Revision Date: | 2014-06-23 | Version: | 20 |
Title: | DSA-2285-1 mapserver -- several |
Description: | Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2703 Several instances of insufficient escaping of user input, leading to SQL injection attacks via OGC filter encoding. CVE-2011-2704 Missing length checks in the processing of OGC filter encoding that can lead to stack-based buffer overflows and the execution of arbitrary code. |
Family: | unix | Class: | patch |
Status: | ACCEPTED | Reference(s): | CVE-2011-2703 CVE-2011-2704 DSA-2285-1
|
Platform(s): | Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 5.0 Debian GNU/Linux 6.0
| Product(s): | mapserver
|
Definition Synopsis |
Release section Debian GNU/Linux 5.0 is installed
AND Installed architecture is all
AND mapserver DPKG is earlier than 5.0.3-3+lenny7
OR Release section
Debian 6.0 is installed
AND GNU/Linux or GNU/kFreeBSD kernel
Debian GNU/Linux is installed
OR Debian GNU/kFreeBSD is installed
AND Installed architecture is all
AND mapserver DPKG is earlier than 5.6.5-2+squeeze2
|