Debian DSA-2078-1 Critical: Mapserver Remote Execution Risks Mitigated
debian
July 31, 2010
Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications
Summary
Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2010-2539
A stack-based buffer overflow in the msTmpFile function might lead to
arbitrary code execution under some conditions.
CVE-2010-2540
It was discovered that the CGI debug command-line arguments which are
enabled by default are insecure and may allow a remote attacker to
execute arbitrary code. Therefore they have been disabled by default.
For the stable distribution (lenny), this problem has been fixed in
version 5.0.3-3+lenny5.
For the testing distribution (squeeze), this problem has been fixed in
version 5.6.4-1.
For the unstable distribution (sid), this problem has been fixed in
version 5.6.4-1.
We recommend that you upgrade your mapserver packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: mapserver
CVE ID: CVE-2010-2539 CVE-2010-2540
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!