=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN051
_____________________________________________________________________

DATE                      : 25/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Gallery version 3.

======================================================================
http://gallery.menalto.com/gallery_3.0.1_released
______________________________________________________________________

Gallery 3.0.1 security and bugfix release is available!
Submitted by bharat on Sat, 2011-01-22 23:31
Download Gallery Version 3.0.1 (1.8MB)

Gallery 3.0.1 is available! This is a bug and stability fix release, but
it also includes an important security fix. We strongly advise that you
upgrade to Gallery 3.0.1 as soon as possible. Upgrading is quick and
easy — don't put it off! More details to learn what's improved in
Gallery 3.0.1 or just download it now!


Security Fix

Vulnerability CVE-2010-4353
Gallery 3.0 (and beta versions) have a security vulnerability where
users with upload permissions can bypass file type restrictions and
upload files of any type to the remote system. This vulnerability only
affects installations where you've granted upload permissions to users
you don't fully trust. Those users could then gain remote access to your
system. We strongly recommend that you upgrade immediately. However,
if you wish to close the hole without upgrading you can replace or
patch modules/gallery/models/item.php with a newer version.

    * Method #1: Replace item.php
         1. Download CVE-2010-4353.zip
         2. Unpack the zip file
         3. Replace modules/gallery/models/item.php with the version
contained in the zip file
    * Method #2: Patch item.php
         1. Download CVE-2010-4353.patch.txt
         2. Move CVE-2010-4353.patch.txt into your gallery3 directory
         3. Run patch -p0 < CVE-2010-4353.patch.txt
         4. You should see the following output:
patching file modules/gallery/models/item.php

We would like to thank Kriss Andsten for responsibly disclosing this
security issue. Kriss is a valued member of the Gallery 3 community
and he will be receiving a $400 cash reward as part of the
Gallery Security Bounty program.

If you discover a security vulnerability in any Gallery product,
please email security@gallery.menalto.com with the details and we
will fix it as soon as possible and reward your efforts.

What's changed in Gallery 3.0.1?

This new release is primarily a bugfix and stability release. There
have been over 277,000 downloads of Gallery 3.0 since we released it
in October of 2010 and over 32,000 posts in our forums from active
users. While the feedback has been overwhelmingly positive, you've
certainly found a lot of bugs and rough edges! We worked through and
closed over 95 tickets to make the product faster, more reliable and
easier to use. We hope you like the results. Some of the highlights
of this release include:

    * Considerable performance improvements to the REST module which
is the technology that powers things like the Gallery Android App
    * Huge improvements in performance when tagging lots of photos
    * Compatibility fixes for Internet Explorer 6 and 7
    * Improved system detection to help identify problems when PHP
is configured in a way that makes Gallery not work very well or not
work at all.
    * Automatic version upgrade detection. Gallery will now alert
you if there's a newer version of Gallery available, without sharing
any of your Gallery information.
    * Completely rewrote the Organize feature to be fast and stable.
    * Fixed an important stability issue where a race between two users
deleting photos and albums could result in database corruption which,
while completely recoverable, is a pain to deal with.

Upgrading

Upgrading is really easy! Unpack the new version, move the var/ directory
of the old version to the new version's folder and then either browse to:
http://your-site.com/gallery3/index.php/upgrader or at a shell prompt:
php index.php upgrade For more detailed upgrade instructions, please
refer to the Gallery 3 User Guide


Roadmap

Looking forward, we intend to make some major changes in the 3.1 code base.
We'd like to get Gallery embedded into content management systems like
Drupal, Joomla, etc. We're also thinking about ways that we can overhaul
and greatly improve the theme and authentication systems. If we discover
issues in the 3.0.1 release that need a quick fix, we will probably
spin up a 3.0.2 release for those.


Got feedback?

If you have any overall feedback, please visit the Gallery 3.0.1 Feedback
forum topic and let us know! If you have questions, please visit the
Gallery 3 Wiki, the home for Gallery 3 documentation.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================