MapServer upstream has released security patches related to SQL injection vulnerabilities. This vulnerabilities apply to all previous MapServer versions. See upstream bug and fixes: http://trac.osgeo.org/mapserver/ticket/3903
mapserver-5.6.7-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mapserver-5.6.7-1.fc14
mapserver-5.6.7-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mapserver-5.6.7-1.fc15
(In reply to comment #0) > MapServer upstream has released security patches related to SQL injection > vulnerabilities. Thank you for the report, Even. I am going to steal this one to be security response product (since it's possible MapServer EPEL-5 version might be affected by this issue too).
> I am going to steal this one to be security > response product (since it's possible MapServer EPEL-5 version might be > affected by this issue too). Have decided to dedicate bug #723293 for this (there aren't only SQL injection flaws, but also some buffer overflow flaw in older versions). => Feel free to close this bug once Fedora mapserver updates have been pushed to Fedora -stable repository.
Package mapserver-5.6.7-1.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mapserver-5.6.7-1.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/mapserver-5.6.7-1.fc15 then log in and leave karma (feedback).
mapserver-5.6.7-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
mapserver-5.6.7-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.