FrSIRT - Fedora Security Update Fixes Mapserver Cross Site Scripting and Buffer Overflow / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Mapserver Cross Site Scripting and Buffer Overflow

Title : Fedora Security Update Fixes Mapserver Cross Site Scripting and Buffer Overflow
Advisory ID : FrSIRT/ADV-2007-3064
CVE ID : CVE-2007-4542 - CVE-2007-4629
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-06

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to execute arbitrary scripting code, cause a denial of service, or potentially compromise an affected system [...]

Solution

Upgrade the affected packages :

7465f45f9c12c3692f1ae77487896759d921b2f7 mapserver-python-4.10.3-2.fc7.ppc64.rpm
901bb09e9e539a91da2a240e1db33c70866719f3 mapserver-java-4.10.3-2.fc7.ppc64.rpm
1f488886dedfc92b612c181ea8c7dece17dc7834 mapserver-debuginfo-4.10.3-2.fc7.ppc64.rpm
a87ec0b354b2327abe3e5aa06a1c3fcd2ca0ecf2 mapserver-perl-4.10.3-2.fc7.ppc64.rpm
df113ba1da9dc1767d0bccaad4ad8138747a0f83 php-mapserver-4.10.3-2.fc7.ppc64.rpm
e55a4bbc934a8547785ad35858607c2a6b0fd055 mapserver-4.10.3-2.fc7.ppc64.rpm
752ad072741f774be5fe01308d63cc29dcea4c3b mapserver-java-4.10.3-2.fc7.i386.rpm
74e5b399622d7cb494fbb75b4ca7f553c35bdee4 mapserver-4.10.3-2.fc7.i386.rpm
90557fac0dc7334530a2d840b26d342aba361cac mapserver-python-4.10.3-2.fc7.i386.rpm
4f5d70c8e553dc617cd9d2343998053a93f9df6d mapserver-debuginfo-4.10.3-2.fc7.i386.rpm
50890b13e4ece58b7d2bd29947e577650167faa0 mapserver-perl-4.10.3-2.fc7.i386.rpm
2a00916f91017455d19cf13dfd44582229c7361a php-mapserver-4.10.3-2.fc7.i386.rpm
70d4ac21457bbc84c21c48605e9353009b28e976 mapserver-perl-4.10.3-2.fc7.x86_64.rpm
2253781d39d9b0567cee58ab95d22b5f35a25406 php-mapserver-4.10.3-2.fc7.x86_64.rpm
8c1f6e411f4c1593a48819692186f34baebf1e90 mapserver-java-4.10.3-2.fc7.x86_64.rpm
0748e32a97d0f58e9e5b0500494408757bfb66ce mapserver-debuginfo-4.10.3-2.fc7.x86_64.rpm
7de7f750a6fb9a585345cbfb487ba9331827d3f7 mapserver-python-4.10.3-2.fc7.x86_64.rpm
9d8fd59f40138d0d64981b9c1bcbb1caa2cbdd78 mapserver-4.10.3-2.fc7.x86_64.rpm
5b8e26a1ac1eedc91c0b579c589316886ddd4f2b mapserver-java-4.10.3-2.fc7.ppc.rpm
c994583c221b2fa3b8d3274050b2627e19c0323b mapserver-python-4.10.3-2.fc7.ppc.rpm
64d29bb146eb2e7598820f0b19e1966255190856 mapserver-4.10.3-2.fc7.ppc.rpm
aa8cfa9725da3b6b9362e26a5eb14a3ee4c50468 mapserver-perl-4.10.3-2.fc7.ppc.rpm
0382fff412175f78a26da493af758c4eb06a3e24 mapserver-debuginfo-4.10.3-2.fc7.ppc.rpm
50b8c815d08d2316147564abc21a4c9dafa99429 php-mapserver-4.10.3-2.fc7.ppc.rpm
b77ad0693b5c5b0786cb081e6c6a5a60c821d071 mapserver-4.10.3-2.fc7.src.rpm

ChangeLog

2007-09-06 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco IOS/CatOS VLAN Trunking Protocol DoS Vulnerability
	Cisco PIX and ASA Security Bypass and Denial of Service
	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities

	Sun Logical Domain Manager Local Privilege Escalation Vulnerability
	Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability
	Sun Java Messaging Server Cross Site Scripting Vulnerability
	Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability
	Sun Java System Identity Manager Security Bypass Vulnerabilities
	Sun Solaris DHCP Buffer Overflow and Denial of Service
	Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability