Mail Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ApacheGallery] Security upgrade

Just for good measure: Yes, there is a local privilege escalation (or
perhaps descalation :) attack in A::G. The safest approach is to upgrade
to the latest snapshot, which eliminates Inline C code entirely, but
hasn't received that much testing yet.
It requires the installation of Image::Imlib2 which is known to have
compilation problems. The patch at may or may
not solve any compilation problems.

Again: The security-bug can only be exploited by local users with
write-access to /tmp - and enables the user to run code as the apache

Andreas Plesner Jacobsen | Bus error -- please leave by the rear door.
users mailing list
[email protected]