-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2008.0351 -- [UNIX/Linux][Debian]
            New mapserver packages fix multiple vulnerabilities
                               7 April 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              mapserver
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
                      UNIX variants (UNIX, Linux, OSX)
Impact:               Execute Arbitrary Code/Commands
                      Cross-site Scripting
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-4629 CVE-2007-4542

Original Bulletin:    http://www.debian.org/security/2008/dsa-1539

Comment: This advisory references vulnerabilties in products which run on
         platforms other than Debian. It is recommended that administrators
         running mapserver check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1539-1                  security@debian.org
http://www.debian.org/security/                           Devin Carraway
April 04, 2008                        http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : mapserver
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-4542 CVE-2007-4629

Chris Schmidt and Daniel Morissette discovered two vulnerabilities
in mapserver, a development environment for spatial and mapping
applications.  The Common Vulnerabilities and Exposures project
identifies the following two problems:

CVE-2007-4542

    Lack of input sanitizing and output escaping in the CGI
    mapserver's template handling and error reporting routines leads
    to cross-site scripting vulnerabilities.

CVE-2007-4629
    
    Missing bounds checking in mapserver's template handling leads to
    a stack-based buffer overrun vulnerability, allowing a remote
    attacker to execute arbitrary code with the privileges of the CGI
    or httpd user.

For the stable distribution (etch), these problems have been fixed in
version 4.10.0-5.1+etch2.

For the unstable distribution (sid), these problems have been fixed in
version 4.10.3-1.

We recommend that you upgrade your mapserver (4.10.0-5.1+etch2) package.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch2.dsc
    Size/MD5 checksum:     1315 19c7e595b5f855246bdda2cb64dfbba6
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0.orig.tar.gz
    Size/MD5 checksum:  1782838 4668bbd017c20c251e962a5cd09c8f31
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch2.diff.gz
    Size/MD5 checksum:    21156 d424dba068ade923260400584ccc41c9

Architecture independent packages:

  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_4.10.0-5.1+etch2_all.deb
    Size/MD5 checksum:    98096 228d80f159c068f2f2dbcaabdc5f0142

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_alpha.deb
    Size/MD5 checksum:   499998 8f5698905169ca1628313e963d97c736
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_alpha.deb
    Size/MD5 checksum:   606384 19ea43dbd9c415093f7eb4726b729897
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_alpha.deb
    Size/MD5 checksum:  3680182 aacfaef3131318654056f40b421939fa
  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_alpha.deb
    Size/MD5 checksum:   607784 cb386adc2051f239bd0caef91ac92505
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_alpha.deb
    Size/MD5 checksum:   635130 06f6d035a7611623be6cb5c3afd0ef9e
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_alpha.deb
    Size/MD5 checksum:   770054 ef54472362dbc57e8fc9b1e264215c79

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_amd64.deb
    Size/MD5 checksum:   546404 792b68c551f4bb850cc2e3fb6dc6a4fd
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_amd64.deb
    Size/MD5 checksum:   577372 664d2194141c0d80ad8ba4c4cde7879c
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_amd64.deb
    Size/MD5 checksum:   545634 ca7def85a6cbe91d04b27b111b4c9ab5
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_amd64.deb
    Size/MD5 checksum:   698078 32bb9470760e29a552b809073a9acc7d
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_amd64.deb
    Size/MD5 checksum:  3269920 43e559a538f7bf03fdbf9997f69ca50c
  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_amd64.deb
    Size/MD5 checksum:   447180 67f97111943841cfcc3cbed8ce38d637

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_hppa.deb
    Size/MD5 checksum:   490234 f8b6750656c332fe23c39a9f78ed221f
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_hppa.deb
    Size/MD5 checksum:   604170 e8eee5772e3a22700b86cc5a3a212ab0
  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_hppa.deb
    Size/MD5 checksum:   605416 7b60c69d78d1b9418c84a1d64a6fa52a
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_hppa.deb
    Size/MD5 checksum:   716022 99284438b81148dd876ca643d368bdfb
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_hppa.deb
    Size/MD5 checksum:  3604018 33c29a3f03084548e2986da9a801eaea
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_hppa.deb
    Size/MD5 checksum:   640994 ec6952e07f25d21536f97881940fc332

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_i386.deb
    Size/MD5 checksum:   679168 e64403426963a88c377542fea91343c4
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_i386.deb
    Size/MD5 checksum:   548294 630201c053e7b91f8e9ce64c823c17dd
  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_i386.deb
    Size/MD5 checksum:   437666 0a1505703af0c1a48d64f2d038da6aa0
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_i386.deb
    Size/MD5 checksum:   532098 572b22648d3c22ce7407eea80a67f82a
  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_i386.deb
    Size/MD5 checksum:   532862 58a54016f685daab8c567c876ad1c4bd
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_i386.deb
    Size/MD5 checksum:  3190140 204555dc33ec7b226ef8f2f8525db170

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_ia64.deb
    Size/MD5 checksum:   783708 7b29e6da8bf8250c04a62fe13bdc011b
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_ia64.deb
    Size/MD5 checksum:  5063660 b889010ab9c78e7ed07eea208a9334a0
  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_ia64.deb
    Size/MD5 checksum:   784782 97086a9de4be64b8b8707134f1bcfbd3
  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_ia64.deb
    Size/MD5 checksum:   679852 68efbd6efae15a522a2f2c63e376487a
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_ia64.deb
    Size/MD5 checksum:   981752 069d27887888b57c99a6b4fe3f0722f1
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_ia64.deb
    Size/MD5 checksum:   821774 e150ab973b38a7c07e5c847d6b5bd64b

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_mips.deb
    Size/MD5 checksum:   548380 4e47dfcf1964e0e492843edf4dccfa3a
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_mips.deb
    Size/MD5 checksum:   546882 01c1fe2bb20638adb7b7766d8f206f75
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_mips.deb
    Size/MD5 checksum:   562064 ac0f572131814de0d6d42baedb2c79e2
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_mips.deb
    Size/MD5 checksum:  3508794 0a9693d49164791b4937ca6a2dc3cc89
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_mips.deb
    Size/MD5 checksum:   596240 80e21dbb719f84659ebcf4fe1b33b84f
  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_mips.deb
    Size/MD5 checksum:   478066 7c1ffda6b2c12357faab71435837cfc0

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_mipsel.deb
    Size/MD5 checksum:  3521650 7c63c1ee85a82ea30413a1d63cc3047e
  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_mipsel.deb
    Size/MD5 checksum:   549762 af6c9505f9c136aa9e6c66cad597e6ca
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_mipsel.deb
    Size/MD5 checksum:   548530 d163f209f4d5effb22d574ad8c219508
  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_mipsel.deb
    Size/MD5 checksum:   480380 911b5d5804322f4a62b095c9c64fc9cc
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_mipsel.deb
    Size/MD5 checksum:   559940 688ca8a13b4cf4340cb9a4b4448cd2ba
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_mipsel.deb
    Size/MD5 checksum:   596074 3a0489a3d59c8a3b60fe08c5c37eb251

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_powerpc.deb
    Size/MD5 checksum:   453732 01000caf42f203b6c2330e579d79b28a
  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_powerpc.deb
    Size/MD5 checksum:   557654 fd75a89e0ecc889db67fd517c8bf7568
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_powerpc.deb
    Size/MD5 checksum:   556412 678fb38b4dd725f1ae2f520e2ff92270
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_powerpc.deb
    Size/MD5 checksum:   708664 b8a96b7531808b2965d7dba797821d50
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_powerpc.deb
    Size/MD5 checksum:   579560 cd5d303cfa304194217ebbbc58ae2e4b
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_powerpc.deb
    Size/MD5 checksum:  3305834 860ad67587a7a080e6aa1fc752e2abd2

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_s390.deb
    Size/MD5 checksum:  3302260 995559c077c87884aa90f9361a3d57b2
  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_s390.deb
    Size/MD5 checksum:   555090 1b6d9bf9660334c0c4df0295fb65559d
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_s390.deb
    Size/MD5 checksum:   553850 f0ffecbccb2df4a50a31618a01362bb2
  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_s390.deb
    Size/MD5 checksum:   452176 6ed738fa8f1f1a0a5fef28ede711d4b9
  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_s390.deb
    Size/MD5 checksum:   581032 48e1a6e91883bf1d859ebc1e17ca9809
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_s390.deb
    Size/MD5 checksum:   606142 9d0d79a7ccaa876218079e180e316ee2

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_sparc.deb
    Size/MD5 checksum:   568812 9a0a3af49a1bdb305e5146915441dd2f
  http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_sparc.deb
    Size/MD5 checksum:   703378 08a50fe3eb7330eac9dc77ae86a93900
  http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_sparc.deb
    Size/MD5 checksum:   541560 388c334dcb0fafb48805ce5f7cd40078
  http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_sparc.deb
    Size/MD5 checksum:   542890 6c54d5dfbb8ae3ead60bd7aa7135ebd9
  http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_sparc.deb
    Size/MD5 checksum:  3216194 263c2aa66013c75217751e7faf6c40d4
  http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_sparc.deb
    Size/MD5 checksum:   442792 fb273e738d0a0f234088b58c53125304


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR/aTKmz0hbPcukPfAQJnTwf9EzFmALXcGCSBs+OgNHdkTpdhBieqp+Wr
cfXaeqeSZqb3qZkidTr3KhySfnn1iC2UZ0shpSlA3UcEed4mDXw7FYjPR2BFt4wh
4pfDbMEJZ7M9G9xNMxzLYuLgteVyuFcabx10qvkJup0I7WF5WwZ9QXu/810WZNdb
a7bRGbS3RR+Et/iRVTnXAjKYjyG+p5+66bEe/rO1ILk+3zkH8DOV/0KQ2WX0qSf4
WeLqN9fGEPLCBodGbV2c1xOfqxDfXSBndjdT0qgHIObQwOqUicIv73spk8qS6h0T
micCWyWAPHmrrvQ8LYSx+Jd38DehtQBlexXnvCUT/iY9NfAfr742cw==
=HRO4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR/lt+Sh9+71yA2DNAQIH9gP/ThndG7POgaVIxId6EZyafdHiZq1VvhHl
7hzYVnWvbTjzLSgAgded2AuzBlvckclyKjEoO9qq6cRmDc95m2tJgD7G3/81hKTn
dnsyc2eUzjX2H7PwMdrY/o2CD4f8D7xskHNEl/Abo5PdcdPrxsXY2wrRRB9OeR7Z
M2utoWV01yI=
=/kzN
-----END PGP SIGNATURE-----