Fwd: [Gallery-announce] Gallery 3.0.1 security / bugfix release is available!

Crossposting this here -- Gallery 3.0.1 is out and it includes a
security fix that affects installs where you've allowed non-trusted
folks to upload photos.  Please upgrade ASAP!

-Bharat

-------- Original Message --------
Subject: [Gallery-announce] Gallery 3.0.1 security / bugfix release is
available!
Date: Sat, 22 Jan 2011 21:15:33 -0800
From: Gallery Announcements <gallery-announce@...>
Reply-To: gallery-announce@...
To: Gallery Announce <gallery-announce@...>


Gallery 3.0.1 is available! This is a bug and stability fix release, but
it also includes an *important security fix*. We strongly advise that
you upgrade to Gallery 3.0.1 as soon as possible. Upgrading is quick and
easy — don't put it off! More details to learn what's improved in
Gallery 3.0.1 or just download it now!

For complete details on this release including what changed, please
refer to the official news story:
  http://gallery.menalto.com/gallery_3.0.1_released

As a convenience, information about the security fix is included below.

Security Fix (Vulnerability CVE-2010-4353)
------------------------------------------
Gallery 3.0 (and beta versions) have a security vulnerability where
users with upload permissions can bypass file type restrictions and
upload files of any type to the remote system. This vulnerability only
affects installations where you've granted upload permissions to users
you don't fully trust. Those users could then gain remote access to your
system. We strongly recommend that you upgrade immediately. However, if
you wish to close the hole without upgrading you can replace or patch
modules/gallery/models/item.php with a newer version.

Method #1: Replace item.php
- Download CVE-2010-4353.zip
- Unpack the zip file
- Replace modules/gallery/models/item.php with the version contained in
  the zip file

Method #2: Patch item.php
- Download CVE-2010-4353.patch.txt
- Move CVE-2010-4353.patch.txt into your gallery3 directory
- Run patch -p0 < CVE-2010-4353.patch.txt
- You should see the following output:
    patching file modules/gallery/models/item.php

We would like to thank Kriss Andsten for responsibly disclosing this
security issue. Kriss is a valued member of the Gallery 3 community and
he will be receiving a $400 cash reward as part of the Gallery Security
Bounty program.

If you discover a security vulnerability in any Gallery product, please
email security@... with the details and we will fix it
as soon as possible and reward your efforts.

-Bharat

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
__[ g a l l e r y - a n n o u n c e ]_________________________

[ UNSUBSCRIBE? -->
http://lists.sourceforge.net/lists/listinfo/gallery-announce ]
[ list info/archive --> http://gallery.sourceforge.net/lists.php ]
[ gallery info/FAQ/download --> http://gallery.sourceforge.net ]


------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
__[ g a l l e r y - d e v e l ]_________________________

[ list info/archive --> http://gallery.sf.net/lists.php ]
[ gallery info/FAQ/download --> http://gallery.sf.net ]