Bug 451107 (CVE-2008-2720)
| Summary: | gallery2: multiple security fixes in 2.2.5 (CVE-2008-2720, CVE-2008-2721, CVE-2008-2722, CVE-2008-2723, CVE-2008-2724) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | john |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 2.2.5-1.fc8 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-06-20 19:17:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Tomas Hoger
2008-06-12 19:42:16 UTC
embed.php problem is not an issue for Fedora, as installation folder can be "guessed" from the RPMs anyway... John, may I also ask about CVE-2008-1066 / bug bug #435810? According to changelog, embedded smarty was removed in 2.2.4-3: http://cvs.fedoraproject.org/viewcvs/rpms/gallery2/devel/gallery2.spec?r1=1.14&r2=1.15 However, there still seems to be Smarty shipped in gallery2 packages. In spec, you do: rm -f gallery2/lib/Smarty , but the directory seems to be smarty, not Smarty. Debian bug report http://bugs.debian.org/471160 has similar proposed patch for the embedded smarty issue, removing the smarty directory and replacing it with symlink to system Smarty installation. The bug also suggests that gallery2 may not work well with system Smarty and that 2.2.5 has also a patch for the Smarty (which does not seem to be true, as smarty in 2.2 SVN branch was last modified 14 months ago). CVE ids assigned to these issues: CVE-2008-2720 Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL. CVE-2008-2721 Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. CVE-2008-2722 Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive. CVE-2008-2723 embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address." CVE-2008-2724 Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. building 2.2.5 upstream for F-8, F-9, -devel gallery2-2.2.5-1.fc8 has been submitted as an update for Fedora 8 gallery2-2.2.5-1.fc9 has been submitted as an update for Fedora 9 gallery2-2.2.5-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. gallery2-2.2.5-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-5479 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-5576 |