The development team is releasing a security update for Coppermine in order to counter a recently discovered sql injection vulnerability. It is important that all users who run version cpg1.4.16 or older update to this latest version as soon as possible.
To correct the security issue manually, you can apply the fix mentioned below. Please note that applying the manual fix will keep you secure, but it is not a substitute for updating your gallery fully, as there are several other non-security related fixes that went into cpg1.4.17 as well.
Manual fix (not recommended):
To manually fix the vulnerability, edit upload.php, find
} else {
// We will try to get the extension from the database.
$MIME_result = cpg_db_query("SELECT extension FROM {$CONFIG['TABLE_FILETYPES']} WHERE mime='$URI_MIME_type'");
// Check to see if any results were returned.
if (!mysql_num_rows($MIME_result)) {
// No results, so free up the resources.
mysql_free_result($MIME_result);
// We cannot determine an extension from the MIME type provided, so note an error. Reject the file as unsafe.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['MIME_type_unknown']);
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
} else {
// The was a result. Fetch it.
$extension_data = mysql_fetch_array($MIME_result);
// Release the resources.
mysql_free_result($MIME_result);
// Store the extension in $extension.
$extension = $extension_data['extension'];
}
}
and replace with
} else {
$extension = '';
foreach ($FILE_TYPES as $ext => $typedata){
if ($typedata['mime'] == $URI_MIME_type){
// Store the extension in $extension.
$extension = $ext;
break;
}
}
if (!$extension){
// We cannot determine an extension from the MIME type provided, so note an error. Reject the file as unsafe.
$URI_failure_array[] = array( 'failure_ordinal'=>$failure_ordinal, 'URI_name'=> $_POST['URI_array'][$counter], 'error_code'=>$lang_upload_php['MIME_type_unknown']);
// There is no need for further tests or action, so skip the remainder of the iteration.
continue;
}
}
The following issues have been addressed in this release (changelog excerpt):- 2008-04-10 Release of cpg1.4.17 {GauGau}
- 2008-04-10 Corrected an SQL injection vulnerability in URI upload code {Nibbler}
- 2008-03-19 Added Welsh language file (user contribution) {Nibbler}
- 2008-03-02 Updated version count from cpg1.4.16 to cpg1.4.17 in subversion repository as a preparation for a possible future release {GauGau}
- 2008-02-29 Changed date formats in lang files for better windows compatibility {Nibbler}
- 2008-02-12 Updated Romanian language file (user contribution) {GauGau}
- 2008-02-07 Added Latvian language file (user contribution) {GauGau}
- 2008-02-04 ImageMagick rotate bug fix {Nibbler}
How to update:
To update any version of Coppermine to version 1.4.17,
download the latest version from the
download page and follow
the upgrade steps in the documentation.
If you have problems with this update, please use the
Update support board. Do not post your issues to this announcement thread - they will be deleted without notice.
[UPDATE]
cpg1.4.17 is now outdated. Please upgrade to cpg1.4.18[/UPDATE]
Thanks,
The Coppermine Team
