Advisories ยป MGASA-2015-0097

Updated mapserver packages fix CVE-2013-7262 and packaging issues

Publication date: 06 Mar 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2013-7262


Updated mapserver packages fix security vulnerability:

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in
mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used,
allows remote attackers to execute arbitrary SQL commands via a crafted
string in a PostGIS TIME filter (CVE-2013-7262).

The mapserver package has been updated to version 6.2.2, which fixes this
issue and several other bugs, including some packaging issues which
prevented it from working anyway.