Lucene search

Gentoo FoundationMGASA-2015-0097

HistoryMar 06, 2015 - 9:08 p.m.

Updated mapserver packages fix CVE-2013-7262 and packaging issues

2015-03-0621:08:57

Gentoo Foundation

advisories.mageia.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

52.5%

JSON

Updated mapserver packages fix security vulnerability: SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter (CVE-2013-7262). The mapserver package has been updated to version 6.2.2, which fixes this issue and several other bugs, including some packaging issues which prevented it from working anyway.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchmapserver< 6.2.2-1.2mapserver-6.2.2-1.2.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	mapserver	< 6.2.2-1.2	mapserver-6.2.2-1.2.mga4

References

www.mapserver.org/development/changelog/changelog-6-2-2.html

bugs.mageia.org/show_bug.cgi?id=15363

bugzilla.redhat.com/show_bug.cgi?id=1048688

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

52.5%

JSON

Related for MGASA-2015-0097