Nico Golde reported, that upstream fix for mapserver's security flaw CVE-2009-0840 is incomplete and does not correctly handle case when value of 0xffffffff is specified in Content-Length header. During the memory allocation +1 is added to the user-specified content-length value. Therefore malloc may be called with argument 0, typically resulting in small memory chuck to be allocated. References: http://thread.gmane.org/gmane.comp.security.oss.general/1861 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523027#14
This flaw was fixed upstream in version 4.10.5, 5.2.3, and 5.4.2: http://osgeo-org.1803224.n2.nabble.com/MapServer-5-4-2-released-also-5-2-3-and-4-10-5-td3315624.html Current Fedora release is 5.6.7 and EPEL5 is 4.10.5, all of which contain the fix.