DSA-2285-1 mapserver -- severalID: oval:org.secpod.oval:def:600596 | Date: (C)2011-07-29 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2703 Several instances of insufficient escaping of user input, leading to SQL injection attacks via OGC filter encoding . CVE-2011-2704 Missing length checks in the processing of OGC filter encoding that can lead to stack-based buffer overflows and the execution of arbitrary code.
Platform: |
Debian 5.0 |
Debian 6.0 |