From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-2078-1
[email protected] http://www.debian.org/security/ Nico Golde
July 31nd, 2010
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : mapserver
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-2539 CVE-2010-2540
Several vulnerabilities have been discovered in mapserver, a CGI-based
web framework to publish spatial data and interactive mapping applications.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2539
A stack-based buffer overflow in the msTmpFile function might lead to
arbitrary code execution under some conditions.
CVE-2010-2540
It was discovered that the CGI debug command-line arguments which are
enabled by default are insecure and may allow a remote attacker to
execute arbitrary code. Therefore they have been disabled by default.
For the stable distribution (lenny), this problem has been fixed in
version 5.0.3-3+lenny5.
For the testing distribution (squeeze), this problem has been fixed in
version 5.6.4-1.
For the unstable distribution (sid), this problem has been fixed in
version 5.6.4-1.
We recommend that you upgrade your mapserver packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny5.diff.gz
Size/MD5 checksum: 1476034 a9a7f020278337a51221a05fa511fd7b
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny5.dsc
Size/MD5 checksum: 2033 68c11dc4ccdad6a879c3bf740a5be723
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3.orig.tar.gz
Size/MD5 checksum: 1806528 953a131497132baef84ca33f8432d299
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby_5.0.3-3+lenny5_all.deb
Size/MD5 checksum: 44864 82a253777cce2d5f0824efa68a8bb23e
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_5.0.3-3+lenny5_all.deb
Size/MD5 checksum: 168594 617c9ea230e9b977125f3b61740da142
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 651986 d8c0530185dd31a632fcd63f0b9215b6
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 4836912 672ab7959ddbbbc2802f2022920f995d
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 987682 4936bbc546910ff46053da7ece063c55
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 783410 ce5a425c4275ab3d6882d2958ccd3db1
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 1600886 8d198b42884d1ab52475431708b7a1ff
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 844650 9f847e58b9b8b24f01e855e204d18bfc
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_alpha.deb
Size/MD5 checksum: 844346 c37869d321987c809d1e0c1616b73495
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 795898 78cbe0e6a3a3168c183c7416a82a0aa3
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 795722 268b04d141a8241ef5c07f0df54a6ec3
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 587892 a67bbbb52e209477b58b9e660df1c64a
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 1459544 c8ec6f3b401f13617e7cf40448540f6c
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 888798 18e87961972af3e0297e942c85265903
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 4314946 be1c04d3a8f6452f40044127bf2e7102
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_amd64.deb
Size/MD5 checksum: 710242 646f6b9634e24c4fb4aaf33770aec24d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 566044 5a2f2b8765bda3007b1beed9550a034c
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 1357464 6576953eb07a966c57cc39603d9787f3
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 738608 6a726cefd00960065100fc6f07c605ca
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_arm.deb
Size/MD5 checksum: 665920 6d7768f23e9c2dd4ff5a3c9d1a97a160
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)