|
|
Subscribe / Log in / New account

Debian alert DLA-2129-1 (firebird2.5)



From:
              Thorsten Alteholz <debian@alteholz.de> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 2129-1] firebird2.5 security update 


Date:
              Sat, 29 Feb 2020 16:52:30 +0100 (CET)


Message-ID:
              <alpine.DEB.2.20.2002291647440.26127@jupiter.server.alteholz.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : firebird2.5
Version        : 2.5.3.26778.ds4-5+deb8u2
CVE ID         : CVE-2017-11509


An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0.
As UDFs can be used for a remote authenticated code execution (as user 
firebird), UDFs have been disabled in the default configuration 
which will be used for new installations (there is no change for existing 
configurations, which must be done manually).


For Debian 8 "Jessie", this problem has been fixed in version
2.5.3.26778.ds4-5+deb8u2.

We recommend that you upgrade your firebird2.5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl5aiL5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfDxQ/+LSsAp0KmQFPcn/DVrcWEwRh1e+AJZrKqsN0b2PJ3T5Ci++G6YBpmlKkP
9gUyB17Bl1Gk3+00b/WHni2q2qlUqaXbq9r7swQfFWrrMVagG9CLE2lX9qYaf7kf
sTqvSJgoXct//tELoND4MqvXILYrb1zIkbbRQvjn2tixMkt+NyWuk86I3KnNvMVV
2bBLUKuraD1LrOumYgYpkfToyBYMmniQPKXysF5s1og7zuI/lOZ4AtjYfcImN2Aw
LpBQ/ibe+Lii0tMNxwmeVwQwb05IkCvo+Aq0yxcpsZ2e/6jxcVStXn/n0dKaDh4t
OCh8OaVKxA5zG69I2TFzCGveUsVTwVKoMoY8/by/D2DP2HsJ5Y7EhV6lSw1+B56P
bvSwjnbVRf7L6x22ainCT0rHN92RKLR62oa0BrTvJPvGMsRQr0aKIh4WcKsRpkX4
2zIJHB8bEfV3oHv+FDnLmWwb6XtcQtVqRVEjJws/8dL8QToREMhlaiSZGBaZUeQ9
oHpXvubKPYUNaBnm5b40r+aSG8G2Vxcqve/58Thf3mN9l18xcO/HkmKAx/H+Dq7l
HfCbE1YqQatlNsyf7QnDannQ3nWsgwWMovYG+fKQbx6kEaez73MSE3JhqQE2piui
0jYtzXCto4kKCJ8niIv7kvNOCFD5w+w2Z9QFJtDrLNqe/lOG828=
=wyuw
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds