Gallery security patch

apps

#1

Get the patch from Menalto Gallery.

Doesn’t seem to be a nuke module version upgrade ready yet.
http://nukedgallery.net


Menalto Gallery wrote:

Several days ago, Rafel Ivgi informed us of a possible cross site scripting (definition) problem in current versions of Gallery. The problem and some similar problems discovered by our team has been addressed in Gallery 2 CVS as well as in this release of 1.4.4-pl5.

As with most other cross site scripting problems, No risk is posed to the webserver itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.

In addition to the security fix, Gallery 1.4.4-pl5 uses the proper parameters for new versions of ImageMagick and fixes some small issues with PHP 5.

All Gallery users are strongly urged to upgrade to 1.4.4-pl5 immediately, which fixes this problem and will secure your system.

Gallery 1.4.4-pl5 can be downloaded from the Gallery Download Page.


#2

Since securing 3rd party scripts is essential to keep from being hacked. Bumping to make sure any Gallery users out there see this.

upgrade for stand-alone or module installations:
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147&mode=thread&order=0&thold=0