Multiple SQL injection flaws and one stack based buffer overflow flaw were found in MapServer: [1] http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html More from [1]: MapServer developers have discovered flaws in the OGC filter support in MapServer. That code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are ** strongly encouraged ** to upgrade to these latest releases. The 5.6.7 and 4.10.7 releases also address one significant potentially exploitable buffer overflow (6.0 branch is not vulneralble). References: [1] http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html [2] http://trac.osgeo.org/mapserver/ticket/3903 [3] https://bugzilla.redhat.com/show_bug.cgi?id=722545 [4] http://www.openwall.com/lists/oss-security/2011/07/19/11 (CVE Request) Relevant upstream patches: [5] http://trac.osgeo.org/mapserver/attachment/ticket/3903/ticket3903_6.0.x.patch (for 6.0.x branch) [6] http://trac.osgeo.org/mapserver/attachment/ticket/3903/ticket3903_5.6.x.patch (for 5.6.x branch) [7] http://trac.osgeo.org/mapserver/attachment/ticket/3903/ticket3903_5.4.x.patch (for 5.4.x branch) [8] http://trac.osgeo.org/mapserver/attachment/ticket/3903/ticket3903_5.2.x.patch (for 5.2.x branch) [9] http://trac.osgeo.org/mapserver/attachment/ticket/3903/ticket3903_5.0.x.patch (for 5.0.x branch) [10] http://trac.osgeo.org/mapserver/attachment/ticket/3903/ticket3903_4.10.x.patch (for 4.10.x branch)
The mapserver package updates for Fedora release of 14 and 15 have been already scheduled (mapserver-5.6.7-1.fc14, mapserver-5.6.7-1.fc15). Once they have passed the required level of testing, they will be pushed to Fedora -stable repository. See https://bugzilla.redhat.com/show_bug.cgi?id=722545 for further details. -- This issue affects the version of the mapserver package, as present within EPEL-5 repository. Please schedule an update. Note: Upon look at the patch, looks the proposed v4.10.x patch changes are already present in mapserver-4.10.5-1.el5 version, being currently available for EPEL-5. Though the buffer overflow fix is missing.
Created mapserver tracking bugs for this issue Affects: epel-5 [bug 723295]
The following CVE assignments were made: CVE-2011-2703 mapserver SQL injection flaws CVE-2011-2704 mapserver stack based buffer overflows
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2975 to the following vulnerability: Name: CVE-2011-2975 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2975 Assigned: 20110801 Reference: http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html Reference: http://trac.osgeo.org/mapserver/ticket/3939 Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.