admin
01-31-2005, 05:54 PM
GALLERY
http://gallery.menalto.com (http://www.vbulletin.com/)
January 26th, 2005 Several days ago, Rafel Ivgi informed us of a possible cross site scripting (definition (http://en.wikipedia.org/wiki/Cross_site_scripting)) problem in current versions of Gallery. The problem and some similar problems discovered by our team has been addressed in Gallery 2 CVS as well as in this release of 1.4.4-pl5.
As with most other cross site scripting problems, No risk is posed to the webserver itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.
In addition to the security fix, Gallery 1.4.4-pl5 uses the proper parameters for new versions of ImageMagick and fixes some small issues with PHP 5.
All Gallery users are strongly urged to upgrade to 1.4.4-pl5 immediately, which fixes this problem and will secure your system.
Gallery 1.4.4-pl5 can be downloaded from the Gallery Download Page (http://sourceforge.net/project/showfiles.php?group_id=7130).
http://gallery.menalto.com (http://www.vbulletin.com/)
January 26th, 2005 Several days ago, Rafel Ivgi informed us of a possible cross site scripting (definition (http://en.wikipedia.org/wiki/Cross_site_scripting)) problem in current versions of Gallery. The problem and some similar problems discovered by our team has been addressed in Gallery 2 CVS as well as in this release of 1.4.4-pl5.
As with most other cross site scripting problems, No risk is posed to the webserver itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.
In addition to the security fix, Gallery 1.4.4-pl5 uses the proper parameters for new versions of ImageMagick and fixes some small issues with PHP 5.
All Gallery users are strongly urged to upgrade to 1.4.4-pl5 immediately, which fixes this problem and will secure your system.
Gallery 1.4.4-pl5 can be downloaded from the Gallery Download Page (http://sourceforge.net/project/showfiles.php?group_id=7130).