[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ApacheGallery] Security upgrade
Just for good measure: Yes, there is a local privilege escalation (or
perhaps descalation :) attack in A::G. The safest approach is to upgrade
to the latest snapshot, which eliminates Inline C code entirely, but
hasn't received that much testing yet.
It requires the installation of Image::Imlib2 which is known to have
compilation problems. The patch at
http://slartibartfast.nerd.dk/~scoof/image-imlib2-croak-patch may or may
not solve any compilation problems.
Again: The security-bug can only be exploited by local users with
write-access to /tmp - and enables the user to run code as the apache
Andreas Plesner Jacobsen | Bus error -- please leave by the rear door.
users mailing list