[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1148-1] New gallery packages fix several vulnerabilities

After getting this DSA I made an upgrade of my sarge server as usally:

apt-get update
apt-get upgrade

In the postinst. process I choose to restart the apache2 server to take
effect of the changes, but something went wrong.

root     20343  0.0  0.0     0    0 pts/0    Z+   08:14   0:00
[gallery.postins] <defunct>

after waiting for 4 minutes in front of "Forcing reload of web server:
Apache2." I killed with ctrl-c
and run again apt-get update this time I choose no at the
apache-restart-question and it concluded successfully.
A "manually" restart with "/etc/init.d/apache2 restart" worked fine.

Christoph Auer <c_a@gmx.net>
GnuPG Key ID: 1082227A
Encrypted e-mail preferred.
Powered by Debian GNU/Linux

Moritz Muehlenhoff wrote:
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 1148-1                    security@debian.org
> http://www.debian.org/security/                         Moritz Muehlenhoff
> August 9th, 2006                        http://www.debian.org/security/faq
> --------------------------------------------------------------------------
> Package        : gallery
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CVE-2005-2734 CVE-2006-0330 CVE-2006-4030
> Debian Bug     : 325285
> Several remote vulnerabilities have been discovered in gallery, a web-based
> photo album. The Common Vulnerabilities and Exposures project identifies
> the following problems:
> CVE-2005-2734
>     A cross-site scripting vulnerability allows injection of web script
>     code through HTML or EXIF information.
> CVE-2006-0330
>     A cross-site scripting vulnerability in the user registration allows
>     injection of web script code.
> CVE-2006-4030
>     Missing input sanitising in the stats modules allows information
>     disclosure.
> For the stable distribution (sarge) these problems have been fixed in
> version 1.5-1sarge2.
> For the unstable distribution (sid) these problems have been fixed in
> version 1.5-2.
> We recommend that you upgrade your gallery package.

Reply to: