Lucene search

DebianDEBIAN:DSA-3766-1:728BD

HistoryJan 19, 2017 - 8:49 a.m.

[SECURITY] [DSA 3766-1] mapserver security update

2017-01-1908:49:02

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.078

Percentile

94.2%

JSON

Debian Security Advisory DSA-3766-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
January 19, 2017 https://www.debian.org/security/faq

Package : mapserver
CVE ID : CVE-2017-5522

It was discovered that mapserver, a CGI-based framework for Internet
map services, was vulnerable to a stack-based overflow. This issue
allowed a remote user to crash the service, or potentially execute
arbitrary code.

For the stable distribution (jessie), this problem has been fixed in
version 6.4.1-5+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 7.0.4-1.

We recommend that you upgrade your mapserver packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8mipslibmapscript-ruby1.9.1< 6.4.1-5+deb8u3libmapscript-ruby1.9.1_6.4.1-5+deb8u3_mips.deb
Debian8powerpclibmapscript-ruby1.8< 6.4.1-5+deb8u3libmapscript-ruby1.8_6.4.1-5+deb8u3_powerpc.deb
Debian8kfreebsd-i386python-mapscript< 6.4.1-5+deb8u3python-mapscript_6.4.1-5+deb8u3_kfreebsd-i386.deb
Debian8armellibmapscript-perl< 6.4.1-5+deb8u3libmapscript-perl_6.4.1-5+deb8u3_armel.deb
Debian8amd64cgi-mapserver< 6.4.1-5+deb8u3cgi-mapserver_6.4.1-5+deb8u3_amd64.deb
Debian8s390xlibmapserver1-dbg< 6.4.1-5+deb8u3libmapserver1-dbg_6.4.1-5+deb8u3_s390x.deb
Debian8arm64mapserver-bin< 6.4.1-5+deb8u3mapserver-bin_6.4.1-5+deb8u3_arm64.deb
Debian8i386libmapserver1-dbg< 6.4.1-5+deb8u3libmapserver1-dbg_6.4.1-5+deb8u3_i386.deb
Debian8kfreebsd-amd64php5-mapscript< 6.4.1-5+deb8u3php5-mapscript_6.4.1-5+deb8u3_kfreebsd-amd64.deb
Debian7armhfphp5-mapscript< 6.0.1-3.2+deb7u4php5-mapscript_6.0.1-3.2+deb7u4_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	mips	libmapscript-ruby1.9.1	< 6.4.1-5+deb8u3	libmapscript-ruby1.9.1_6.4.1-5+deb8u3_mips.deb
Debian	8	powerpc	libmapscript-ruby1.8	< 6.4.1-5+deb8u3	libmapscript-ruby1.8_6.4.1-5+deb8u3_powerpc.deb
Debian	8	kfreebsd-i386	python-mapscript	< 6.4.1-5+deb8u3	python-mapscript_6.4.1-5+deb8u3_kfreebsd-i386.deb
Debian	8	armel	libmapscript-perl	< 6.4.1-5+deb8u3	libmapscript-perl_6.4.1-5+deb8u3_armel.deb
Debian	8	amd64	cgi-mapserver	< 6.4.1-5+deb8u3	cgi-mapserver_6.4.1-5+deb8u3_amd64.deb
Debian	8	s390x	libmapserver1-dbg	< 6.4.1-5+deb8u3	libmapserver1-dbg_6.4.1-5+deb8u3_s390x.deb
Debian	8	arm64	mapserver-bin	< 6.4.1-5+deb8u3	mapserver-bin_6.4.1-5+deb8u3_arm64.deb
Debian	8	i386	libmapserver1-dbg	< 6.4.1-5+deb8u3	libmapserver1-dbg_6.4.1-5+deb8u3_i386.deb
Debian	8	kfreebsd-amd64	php5-mapscript	< 6.4.1-5+deb8u3	php5-mapscript_6.4.1-5+deb8u3_kfreebsd-amd64.deb
Debian	7	armhf	php5-mapscript	< 6.0.1-3.2+deb7u4	php5-mapscript_6.0.1-3.2+deb7u4_armhf.deb