libjavamapscript-7.6.3-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11037-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libjavamapscript-7.6.3-1.2 on GA media These are all security issues fixed in the libjavamapscript-7.6.3-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11037 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2007-4542/ SUSE CVE CVE-2007-4542 page https://www.suse.com/security/cve/CVE-2020-10872/ SUSE CVE CVE-2020-10872 page https://www.suse.com/security/cve/CVE-2021-32062/ SUSE CVE CVE-2021-32062 page openSUSE Tumbleweed libjavamapscript-7.6.3-1.2 libmapserver2-7.6.3-1.2 mapserver-7.6.3-1.2 mapserver-devel-7.6.3-1.2 perl-mapscript-7.6.3-1.2 php-mapscript-7.6.3-1.2 python-mapscript-7.6.3-1.2 libjavamapscript-7.6.3-1.2 as a component of openSUSE Tumbleweed libmapserver2-7.6.3-1.2 as a component of openSUSE Tumbleweed mapserver-7.6.3-1.2 as a component of openSUSE Tumbleweed mapserver-devel-7.6.3-1.2 as a component of openSUSE Tumbleweed perl-mapscript-7.6.3-1.2 as a component of openSUSE Tumbleweed php-mapscript-7.6.3-1.2 as a component of openSUSE Tumbleweed python-mapscript-7.6.3-1.2 as a component of openSUSE Tumbleweed Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program. CVE-2007-4542 openSUSE Tumbleweed:libjavamapscript-7.6.3-1.2 openSUSE Tumbleweed:libmapserver2-7.6.3-1.2 openSUSE Tumbleweed:mapserver-7.6.3-1.2 openSUSE Tumbleweed:mapserver-devel-7.6.3-1.2 openSUSE Tumbleweed:perl-mapscript-7.6.3-1.2 openSUSE Tumbleweed:php-mapscript-7.6.3-1.2 openSUSE Tumbleweed:python-mapscript-7.6.3-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4542.html CVE-2007-4542 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2020-10872 openSUSE Tumbleweed:libjavamapscript-7.6.3-1.2 openSUSE Tumbleweed:libmapserver2-7.6.3-1.2 openSUSE Tumbleweed:mapserver-7.6.3-1.2 openSUSE Tumbleweed:mapserver-devel-7.6.3-1.2 openSUSE Tumbleweed:perl-mapscript-7.6.3-1.2 openSUSE Tumbleweed:php-mapscript-7.6.3-1.2 openSUSE Tumbleweed:python-mapscript-7.6.3-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-10872.html CVE-2020-10872 MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). CVE-2021-32062 openSUSE Tumbleweed:libjavamapscript-7.6.3-1.2 openSUSE Tumbleweed:libmapserver2-7.6.3-1.2 openSUSE Tumbleweed:mapserver-7.6.3-1.2 openSUSE Tumbleweed:mapserver-devel-7.6.3-1.2 openSUSE Tumbleweed:perl-mapscript-7.6.3-1.2 openSUSE Tumbleweed:php-mapscript-7.6.3-1.2 openSUSE Tumbleweed:python-mapscript-7.6.3-1.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-32062.html CVE-2021-32062 https://bugzilla.suse.com/1185774 SUSE Bug 1185774