developers of Gallery estimate approximately 100k installs of
Gallery worldwide.
- --
Sent via Outlook 2002
...By way of Deepthought: Debian GNU/Linux 2.4.23 Openwall OW1
The PGP signature verifies that I, not an imposter, sent this email.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBQDJh/hrkhezi/gXoEQK9RwCgseQr/75Kl9nTF6Qt/K+FUs2e4T0An3K9
rT6XWxi48wlIVoUGCwvazk4b
=P5k/
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]