libcurl security vulnerability
Daniel Morissette
dmorissette at DMSOLUTIONS.CA
Sat Oct 22 15:12:41 EDT 2005
FYI, a security vulnerability in libcurl has recently been reported and
is fixed in libcurl 7.15.0 and later:
http://curl.haxx.se/docs/security.html
I don't think MapServer users are at high risk since libcurl is only
used to connect to remote WMS and WFS servers which are in general
friendly or well-known hosts, and there is no known curl exploit at this
time. However a risk could still exists for those using untrusted WMS
servers in their apps, or allowing loading of arbitrary Web Map Contexts
in their apps.
If you consider yourself at risk then you might want to upgrade to
libcurl 7.15.0 or to a patched libcurl version that may be available for
your OS.
Future maptools.org builds (FGS and MS4W) will be based on the latest
version of Curl.
Daniel
--
------------------------------------------------------------
Daniel Morissette dmorissette at dmsolutions.ca
DM Solutions Group http://www.dmsolutions.ca/
------------------------------------------------------------
More information about the mapserver-dev
mailing list