MapServer upstream during a security audit of MapServer v5.6 source code found a potential buffer overflow in the way MapServer generated unique temporary filenames. A local attacker could use this flaw to conduct denial of service attacks. References: [1] http://trac.osgeo.org/mapserver/ticket/3484 Upstream patch (against 5-4 SVN branch): [2] http://trac.osgeo.org/mapserver/changeset/10310 Upstream patch (against trunk): [3] http://trac.osgeo.org/mapserver/changeset/10318
This issue affects the versions of the mapserver package, as shipped with Fedora release of 12 and 13. Please fix.
Created mapserver tracking bugs for this issue Affects: fedora-all [bug 617314]