Fedora 9: 2009-3383 Moderate: Mapserver Access Control Fix

Mapserver is an internet mapping program that converts GIS data to

map images in real time. With appropriate interface pages,

Mapserver can provide an interactive internet map based on

custom GIS data.

The releases contain fixes for issues discovered in an audit of the CGI by a 3rd

party (tickets #2939, #2941, #2942, #2943 and #2944). The issues are detailed

at: https://mapserver.org

https://mapserver.org

https://mapserver.org

https://mapserver.org

https://mapserver.org Also provided is support for

RFC-56 that addresses tightening up the control of access to mapfiles and

templates: https://mapserver.org/development/rfc/ms-rfc-56.html

* Sun Apr 5 2009 Devrim GUNDUZ - 5.2.2-1

- Update to 5.2.2 which fixes :

CVE-2009-0839, CVE-2009-0840, CVE-2009-0841, CVE-2009-0842,

CVE-2009-0843, CVE-2009-1176, CVE-2009-1177.

* Sat Jul 5 2008 Balint Cristian 5.0.3-3

- address bz#453925

* Thu Jun 26 2008 Devrim GUNDUZ - 5.0.3-2

- Rebuilt against Geos 3.0.0

* Thu Jun 12 2008 Balint Cristian 5.0.3-1

- update to 5.0.3 bugfix release

- fix some rpmlint warnings

[ 1 ] Bug #493364 - mapserver: multiple security fixes in 5.2.2 and 4.10.4 (CVE-2009-0839, CVE-2009-0840, CVE-2009-0841, CVE-2009-0842, CVE-2009-0843, CVE-2009-1176, CVE-2009-1177)

https://bugzilla.redhat.com/show_bug.cgi?id=493364

su -c 'yum update mapserver' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/