[SECURITY] [DLA 1374-1] firebird2.5 security update

[Brian May <bam@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : firebird2.5
Version        : 2.5.2.26540.ds4-1~deb7u4
CVE ID         : CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL
Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The
only known solution is to disable external UDF libraries from being loaded.  In
order to achieve this, the default configuration has changed to UdfAccess=None.
This will prevent the fbudf module from being loaded, but may also break other
functionality relying on modules.

For Debian 7 "Wheezy", these problems have been fixed in version
2.5.2.26540.ds4-1~deb7u4.

We recommend that you upgrade your firebird2.5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlr1Nt4ACgkQKpJZkldk
SvqUUg//UP3kGRaaliynXbGcfcCuWwsF+uXMZInCwJb4X29mBGP8iN3chnJHIYn2
Ky9tvjNYAdIhgvolfg5m0M8H/1k4lkwr09DUQrkVMP+qJvShn7Q0soaCEslt8taU
kgE1dqcE2qqT/3mmHSsFidgOYRjd/8EOdKyZ/8wavxpS0s4fsHhtDn8Xrkx9u4hp
pDCJ2XOmx6FAKJ+1i+t9OYC3drOnQTHIpYdA3qi5kiD40/Q3SNOS251vBV3ggEWE
18IJJiJo11+KYzAAO/QMOWINIdR0ej3wxofibCzcEqXoBGkxMnWh/n7jRy4aUa8f
BPx9bc0YfB44Gdj70DjxKKQmdxBMS+tqG3dsSPUEOgQtTEVxAwpFHJ8E7ckCaJt5
w1OAw1atF7GyAKO/5CRwyGMnwehL10FoaNwBHWTZf/vk5akBH89/3URUzIZmBlAD
5yLUsFrKG2FKF8KGxbjOoCVMGpVzJsoAKvjam/tuA3iGu+2drtGMdvOs2ehS1Vkz
wReWuaglXL6oAopIgGxI+XvGdUZm0A+azt7WwsRLvY3qaD94vQOtJswXYQf6eOak
xMR1S9SWzAjXIaefndT8pMZy8fF9ZODcuT84pjWEevyrSyv1K+gfwfIZp4pd3geD
443dbbTwlCf0djghKq1oiHIakeAzDh6gqGJjWlFidlsD4KuBTf0=
=pojf
-----END PGP SIGNATURE-----