From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1914-1
[email protected] http://www.debian.org/security/ Nico Golde October 22nd, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : mapserver
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian bug : #535340 #523027
CVE ID : CVE-2009-0843 CVE-2009-0842 CVE-2009-0841 CVE-2009-0840
CVE-2009-0839 CVE-2009-2281
Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-0843
Missing input validation on a user supplied map queryfile name can be
used by an attacker to check for the existence of a specific file by
using the queryfile GET parameter and checking for differences in error
messages.
CVE-2009-0842
A lack of file type verification when parsing a map file can lead to
partial disclosure of content from arbitrary files through parser error
messages.
CVE-2009-0841
Due to missing input validation when saving map files under certain
conditions it is possible to perform directory traversal attacks and
to create arbitrary files.
NOTE: Unless the attacker is able to create directories in the image
path or there is already a readable directory this doesn't affect
installations on Linux as the fopen() syscall will fail in case a sub
path is not readable.
CVE-2009-0839
It was discovered that mapserver is vulnerable to a stack-based buffer
overflow when processing certain GET parameters. An attacker can use
this to execute arbitrary code on the server via crafted id parameters.
CVE-2009-0840
An integer overflow leading to a heap-based buffer overflow when
processing the Content-Length header of an HTTP request can be used by an
attacker to execute arbitrary code via crafted POST requests containing
negative Content-Length values.
CVE-2009-2281
An integer overflow when processing HTTP requests can lead to a
heap-based buffer overflow. An attacker can use this to execute arbitrary
code either via crafted Content-Length values or large HTTP request. This
is partly because of an incomplete fix for CVE-2009-0840.
For the oldstable distribution (etch), this problem has been fixed in
version 4.10.0-5.1+etch4.
For the stable distribution (lenny), this problem has been fixed in
version 5.0.3-3+lenny4.
For the testing distribution (squeeze), this problem has been fixed in
version 5.4.2-1.
For the unstable distribution (sid), this problem has been fixed in
version 5.4.2-1.
We recommend that you upgrade your mapserver packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.dsc
Size/MD5 checksum: 1324 da6dc400ad2809025a367588eb931523
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0.orig.tar.gz
Size/MD5 checksum: 1782838 4668bbd017c20c251e962a5cd09c8f31
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.diff.gz
Size/MD5 checksum: 85762 61bec011ac70ab92c0ebdf064bbbe3ed
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_4.10.0-5.1+etch4_all.deb
Size/MD5 checksum: 94768 a6b8887a85643d4be20e5e1fc1c94c4d
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_alpha.deb
Size/MD5 checksum: 505828 d90975f9345f55213725ba30836248b3
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_alpha.deb
Size/MD5 checksum: 3721704 aa3689eb024673362bc1f4eba5bcf506
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_alpha.deb
Size/MD5 checksum: 612294 e87d84530f20dff11900357b1000c266
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_alpha.deb
Size/MD5 checksum: 640400 ee763dfbcd9d96af2e7d68f379ac8b6f
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_alpha.deb
Size/MD5 checksum: 613754 e11196261729f9b148c78ec494ed16d9
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_alpha.deb
Size/MD5 checksum: 776080 b4f3464ee84e5cd99221fc7f13456158
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_arm.deb
Size/MD5 checksum: 524598 0f85fc0fe42f0a79d3ad6ccb424ab1f5
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_arm.deb
Size/MD5 checksum: 540312 c06accd457ff567d7028c124f72e7b60
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_arm.deb
Size/MD5 checksum: 660318 ce3a9044a866184881cbe798e72dc8ab
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_arm.deb
Size/MD5 checksum: 435310 275339dd1b3bf757ff1c2efaa13ac5ac
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)