libcurl security vulnerability

Daniel Morissette dmorissette at DMSOLUTIONS.CA
Sat Oct 22 15:12:41 EDT 2005

FYI, a security vulnerability in libcurl has recently been reported and 
is fixed in libcurl 7.15.0 and later:

I don't think MapServer users are at high risk since libcurl is only 
used to connect to remote WMS and WFS servers which are in general 
friendly or well-known hosts, and there is no known curl exploit at this 
time. However a risk could still exists for those using untrusted WMS 
servers in their apps, or allowing loading of arbitrary Web Map Contexts 
in their apps.

If you consider yourself at risk then you might want to upgrade to 
libcurl 7.15.0 or to a patched libcurl version that may be available for 
your OS.

Future builds (FGS and MS4W) will be based on the latest 
version of Curl.

  Daniel Morissette               dmorissette at
  DM Solutions Group    

More information about the mapserver-dev mailing list