Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.1434 New mapserver packages fix serveral vulnerabilities 23 October 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mapserver Publisher: Debian Operating System: Debian GNU/Linux 4 Debian GNU/Linux 5 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Read-only Data Access -- Remote/Unauthenticated Create Arbitrary Files -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2009-2281 CVE-2009-0843 CVE-2009-0842 CVE-2009-0841 CVE-2009-0840 CVE-2009-0839 Reference: AA-2009.0076 Original Bulletin: http://www.debian.org/security/2009/dsa-1914 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA-1914-1 security@debian.org http://www.debian.org/security/ Nico Golde October 22nd, 2009 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : mapserver Vulnerability : several Problem type : remote Debian-specific: no Debian bug : #535340 #523027 CVE ID : CVE-2009-0843 CVE-2009-0842 CVE-2009-0841 CVE-2009-0840 CVE-2009-0839 CVE-2009-2281 Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0843 Missing input validation on a user supplied map queryfile name can be used by an attacker to check for the existence of a specific file by using the queryfile GET parameter and checking for differences in error messages. CVE-2009-0842 A lack of file type verification when parsing a map file can lead to partial disclosure of content from arbitrary files through parser error messages. CVE-2009-0841 Due to missing input validation when saving map files under certain conditions it is possible to perform directory traversal attacks and to create arbitrary files. NOTE: Unless the attacker is able to create directories in the image path or there is already a readable directory this doesn't affect installations on Linux as the fopen() syscall will fail in case a sub path is not readable. CVE-2009-0839 It was discovered that mapserver is vulnerable to a stack-based buffer overflow when processing certain GET parameters. An attacker can use this to execute arbitrary code on the server via crafted id parameters. CVE-2009-0840 An integer overflow leading to a heap-based buffer overflow when processing the Content-Length header of an HTTP request can be used by an attacker to execute arbitrary code via crafted POST requests containing negative Content-Length values. CVE-2009-2281 An integer overflow when processing HTTP requests can lead to a heap-based buffer overflow. An attacker can use this to execute arbitrary code either via crafted Content-Length values or large HTTP request. This is partly because of an incomplete fix for CVE-2009-0840. For the oldstable distribution (etch), this problem has been fixed in version 4.10.0-5.1+etch4. For the stable distribution (lenny), this problem has been fixed in version 5.0.3-3+lenny4. For the testing distribution (squeeze), this problem has been fixed in version 5.4.2-1. For the unstable distribution (sid), this problem has been fixed in version 5.4.2-1. We recommend that you upgrade your mapserver packages. Upgrade instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - - ------------------------------- Debian (oldstable) - - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.dsc Size/MD5 checksum: 1324 da6dc400ad2809025a367588eb931523 http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0.orig.tar.gz Size/MD5 checksum: 1782838 4668bbd017c20c251e962a5cd09c8f31 http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.diff.gz Size/MD5 checksum: 85762 61bec011ac70ab92c0ebdf064bbbe3ed Architecture independent packages: http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_4.10.0-5.1+etch4_all.deb Size/MD5 checksum: 94768 a6b8887a85643d4be20e5e1fc1c94c4d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_alpha.deb Size/MD5 checksum: 505828 d90975f9345f55213725ba30836248b3 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_alpha.deb Size/MD5 checksum: 3721704 aa3689eb024673362bc1f4eba5bcf506 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_alpha.deb Size/MD5 checksum: 612294 e87d84530f20dff11900357b1000c266 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_alpha.deb Size/MD5 checksum: 640400 ee763dfbcd9d96af2e7d68f379ac8b6f http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_alpha.deb Size/MD5 checksum: 613754 e11196261729f9b148c78ec494ed16d9 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_alpha.deb Size/MD5 checksum: 776080 b4f3464ee84e5cd99221fc7f13456158 arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_arm.deb Size/MD5 checksum: 524598 0f85fc0fe42f0a79d3ad6ccb424ab1f5 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_arm.deb Size/MD5 checksum: 540312 c06accd457ff567d7028c124f72e7b60 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_arm.deb Size/MD5 checksum: 660318 ce3a9044a866184881cbe798e72dc8ab http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_arm.deb Size/MD5 checksum: 435310 275339dd1b3bf757ff1c2efaa13ac5ac http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_arm.deb Size/MD5 checksum: 3166716 6e1d3953e09230dfba91e2559f652e06 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_arm.deb Size/MD5 checksum: 523334 ed00d5edf3b5a264ea061f34f7f22946 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_i386.deb Size/MD5 checksum: 539580 c269364509931789eb6ef47bae61a5f3 http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_i386.deb Size/MD5 checksum: 443446 ea0800ac81efc45f849c7e43dcdca16c http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_i386.deb Size/MD5 checksum: 552550 98c002338bed5b2ef37146bcf379e68a http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_i386.deb Size/MD5 checksum: 538672 d6c93b0c09a6c4af02835dc192379b95 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_i386.deb Size/MD5 checksum: 3229784 6a7c29331b215039c8e444d778250077 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_i386.deb Size/MD5 checksum: 684270 6254390f2d12c31173c1d8dcb92d142f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_ia64.deb Size/MD5 checksum: 828736 60856f8a15e3c05b33336507c27b9b84 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_ia64.deb Size/MD5 checksum: 987262 2d376547ba3042c15dfa4fea57aed858 http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_ia64.deb Size/MD5 checksum: 686356 80fcf125d9286bb6a23dafc6a0ba415c http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_ia64.deb Size/MD5 checksum: 790836 c11e9b1eb17ead28a428366355695275 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_ia64.deb Size/MD5 checksum: 5109184 b30a07d58eab67c84285a3b92f3eeddd http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_ia64.deb Size/MD5 checksum: 789878 7a0c80a55e536dcd6df60be5baf22bb4 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_mipsel.deb Size/MD5 checksum: 555028 be6ff689cb0ea08d06393c957b4cba12 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_mipsel.deb Size/MD5 checksum: 565660 8cfacd3fc20884e0b6c6ac3f589010db http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_mipsel.deb Size/MD5 checksum: 553884 369bac7623153f8e3a54f87668895ae6 http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_mipsel.deb Size/MD5 checksum: 486622 a03198abeeab6d71bf4ab40b29de7b0e http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_mipsel.deb Size/MD5 checksum: 3561220 81c5a3254387d9126bb840d5f45357d6 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_mipsel.deb Size/MD5 checksum: 600622 da0b19672fa100e835432a07bc2560ae powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_powerpc.deb Size/MD5 checksum: 561992 acbcfbb04f3db588562f2be72c1b1a9d http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_powerpc.deb Size/MD5 checksum: 585282 d4652893b6c25c2f21ceced832ca6205 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_powerpc.deb Size/MD5 checksum: 3348742 e4d99aec224d9f1289d9f02c2d3510b9 http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_powerpc.deb Size/MD5 checksum: 458854 c8428751ba59008c4dbed9b1b362cb15 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_powerpc.deb Size/MD5 checksum: 715146 5f57edca2c6c18ec17480a1f33e15458 http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_powerpc.deb Size/MD5 checksum: 563384 034eb83b319e5cc0aa1c3a3b3c37dee4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_s390.deb Size/MD5 checksum: 587272 2183ffa1e862ebfd7239f237612b2b5b http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_s390.deb Size/MD5 checksum: 559922 6528f0036a1555ad307298e55d1ca0af http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_s390.deb Size/MD5 checksum: 3341944 da6e735cae80a3b0b1cd80f567584c8d http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_s390.deb Size/MD5 checksum: 561112 58614ce7d6b4f3e15d504cfbc938c48f http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_s390.deb Size/MD5 checksum: 611700 d25cc74ad733b652b53add8c6983dde6 http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_s390.deb Size/MD5 checksum: 457848 f8c8ad80313f306f9f4df642bf7146b9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_sparc.deb Size/MD5 checksum: 547472 5e9921fe7eb781e690bb8a86725f1abb http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_sparc.deb Size/MD5 checksum: 548778 b09f7ca97de9d1103758184b13192b71 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_sparc.deb Size/MD5 checksum: 708650 3da45c28d243436b775fd0b52644c63f http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_sparc.deb Size/MD5 checksum: 447924 b2eaae9234ca38a0c20eb27a97c5ddb5 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_sparc.deb Size/MD5 checksum: 3256348 0d4f0358dff2591e64a79fdc00647c74 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_sparc.deb Size/MD5 checksum: 574136 7fa36c4bee299e6c333a5616e80bc0b3 Debian GNU/Linux 5.0 alias lenny - - -------------------------------- Debian (stable) - - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3.orig.tar.gz Size/MD5 checksum: 1806528 953a131497132baef84ca33f8432d299 http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny4.dsc Size/MD5 checksum: 2033 04fead45bba690c1f1c330356671a590 http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny4.diff.gz Size/MD5 checksum: 1472269 871cf7ca37e7d3f9bd91d9434f7dc2e1 Architecture independent packages: http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby_5.0.3-3+lenny4_all.deb Size/MD5 checksum: 44796 ae4a1cd5ae7d5facb4f41141ba5e045b http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_5.0.3-3+lenny4_all.deb Size/MD5 checksum: 168520 1f4f8fba19dec0708ab0efdffb48724b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_alpha.deb Size/MD5 checksum: 652082 5ff1023e8dba0c34aee31fbe91c0b5c6 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_alpha.deb Size/MD5 checksum: 1600930 39225645f9d1003594c4f8f8fa51444d http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_alpha.deb Size/MD5 checksum: 987646 8875c04bc7051d676c835195a732bcf8 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_alpha.deb Size/MD5 checksum: 844564 12b690e0a65ab7350d1c381f23d522a5 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_alpha.deb Size/MD5 checksum: 4836306 c2be854b94d75bd78676993331e95bf0 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_alpha.deb Size/MD5 checksum: 783362 143f2b5759d631112cafb2a6afcb37d9 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_alpha.deb Size/MD5 checksum: 844292 5cdfb8ff6e522fa1bd6685bd340a70b7 arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_arm.deb Size/MD5 checksum: 666318 202c434d413a63c68e4105a01b15b146 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_arm.deb Size/MD5 checksum: 4147952 2caa2f6bd96402938c2e9b9155831208 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_arm.deb Size/MD5 checksum: 738408 e305001d7e1071430012cc8401c464a2 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_arm.deb Size/MD5 checksum: 829300 a0f364a7496f590054229fa274e8b996 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_arm.deb Size/MD5 checksum: 738186 5e727ab69c9a3d94e664bc7a123de96e http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_arm.deb Size/MD5 checksum: 567678 96b9d51f90a125c32736f96844f803b7 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_arm.deb Size/MD5 checksum: 1358228 fdd6e7debc208625f4a784926931c7fa armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_armel.deb Size/MD5 checksum: 4484238 6ebf262957abd2ef478516c01e69d16e http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_armel.deb Size/MD5 checksum: 785530 cfaee32501906f1d13f9907cccd29656 http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_armel.deb Size/MD5 checksum: 609520 a1eab66be442721531ee776b5a375fa4 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_armel.deb Size/MD5 checksum: 710168 e436e7606be6580b87a451807d705e91 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_armel.deb Size/MD5 checksum: 878968 2bb3ed4fef4bd8a0c8edf6741dee4d89 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_armel.deb Size/MD5 checksum: 1450614 fa192b3758695cf454b30b5dd1313e9d http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_armel.deb Size/MD5 checksum: 785174 854cee84208047890d9c34ff3726fc17 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_i386.deb Size/MD5 checksum: 4200908 1e7aa6fa9fd97e44bab454dd4b8885d2 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_i386.deb Size/MD5 checksum: 689968 b786f12da9328751343567514a4b080a http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_i386.deb Size/MD5 checksum: 742666 cf98bfdc6a4ba63f02d1071229be12e7 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_i386.deb Size/MD5 checksum: 742818 a0f4d369a474871ce56abdf8b0005d6b http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_i386.deb Size/MD5 checksum: 867270 c93c9f5a3c95212f749bbe45d1337b36 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_i386.deb Size/MD5 checksum: 1390226 35b0e1ccb9371d5361d1c739a5829f89 http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_i386.deb Size/MD5 checksum: 572826 2b082c5f96aa661ad923c6a689cf8a72 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_ia64.deb Size/MD5 checksum: 1017178 40b12d345b65b9a81e73ccd6b974d2e5 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_ia64.deb Size/MD5 checksum: 6675022 98adddf9cdfd916faf4a0020acbf1d1e http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_ia64.deb Size/MD5 checksum: 1247906 07695fb1f4d82ecb56fb0c8fb1aa5416 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_ia64.deb Size/MD5 checksum: 1131092 ecbe4c220838d97aadce335fcdd80352 http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_ia64.deb Size/MD5 checksum: 890286 ff8bd142806cddd9c3395d000b3db5b7 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_ia64.deb Size/MD5 checksum: 1130862 08e8bf87a278bf783a849e38fd051fab http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_ia64.deb Size/MD5 checksum: 2109502 b11b361cb0f78540ef2cefeec126ae1d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_mips.deb Size/MD5 checksum: 631184 13199f051e8b5cc7cf73b1dfbc16cad2 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_mips.deb Size/MD5 checksum: 761820 5d222a44d2a1adeafcbebeba7472bd94 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_mips.deb Size/MD5 checksum: 4666306 dd0a600d9f8530ac473a80f0161e07d8 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_mips.deb Size/MD5 checksum: 701610 d58aab786869ba4f03dcb6f56f75724d http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_mips.deb Size/MD5 checksum: 722886 97dae8dcd1a612617d268f572ad4d8ac http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_mips.deb Size/MD5 checksum: 1412214 1c863d8e5b6143aa11f0c0f17476ae89 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_mips.deb Size/MD5 checksum: 722590 b6c718d4736d96774b7443ea5df1994a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_mipsel.deb Size/MD5 checksum: 632010 62c6e4bd0e0e70ddaf900aedb3803c09 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_mipsel.deb Size/MD5 checksum: 1406838 53bfd5932d0679a1c9edec67b28e9c58 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_mipsel.deb Size/MD5 checksum: 720686 3adf0ef1454c3e6d470c44f8a8a59161 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_mipsel.deb Size/MD5 checksum: 720896 13217294dc826c029a30471e4484d9f7 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_mipsel.deb Size/MD5 checksum: 703238 b12b26bdeff6828c415f11feab234851 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_mipsel.deb Size/MD5 checksum: 761242 2ba9557df2d7973a6b41e71edbc26718 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_mipsel.deb Size/MD5 checksum: 4672572 ef4abed3db1b5be4cdd08a0f9e98e5b9 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_powerpc.deb Size/MD5 checksum: 598198 1fd494a0bda3577a4293da0f500e48f1 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_powerpc.deb Size/MD5 checksum: 742888 11c1e63a7fef9e5a1a3ad49cb611487a http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_powerpc.deb Size/MD5 checksum: 802144 98e0a397ee0479f213762c900e3d2471 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_powerpc.deb Size/MD5 checksum: 802414 c5385417b9d28c52be4e0723ddf1b51b http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_powerpc.deb Size/MD5 checksum: 941542 af24159933c8e54b5203c3cd7c307f22 http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_powerpc.deb Size/MD5 checksum: 1520850 4b81970502d05a8ae9ab09c3cc4c1d85 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_powerpc.deb Size/MD5 checksum: 4409858 dddcc7a6477a0148ea1cb9d1b30b2b86 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_sparc.deb Size/MD5 checksum: 764904 8fe64aa2804d349adfdc7b3a6907b807 http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_sparc.deb Size/MD5 checksum: 4203198 211300cf53dba47628d1d2ec6e9e4b79 http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_sparc.deb Size/MD5 checksum: 765322 bb79004a547472c268d4a42640a3942f http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_sparc.deb Size/MD5 checksum: 1435726 06543046c2379b0eaebc4069a926579c http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_sparc.deb Size/MD5 checksum: 574678 82da745a969852b0d201599f58367ec8 http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_sparc.deb Size/MD5 checksum: 696576 a6171c3789c939f768ffc6eb54a28442 http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_sparc.deb Size/MD5 checksum: 897036 d63071fbfbb7c248b68ba7e1ee50915a These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrgpZYACgkQHYflSXNkfP+NGwCfe35pC3uPzUg1crtZtFqeDi4t qH0AoLCAYB+mgBg0k3d6pT21V4s2uOVn =XDvN - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFK4OUtNVH5XJJInbgRAqzcAJ9KPP7q03Gk18P5OvFZojszyiEyDQCfb7R+ MclfGgpJO2zsDG/RQRJ9iSI= =P1a/ -----END PGP SIGNATURE-----