Red Hat Bugzilla – Bug 723293
CVE-2011-2703 CVE-2011-2704 CVE-2011-2975 MapServer (v6.0.1, v5.6.7 and v4.10.7): Multiple SQL injections and one (stack-based) buffer overflow flaw
Last modified: 2016-01-26 07:29:14 EST
Multiple SQL injection flaws and one stack based buffer overflow flaw were found in MapServer:
More from :
MapServer developers have discovered flaws in the OGC filter support in
MapServer. That code is used in support of WFS, WMS-SLD and SOS
All versions may be susceptible to SQL injection under certain
circumstances. The extent of the vulnerability depends on the MapServer
version, relational database and mapfile configuration being used. All
users are ** strongly encouraged ** to upgrade to these latest releases.
The 5.6.7 and 4.10.7 releases also address one significant potentially
exploitable buffer overflow (6.0 branch is not vulneralble).
Relevant upstream patches:
(for 6.0.x branch)
(for 5.6.x branch)
(for 5.4.x branch)
(for 5.2.x branch)
(for 5.0.x branch)
(for 4.10.x branch)
The mapserver package updates for Fedora release of 14 and 15 have been already scheduled (mapserver-5.6.7-1.fc14, mapserver-5.6.7-1.fc15). Once they have passed the required level of testing, they will be pushed to Fedora -stable repository. See https://bugzilla.redhat.com/show_bug.cgi?id=722545 for further details.
This issue affects the version of the mapserver package, as present within EPEL-5 repository. Please schedule an update.
Note: Upon look at the patch, looks the proposed v4.10.x patch changes are
already present in mapserver-4.10.5-1.el5 version, being currently
available for EPEL-5. Though the buffer overflow fix is missing.
Created mapserver tracking bugs for this issue
Affects: epel-5 [bug 723295]
The following CVE assignments were made:
CVE-2011-2703 mapserver SQL injection flaws
CVE-2011-2704 mapserver stack based buffer overflows
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2975 to
the following vulnerability:
Double free vulnerability in the msAddImageSymbol function in
mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to
cause a denial of service (application crash) or have unspecified
other impact via crafted mapfile data.