Debian: DSA-2078-1: New mapserver packages fix arbitrary code execution

    Date31 Jul 2010
    CategoryDebian
    51
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-2078-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    http://www.debian.org/security/                                 Nico Golde
    July 31nd, 2010                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mapserver
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    Debian bug     : none
    CVE ID         : CVE-2010-2539 CVE-2010-2540
    
    Several vulnerabilities have been discovered in mapserver, a CGI-based
    web framework to publish spatial data and interactive mapping applications.
    The Common Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2010-2539
    
      A stack-based buffer overflow in the msTmpFile function might lead to
      arbitrary code execution under some conditions.
    
    CVE-2010-2540
    
      It was discovered that the CGI debug command-line arguments which are
      enabled by default are insecure and may allow a remote attacker to
      execute arbitrary code. Therefore they have been disabled by default.
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 5.0.3-3+lenny5.
    
    For the testing distribution (squeeze), this problem has been fixed in
    version 5.6.4-1.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 5.6.4-1.
    
    
    We recommend that you upgrade your mapserver packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny5.diff.gz
        Size/MD5 checksum:  1476034 a9a7f020278337a51221a05fa511fd7b
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny5.dsc
        Size/MD5 checksum:     2033 68c11dc4ccdad6a879c3bf740a5be723
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3.orig.tar.gz
        Size/MD5 checksum:  1806528 953a131497132baef84ca33f8432d299
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby_5.0.3-3+lenny5_all.deb
        Size/MD5 checksum:    44864 82a253777cce2d5f0824efa68a8bb23e
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_5.0.3-3+lenny5_all.deb
        Size/MD5 checksum:   168594 617c9ea230e9b977125f3b61740da142
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_alpha.deb
        Size/MD5 checksum:   651986 d8c0530185dd31a632fcd63f0b9215b6
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_alpha.deb
        Size/MD5 checksum:  4836912 672ab7959ddbbbc2802f2022920f995d
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_alpha.deb
        Size/MD5 checksum:   987682 4936bbc546910ff46053da7ece063c55
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_alpha.deb
        Size/MD5 checksum:   783410 ce5a425c4275ab3d6882d2958ccd3db1
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_alpha.deb
        Size/MD5 checksum:  1600886 8d198b42884d1ab52475431708b7a1ff
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_alpha.deb
        Size/MD5 checksum:   844650 9f847e58b9b8b24f01e855e204d18bfc
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_alpha.deb
        Size/MD5 checksum:   844346 c37869d321987c809d1e0c1616b73495
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_amd64.deb
        Size/MD5 checksum:   795898 78cbe0e6a3a3168c183c7416a82a0aa3
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_amd64.deb
        Size/MD5 checksum:   795722 268b04d141a8241ef5c07f0df54a6ec3
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_amd64.deb
        Size/MD5 checksum:   587892 a67bbbb52e209477b58b9e660df1c64a
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_amd64.deb
        Size/MD5 checksum:  1459544 c8ec6f3b401f13617e7cf40448540f6c
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_amd64.deb
        Size/MD5 checksum:   888798 18e87961972af3e0297e942c85265903
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_amd64.deb
        Size/MD5 checksum:  4314946 be1c04d3a8f6452f40044127bf2e7102
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_amd64.deb
        Size/MD5 checksum:   710242 646f6b9634e24c4fb4aaf33770aec24d
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_arm.deb
        Size/MD5 checksum:   566044 5a2f2b8765bda3007b1beed9550a034c
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_arm.deb
        Size/MD5 checksum:  1357464 6576953eb07a966c57cc39603d9787f3
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_arm.deb
        Size/MD5 checksum:   738608 6a726cefd00960065100fc6f07c605ca
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_arm.deb
        Size/MD5 checksum:   665920 6d7768f23e9c2dd4ff5a3c9d1a97a160
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_arm.deb
        Size/MD5 checksum:  4147860 c3ed72b7de42dde8d17d2df141136f0b
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_arm.deb
        Size/MD5 checksum:   738450 b4f15b7376f85946a1816990006f23b3
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_arm.deb
        Size/MD5 checksum:   829762 908620cb8c44a5826f1a7827b2fa4240
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_armel.deb
        Size/MD5 checksum:  1450730 964c038833ff9c68a2ddea571d7b1e36
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_armel.deb
        Size/MD5 checksum:   878128 694dd69a4b1d573b7558488917ab4d08
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_armel.deb
        Size/MD5 checksum:   785180 058a406b43825426dd8af219f834b265
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_armel.deb
        Size/MD5 checksum:  4483936 339df34bec8ad5544a3ef9e4d6a239ac
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_armel.deb
        Size/MD5 checksum:   710424 4bce82a913c61fe90425f44b33058469
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_armel.deb
        Size/MD5 checksum:   784796 59257832f49e6fa9413e73d180c48c47
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_armel.deb
        Size/MD5 checksum:   609312 aced11565d3753ef3eadbde490093939
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_hppa.deb
        Size/MD5 checksum:  1596754 c6fc61abfdc93895ffc55e065d7041e6
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_hppa.deb
        Size/MD5 checksum:   814502 06afe60e1cc1161acf83f070a2d444ad
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_hppa.deb
        Size/MD5 checksum:   814796 8248fb7ce698f8f424edd70b49e7e9e2
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_hppa.deb
        Size/MD5 checksum:   760676 fd4f5ec5bceb20066a521e866208298a
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_hppa.deb
        Size/MD5 checksum:  4735786 6e22b92511050ff1c73f06565093605e
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_hppa.deb
        Size/MD5 checksum:   886554 fd8dd54391da71bc7a909caa1ce8b53b
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_hppa.deb
        Size/MD5 checksum:   640260 21c2bfabb7be2f780a44e3da4ab792f7
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_i386.deb
        Size/MD5 checksum:   742710 21d812ca064a5e2c984075dd7f434db9
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_i386.deb
        Size/MD5 checksum:  1390216 1cbd32a02eb0a075b539f354c888f7a1
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_i386.deb
        Size/MD5 checksum:   572754 b12132b649c3a5cddf2e545b7f1ef075
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_i386.deb
        Size/MD5 checksum:   867252 ba842833fcd9497242f800bdf4ca96b7
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_i386.deb
        Size/MD5 checksum:  4200654 be1e126789cf0db8c328a0a5aa27ab5d
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_i386.deb
        Size/MD5 checksum:   689996 4e40ae4bfe72b970317d10c018017ee3
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_i386.deb
        Size/MD5 checksum:   742870 d39dd9026f72f0d651eb32c6978a7c3b
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_ia64.deb
        Size/MD5 checksum:  6674628 9c69d2b7a63622a1121bec34af55c284
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_ia64.deb
        Size/MD5 checksum:  1130102 2e52b5b9d467a85bf35aca422ab549d0
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_ia64.deb
        Size/MD5 checksum:   889040 9183949992c2a1179f234259bcd90c90
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_ia64.deb
        Size/MD5 checksum:  1247058 e8a77cc702eaf3e9bf1c1ce41a153a84
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_ia64.deb
        Size/MD5 checksum:  2110176 c6002cc99c1b8db0a739f878706f311c
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_ia64.deb
        Size/MD5 checksum:  1017432 47098cea122028af156f288afacc57f5
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_ia64.deb
        Size/MD5 checksum:  1129828 d9666eea4c81585d885d2318c71db5e8
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_mips.deb
        Size/MD5 checksum:  1412258 1ef515f6e48bce2279a797672c265e93
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_mips.deb
        Size/MD5 checksum:   721540 6f2a0698b9e2703494b98aad32800164
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_mips.deb
        Size/MD5 checksum:   631028 5eee1a9b96421778c44b9f1908943fdd
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_mips.deb
        Size/MD5 checksum:  4666438 528fbee3eaa39de39ab5f428efa0e8f3
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_mips.deb
        Size/MD5 checksum:   721256 335569219400881da2deac62653b949f
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_mips.deb
        Size/MD5 checksum:   762248 da299e9ba0f8d7537912be490bd17ce9
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_mips.deb
        Size/MD5 checksum:   703150 8b64fe2e8ab8ff5a5dadac68039773b9
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_mipsel.deb
        Size/MD5 checksum:   703230 ac09f1f05a985714fed253a4659f279a
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_mipsel.deb
        Size/MD5 checksum:   631660 d6e7a84d7e0cf619657e13e7ceb905b2
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_mipsel.deb
        Size/MD5 checksum:   721020 0df7e8e7ee8ad125b68627d868a76801
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_mipsel.deb
        Size/MD5 checksum:  1406832 ca391953501bad874bf99354e7a67c35
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_mipsel.deb
        Size/MD5 checksum:   761194 ae18e6cd12d0e45421af7c325a6ae2a1
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_mipsel.deb
        Size/MD5 checksum:   720752 5bbe0194ffe85165ac0785f12d2125d2
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_mipsel.deb
        Size/MD5 checksum:  4672798 e2404be53067dcaf67d1f75b8668f2e1
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_powerpc.deb
        Size/MD5 checksum:  1521214 50bc7253fe9b74279820ccecc941dfd2
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_powerpc.deb
        Size/MD5 checksum:   598164 176d267153de1d20d88d581aa4d120cf
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_powerpc.deb
        Size/MD5 checksum:   802138 4bd27bc9b294c73279a86415ac7c8e69
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_powerpc.deb
        Size/MD5 checksum:   743026 c4dbafb237c59753def9508de5c5c550
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_powerpc.deb
        Size/MD5 checksum:   802396 8f5a323336968031c98a67c33466dfca
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_powerpc.deb
        Size/MD5 checksum:   940956 f2ae7bd7603343504ebbfb092b11a75f
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_powerpc.deb
        Size/MD5 checksum:  4409756 08594db874ef7d412f3a13b8f4e2947e
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_s390.deb
        Size/MD5 checksum:  4301392 43acc1f72ee199627436cdd773eff546
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_s390.deb
        Size/MD5 checksum:   585428 9c7a88cd7ae7baea953d714eb52eea6b
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_s390.deb
        Size/MD5 checksum:   707966 83b28f5b1fd81d9a4ded63bf757c53e6
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_s390.deb
        Size/MD5 checksum:  1426136 fa7812c23e3424e836b8387f6f210a09
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_s390.deb
        Size/MD5 checksum:   786392 0cc227efa11c9618061262c95589e313
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_s390.deb
        Size/MD5 checksum:   750080 430ed549ae6bced72646d73cc418c7e5
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_s390.deb
        Size/MD5 checksum:   749650 5c483e9e8922272aefedcac8f4854bb9
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_sparc.deb
        Size/MD5 checksum:   695380 db003dfda896f801ee8004c24ccb149f
      http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_sparc.deb
        Size/MD5 checksum:   898284 bfc8d351c8d9b2a99f016564b6bdcd1d
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_sparc.deb
        Size/MD5 checksum:   766888 ccf3e355d775d8358592b30be3c0ee02
      http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_sparc.deb
        Size/MD5 checksum:  4203030 8303733ba0b79f16ecd3027e4acbadb1
      http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_sparc.deb
        Size/MD5 checksum:   766334 d3e258ae38fb80b2cbc51447e799319a
      http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_sparc.deb
        Size/MD5 checksum:   573652 bde2f214a08781a51500b5dca9019c0a
      http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_sparc.deb
        Size/MD5 checksum:  1434330 ff4b7a0af3a99005ade15e4d341f1958
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.