| Summary: | <sci-geosciences/mapserver-5.6.6: Multiple Vulnerabilities (CVE-2010-{2539,2540}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | sci-geosciences |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html | ||
| Whiteboard: | ~1 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 314109 | ||
| Bug Blocks: | |||
|
Description
Tim Sammut (RETIRED)
2010-08-28 21:30:57 UTC
CVE-2010-2539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2539): Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files. CVE-2010-2540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2540): mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments. I added 6.0_rc1 and 5.6.6 to cvs. All older were dropped. The older releases were never stable. @security: your turn guys, and sorry it took so long. (In reply to comment #2) > I added 6.0_rc1 and 5.6.6 to cvs. All older were dropped. > > The older releases were never stable. > Great, thank you. Closing noglsa since there were no stable ebuilds. |
