Linux Security
Linux Security
Linux Security

Debian: New mapserver packages fix multiple vulnerabilities

Date 04 Apr 2008
Posted By LinuxSecurity Advisories
Lack of input sanitizing and output escaping in the CGI mapserver's template handling and error reporting routines leads to cross-site scripting vulnerabilities.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1539-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           Devin Carraway
April 04, 2008              
- ------------------------------------------------------------------------

Package        : mapserver
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-4542 CVE-2007-4629

Chris Schmidt and Daniel Morissette discovered two vulnerabilities
in mapserver, a development environment for spatial and mapping
applications.  The Common Vulnerabilities and Exposures project
identifies the following two problems:


    Lack of input sanitizing and output escaping in the CGI
    mapserver's template handling and error reporting routines leads
    to cross-site scripting vulnerabilities.

    Missing bounds checking in mapserver's template handling leads to
    a stack-based buffer overrun vulnerability, allowing a remote
    attacker to execute arbitrary code with the privileges of the CGI
    or httpd user.

For the stable distribution (etch), these problems have been fixed in
version 4.10.0-5.1+etch2.

For the unstable distribution (sid), these problems have been fixed in
version 4.10.3-1.

We recommend that you upgrade your mapserver (4.10.0-5.1+etch2) package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
    Size/MD5 checksum:     1315 19c7e595b5f855246bdda2cb64dfbba6
    Size/MD5 checksum:  1782838 4668bbd017c20c251e962a5cd09c8f31
    Size/MD5 checksum:    21156 d424dba068ade923260400584ccc41c9

Architecture independent packages:
    Size/MD5 checksum:    98096 228d80f159c068f2f2dbcaabdc5f0142

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   499998 8f5698905169ca1628313e963d97c736
    Size/MD5 checksum:   606384 19ea43dbd9c415093f7eb4726b729897
    Size/MD5 checksum:  3680182 aacfaef3131318654056f40b421939fa
    Size/MD5 checksum:   607784 cb386adc2051f239bd0caef91ac92505
    Size/MD5 checksum:   635130 06f6d035a7611623be6cb5c3afd0ef9e
    Size/MD5 checksum:   770054 ef54472362dbc57e8fc9b1e264215c79

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   546404 792b68c551f4bb850cc2e3fb6dc6a4fd
    Size/MD5 checksum:   577372 664d2194141c0d80ad8ba4c4cde7879c
    Size/MD5 checksum:   545634 ca7def85a6cbe91d04b27b111b4c9ab5
    Size/MD5 checksum:   698078 32bb9470760e29a552b809073a9acc7d
    Size/MD5 checksum:  3269920 43e559a538f7bf03fdbf9997f69ca50c
    Size/MD5 checksum:   447180 67f97111943841cfcc3cbed8ce38d637

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   490234 f8b6750656c332fe23c39a9f78ed221f
    Size/MD5 checksum:   604170 e8eee5772e3a22700b86cc5a3a212ab0
    Size/MD5 checksum:   605416 7b60c69d78d1b9418c84a1d64a6fa52a
    Size/MD5 checksum:   716022 99284438b81148dd876ca643d368bdfb
    Size/MD5 checksum:  3604018 33c29a3f03084548e2986da9a801eaea
    Size/MD5 checksum:   640994 ec6952e07f25d21536f97881940fc332

i386 architecture (Intel ia32)
    Size/MD5 checksum:   679168 e64403426963a88c377542fea91343c4
    Size/MD5 checksum:   548294 630201c053e7b91f8e9ce64c823c17dd
    Size/MD5 checksum:   437666 0a1505703af0c1a48d64f2d038da6aa0
    Size/MD5 checksum:   532098 572b22648d3c22ce7407eea80a67f82a
    Size/MD5 checksum:   532862 58a54016f685daab8c567c876ad1c4bd
    Size/MD5 checksum:  3190140 204555dc33ec7b226ef8f2f8525db170

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   783708 7b29e6da8bf8250c04a62fe13bdc011b
    Size/MD5 checksum:  5063660 b889010ab9c78e7ed07eea208a9334a0
    Size/MD5 checksum:   784782 97086a9de4be64b8b8707134f1bcfbd3
    Size/MD5 checksum:   679852 68efbd6efae15a522a2f2c63e376487a
    Size/MD5 checksum:   981752 069d27887888b57c99a6b4fe3f0722f1
    Size/MD5 checksum:   821774 e150ab973b38a7c07e5c847d6b5bd64b

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   548380 4e47dfcf1964e0e492843edf4dccfa3a
    Size/MD5 checksum:   546882 01c1fe2bb20638adb7b7766d8f206f75
    Size/MD5 checksum:   562064 ac0f572131814de0d6d42baedb2c79e2
    Size/MD5 checksum:  3508794 0a9693d49164791b4937ca6a2dc3cc89
    Size/MD5 checksum:   596240 80e21dbb719f84659ebcf4fe1b33b84f
    Size/MD5 checksum:   478066 7c1ffda6b2c12357faab71435837cfc0

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  3521650 7c63c1ee85a82ea30413a1d63cc3047e
    Size/MD5 checksum:   549762 af6c9505f9c136aa9e6c66cad597e6ca
    Size/MD5 checksum:   548530 d163f209f4d5effb22d574ad8c219508
    Size/MD5 checksum:   480380 911b5d5804322f4a62b095c9c64fc9cc
    Size/MD5 checksum:   559940 688ca8a13b4cf4340cb9a4b4448cd2ba
    Size/MD5 checksum:   596074 3a0489a3d59c8a3b60fe08c5c37eb251

powerpc architecture (PowerPC)
    Size/MD5 checksum:   453732 01000caf42f203b6c2330e579d79b28a
    Size/MD5 checksum:   557654 fd75a89e0ecc889db67fd517c8bf7568
    Size/MD5 checksum:   556412 678fb38b4dd725f1ae2f520e2ff92270
    Size/MD5 checksum:   708664 b8a96b7531808b2965d7dba797821d50
    Size/MD5 checksum:   579560 cd5d303cfa304194217ebbbc58ae2e4b
    Size/MD5 checksum:  3305834 860ad67587a7a080e6aa1fc752e2abd2

s390 architecture (IBM S/390)
    Size/MD5 checksum:  3302260 995559c077c87884aa90f9361a3d57b2
    Size/MD5 checksum:   555090 1b6d9bf9660334c0c4df0295fb65559d
    Size/MD5 checksum:   553850 f0ffecbccb2df4a50a31618a01362bb2
    Size/MD5 checksum:   452176 6ed738fa8f1f1a0a5fef28ede711d4b9
    Size/MD5 checksum:   581032 48e1a6e91883bf1d859ebc1e17ca9809
    Size/MD5 checksum:   606142 9d0d79a7ccaa876218079e180e316ee2

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   568812 9a0a3af49a1bdb305e5146915441dd2f
    Size/MD5 checksum:   703378 08a50fe3eb7330eac9dc77ae86a93900
    Size/MD5 checksum:   541560 388c334dcb0fafb48805ce5f7cd40078
    Size/MD5 checksum:   542890 6c54d5dfbb8ae3ead60bd7aa7135ebd9
    Size/MD5 checksum:  3216194 263c2aa66013c75217751e7faf6c40d4
    Size/MD5 checksum:   442792 fb273e738d0a0f234088b58c53125304

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.