Linux Security
    Linux Security
    Linux Security

    Debian: New mapserver packages fix multiple vulnerabilities

    Date 04 Apr 2008
    Posted By LinuxSecurity Advisories
    Lack of input sanitizing and output escaping in the CGI mapserver's template handling and error reporting routines leads to cross-site scripting vulnerabilities.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1539-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           Devin Carraway
    April 04, 2008              
    - ------------------------------------------------------------------------
    Package        : mapserver
    Vulnerability  : multiple
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-4542 CVE-2007-4629
    Chris Schmidt and Daniel Morissette discovered two vulnerabilities
    in mapserver, a development environment for spatial and mapping
    applications.  The Common Vulnerabilities and Exposures project
    identifies the following two problems:
        Lack of input sanitizing and output escaping in the CGI
        mapserver's template handling and error reporting routines leads
        to cross-site scripting vulnerabilities.
        Missing bounds checking in mapserver's template handling leads to
        a stack-based buffer overrun vulnerability, allowing a remote
        attacker to execute arbitrary code with the privileges of the CGI
        or httpd user.
    For the stable distribution (etch), these problems have been fixed in
    version 4.10.0-5.1+etch2.
    For the unstable distribution (sid), these problems have been fixed in
    version 4.10.3-1.
    We recommend that you upgrade your mapserver (4.10.0-5.1+etch2) package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Source archives:
        Size/MD5 checksum:     1315 19c7e595b5f855246bdda2cb64dfbba6
        Size/MD5 checksum:  1782838 4668bbd017c20c251e962a5cd09c8f31
        Size/MD5 checksum:    21156 d424dba068ade923260400584ccc41c9
    Architecture independent packages:
        Size/MD5 checksum:    98096 228d80f159c068f2f2dbcaabdc5f0142
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   499998 8f5698905169ca1628313e963d97c736
        Size/MD5 checksum:   606384 19ea43dbd9c415093f7eb4726b729897
        Size/MD5 checksum:  3680182 aacfaef3131318654056f40b421939fa
        Size/MD5 checksum:   607784 cb386adc2051f239bd0caef91ac92505
        Size/MD5 checksum:   635130 06f6d035a7611623be6cb5c3afd0ef9e
        Size/MD5 checksum:   770054 ef54472362dbc57e8fc9b1e264215c79
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   546404 792b68c551f4bb850cc2e3fb6dc6a4fd
        Size/MD5 checksum:   577372 664d2194141c0d80ad8ba4c4cde7879c
        Size/MD5 checksum:   545634 ca7def85a6cbe91d04b27b111b4c9ab5
        Size/MD5 checksum:   698078 32bb9470760e29a552b809073a9acc7d
        Size/MD5 checksum:  3269920 43e559a538f7bf03fdbf9997f69ca50c
        Size/MD5 checksum:   447180 67f97111943841cfcc3cbed8ce38d637
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   490234 f8b6750656c332fe23c39a9f78ed221f
        Size/MD5 checksum:   604170 e8eee5772e3a22700b86cc5a3a212ab0
        Size/MD5 checksum:   605416 7b60c69d78d1b9418c84a1d64a6fa52a
        Size/MD5 checksum:   716022 99284438b81148dd876ca643d368bdfb
        Size/MD5 checksum:  3604018 33c29a3f03084548e2986da9a801eaea
        Size/MD5 checksum:   640994 ec6952e07f25d21536f97881940fc332
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   679168 e64403426963a88c377542fea91343c4
        Size/MD5 checksum:   548294 630201c053e7b91f8e9ce64c823c17dd
        Size/MD5 checksum:   437666 0a1505703af0c1a48d64f2d038da6aa0
        Size/MD5 checksum:   532098 572b22648d3c22ce7407eea80a67f82a
        Size/MD5 checksum:   532862 58a54016f685daab8c567c876ad1c4bd
        Size/MD5 checksum:  3190140 204555dc33ec7b226ef8f2f8525db170
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   783708 7b29e6da8bf8250c04a62fe13bdc011b
        Size/MD5 checksum:  5063660 b889010ab9c78e7ed07eea208a9334a0
        Size/MD5 checksum:   784782 97086a9de4be64b8b8707134f1bcfbd3
        Size/MD5 checksum:   679852 68efbd6efae15a522a2f2c63e376487a
        Size/MD5 checksum:   981752 069d27887888b57c99a6b4fe3f0722f1
        Size/MD5 checksum:   821774 e150ab973b38a7c07e5c847d6b5bd64b
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   548380 4e47dfcf1964e0e492843edf4dccfa3a
        Size/MD5 checksum:   546882 01c1fe2bb20638adb7b7766d8f206f75
        Size/MD5 checksum:   562064 ac0f572131814de0d6d42baedb2c79e2
        Size/MD5 checksum:  3508794 0a9693d49164791b4937ca6a2dc3cc89
        Size/MD5 checksum:   596240 80e21dbb719f84659ebcf4fe1b33b84f
        Size/MD5 checksum:   478066 7c1ffda6b2c12357faab71435837cfc0
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:  3521650 7c63c1ee85a82ea30413a1d63cc3047e
        Size/MD5 checksum:   549762 af6c9505f9c136aa9e6c66cad597e6ca
        Size/MD5 checksum:   548530 d163f209f4d5effb22d574ad8c219508
        Size/MD5 checksum:   480380 911b5d5804322f4a62b095c9c64fc9cc
        Size/MD5 checksum:   559940 688ca8a13b4cf4340cb9a4b4448cd2ba
        Size/MD5 checksum:   596074 3a0489a3d59c8a3b60fe08c5c37eb251
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   453732 01000caf42f203b6c2330e579d79b28a
        Size/MD5 checksum:   557654 fd75a89e0ecc889db67fd517c8bf7568
        Size/MD5 checksum:   556412 678fb38b4dd725f1ae2f520e2ff92270
        Size/MD5 checksum:   708664 b8a96b7531808b2965d7dba797821d50
        Size/MD5 checksum:   579560 cd5d303cfa304194217ebbbc58ae2e4b
        Size/MD5 checksum:  3305834 860ad67587a7a080e6aa1fc752e2abd2
    s390 architecture (IBM S/390)
        Size/MD5 checksum:  3302260 995559c077c87884aa90f9361a3d57b2
        Size/MD5 checksum:   555090 1b6d9bf9660334c0c4df0295fb65559d
        Size/MD5 checksum:   553850 f0ffecbccb2df4a50a31618a01362bb2
        Size/MD5 checksum:   452176 6ed738fa8f1f1a0a5fef28ede711d4b9
        Size/MD5 checksum:   581032 48e1a6e91883bf1d859ebc1e17ca9809
        Size/MD5 checksum:   606142 9d0d79a7ccaa876218079e180e316ee2
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   568812 9a0a3af49a1bdb305e5146915441dd2f
        Size/MD5 checksum:   703378 08a50fe3eb7330eac9dc77ae86a93900
        Size/MD5 checksum:   541560 388c334dcb0fafb48805ce5f7cd40078
        Size/MD5 checksum:   542890 6c54d5dfbb8ae3ead60bd7aa7135ebd9
        Size/MD5 checksum:  3216194 263c2aa66013c75217751e7faf6c40d4
        Size/MD5 checksum:   442792 fb273e738d0a0f234088b58c53125304
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    Which is the best secure Linux distro for pentesting?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"174","title":"Kali Linux","votes":"15","type":"x","order":"1","pct":57.69,"resources":[]},{"id":"175","title":"Parrot OS","votes":"10","type":"x","order":"2","pct":38.46,"resources":[]},{"id":"176","title":"BlackArch Linux","votes":"1","type":"x","order":"3","pct":3.85,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.