Red Hat Bugzilla – Bug 509559
CVE-2009-2281 mapserver: incomplete upstream fix for CVE-2009-0840
Last modified: 2011-09-26 17:40:51 EDT
Nico Golde reported, that upstream fix for mapserver's security flaw CVE-2009-0840 is incomplete and does not correctly handle case when value of 0xffffffff is specified in Content-Length header. During the memory allocation +1 is added to the user-specified content-length value. Therefore malloc may be called with argument 0, typically resulting in small memory chuck to be allocated.
This flaw was fixed upstream in version 4.10.5, 5.2.3, and 5.4.2:
Current Fedora release is 5.6.7 and EPEL5 is 4.10.5, all of which contain the fix.