[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
** Branch linked: lp:ubuntu/hardy-updates/mapserver ** Branch linked: lp:ubuntu/intrepid-updates/mapserver ** Branch linked: lp:ubuntu/jaunty-security/mapserver -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
This bug was fixed in the package mapserver - 5.0.0-3ubuntu0.1 --- mapserver (5.0.0-3ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: stack-based buffer overflow (LP: #398814) - debian/patches/01_CVE-2009-0839.dpatch: Apply a regex pattern to limit an id's value. - CVE-2009-0839 * SECURITY UPDATE: heap-based buffer underflow (LP: #398814) - debian/patches/02_CVE-2009-840-CVE-2009-2281.dpatch: Add validation for a post request and the content-length. - CVE-2009-0840, CVE-2009-2281 * SECURITY UPDATE: relative file path writing (LP: #398814) - debian/patches/03_CVE-2009-0841.dpatch: Limit the buffer size. - CVE-2009-0841 * SECURITY UPDATE: file data leakage (LP: #398814) - debian/patches/04_CVE-2009-0842.dpatch: Set MAP/SYMBOLSET tag as mandatory. - CVE-2009-0842 * SECURITY UPDATE: file existence leakage (LP: #398814) - debian/patches/05_CVE-2009-0843.dpatch: Add regex validation for the file extension. - CVE-2009-0843 * SECURITY UPDATE: paths specified in url vulnerabilities. - debian/patches/06_urlpath.dpatch: Disable the variable overwriting from URL of a few variables. - [http://trac.osgeo.org/mapserver/ticket/1836] -- Alan BoudreaultTue, 18 Aug 2009 09:42:23 -0400 -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
This bug was fixed in the package mapserver - 5.0.3-3ubuntu0.1 --- mapserver (5.0.3-3ubuntu0.1) jaunty-security; urgency=low * SECURITY UPDATE: stack-based buffer overflow (LP: #398814) - debian/patches/01_CVE-2009-0839.dpatch: Apply a regex pattern to limit an id's value. - CVE-2009-0839 * SECURITY UPDATE: heap-based buffer underflow (LP: #398814) - debian/patches/02_CVE-2009-840-CVE-2009-2281.dpatch: Add validation for a post request and the content-length. - CVE-2009-0840, CVE-2009-2281 * SECURITY UPDATE: relative file path writing (LP: #398814) - debian/patches/03_CVE-2009-0841.dpatch: Limit the buffer size. - CVE-2009-0841 * SECURITY UPDATE: file data leakage (LP: #398814) - debian/patches/04_CVE-2009-0842.dpatch: Set MAP/SYMBOLSET tag as mandatory. - CVE-2009-0842 * SECURITY UPDATE: file existence leakage (LP: #398814) - debian/patches/05_CVE-2009-0843.dpatch: Add regex validation for the file extension. - CVE-2009-0843 * SECURITY UPDATE: paths specified in url vulnerabilities. - debian/patches/06_urlpath.dpatch: Disable the variable overwriting from URL of a few variables. - [http://trac.osgeo.org/mapserver/ticket/1836] -- Alan BoudreaultTue, 18 Aug 2009 10:47:46 -0400 ** Changed in: mapserver (Ubuntu Jaunty) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0839 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0840 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0841 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0843 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-2281 ** Changed in: mapserver (Ubuntu Intrepid) Status: Fix Committed => Fix Released -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
This bug was fixed in the package mapserver - 5.0.3-2ubuntu0.1 --- mapserver (5.0.3-2ubuntu0.1) intrepid-security; urgency=low * SECURITY UPDATE: stack-based buffer overflow (LP: #398814) - debian/patches/01_CVE-2009-0839.dpatch: Apply a regex pattern to limit an id's value. - CVE-2009-0839 * SECURITY UPDATE: heap-based buffer underflow (LP: #398814) - debian/patches/02_CVE-2009-840-CVE-2009-2281.dpatch: Add validation for a post request and the content-length. - CVE-2009-0840, CVE-2009-2281 * SECURITY UPDATE: relative file path writing (LP: #398814) - debian/patches/03_CVE-2009-0841.dpatch: Limit the buffer size. - CVE-2009-0841 * SECURITY UPDATE: file data leakage (LP: #398814) - debian/patches/04_CVE-2009-0842.dpatch: Set MAP/SYMBOLSET tag as mandatory. - CVE-2009-0842 * SECURITY UPDATE: file existence leakage (LP: #398814) - debian/patches/05_CVE-2009-0843.dpatch: Add regex validation for the file extension. - CVE-2009-0843 * SECURITY UPDATE: paths specified in url vulnerabilities. - debian/patches/06_urlpath.dpatch: Disable the variable overwriting from URL of a few variables. - [http://trac.osgeo.org/mapserver/ticket/1836] -- Alan BoudreaultThu, 23 Jul 2009 08:53:05 -0400 ** Changed in: mapserver (Ubuntu Hardy) Status: Fix Committed => Fix Released -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
For the security patches, they have been tested by the mapserver devs before the changes in branches. I've made a few test on my side locally. I've not really tested the patches for hardy/intrepid/jaunty because they are almost identical to those I've made for debian, which the major issues have been tested. -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
Thanks for you patches! They look good and I have uploaded them for building. Can you comment on the testing performed for hardy, intrepid and jaunty? Thanks! ** Changed in: mapserver (Ubuntu Hardy) Status: In Progress => Fix Committed ** Changed in: mapserver (Ubuntu Jaunty) Status: In Progress => Fix Committed -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
** Changed in: mapserver (Ubuntu Karmic) Status: Confirmed => Fix Released -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
For Karmic, I've created a bug to sync the source package mapserver with debian unstable. The version 5.4.2 fixes all security bugs. See: https://bugs.launchpad.net/ubuntu/+source/mapserver/+bug/415413 -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
** Attachment added: "Security Patch for Jaunty" http://launchpadlibrarian.net/30474279/mapserver_5.0.3-3ubuntu0.1.patch ** Changed in: mapserver (Ubuntu Jaunty) Status: Confirmed => In Progress -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
** Attachment added: "Security Patch for hardy" http://launchpadlibrarian.net/30472108/mapserver_5.0.0-3ubuntu0.1.patch ** Changed in: mapserver (Ubuntu Hardy) Status: Confirmed => In Progress -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
Alan, Sorry for the delay on this. Your submitted patch for Intrepid was not marked as a patch and our automated scripting didn't show it in our list of patches to review. I fixed that. The patch for Intrepid looks great and I'm going to go ahead and upload it to the security PPA. Can you detail the testing performed? Feel free to upload for the other releases and indicate the testing performed. Thanks for all your hard work! ** Changed in: mapserver (Ubuntu Intrepid) Status: In Progress => Fix Committed -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
I would like to be informed as soon as someone check the intrepid patch. If everything is ok, will work on the patch of a few other distributions. -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
** Attachment added: "Security Patch for intrepid" http://launchpadlibrarian.net/29584339/mapserver_5.0.3-2ubuntu0.1.patch ** Changed in: mapserver (Ubuntu Intrepid) Status: Confirmed => In Progress -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
The second issue is: http://trac.osgeo.org/mapserver/ticket/1836 According to that bug, this functionality has been removed in mapserver 5.4. ** Also affects: mapserver (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: mapserver (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: mapserver (Ubuntu Intrepid) Importance: Undecided Status: New ** Also affects: mapserver (Ubuntu Jaunty) Importance: Undecided Status: New ** Also affects: mapserver (Ubuntu Karmic) Importance: Undecided Status: Confirmed ** Changed in: mapserver (Ubuntu Dapper) Status: New => Confirmed ** Changed in: mapserver (Ubuntu Hardy) Status: New => Confirmed ** Changed in: mapserver (Ubuntu Intrepid) Status: New => Confirmed ** Changed in: mapserver (Ubuntu Jaunty) Status: New => Confirmed -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 398814] Re: security: anyone can make mapserv read or write arbitrary files
Per upstream, the .map issue is CVE-2009-0842. Fixed in 5.2.2-1. See: http://trac.osgeo.org/mapserver/ticket/2941 http://trac.osgeo.org/mapserver/changeset/8805 Per upstream, the other issue should be fixed in the 5.4 series. I've requested a CVE and the bug reference. ** Visibility changed to: Public ** Bug watch added: trac.osgeo.org/mapserver/ #2941 http://trac.osgeo.org/mapserver/ticket/2941 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0842 -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs