DSA-2078-1 mapserver -- severalID: oval:org.secpod.oval:def:600117 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2539 A stack-based buffer overflow in the msTmpFile function might lead to arbitrary code execution under some conditions. CVE-2010-2540 It was discovered that the CGI debug command-line arguments which are enabled by default are insecure and may allow a remote attacker to execute arbitrary code. Therefore they have been disabled by default. For the stable distribution , this problem has been fixed in version 5.0.3-3+lenny5. For the testing distribution , this problem has been fixed in version 5.6.4-1. For the unstable distribution , this problem has been fixed in version 5.6.4-1. We recommend that you upgrade your mapserver packages.