[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2129-1] firebird2.5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : firebird2.5
Version        : 2.5.3.26778.ds4-5+deb8u2
CVE ID         : CVE-2017-11509


An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0.
As UDFs can be used for a remote authenticated code execution (as user firebird), UDFs have been disabled in the default configuration which will be used for new installations (there is no change for existing configurations, which must be done manually).


For Debian 8 "Jessie", this problem has been fixed in version
2.5.3.26778.ds4-5+deb8u2.

We recommend that you upgrade your firebird2.5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl5aiL5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfDxQ/+LSsAp0KmQFPcn/DVrcWEwRh1e+AJZrKqsN0b2PJ3T5Ci++G6YBpmlKkP
9gUyB17Bl1Gk3+00b/WHni2q2qlUqaXbq9r7swQfFWrrMVagG9CLE2lX9qYaf7kf
sTqvSJgoXct//tELoND4MqvXILYrb1zIkbbRQvjn2tixMkt+NyWuk86I3KnNvMVV
2bBLUKuraD1LrOumYgYpkfToyBYMmniQPKXysF5s1og7zuI/lOZ4AtjYfcImN2Aw
LpBQ/ibe+Lii0tMNxwmeVwQwb05IkCvo+Aq0yxcpsZ2e/6jxcVStXn/n0dKaDh4t
OCh8OaVKxA5zG69I2TFzCGveUsVTwVKoMoY8/by/D2DP2HsJ5Y7EhV6lSw1+B56P
bvSwjnbVRf7L6x22ainCT0rHN92RKLR62oa0BrTvJPvGMsRQr0aKIh4WcKsRpkX4
2zIJHB8bEfV3oHv+FDnLmWwb6XtcQtVqRVEjJws/8dL8QToREMhlaiSZGBaZUeQ9
oHpXvubKPYUNaBnm5b40r+aSG8G2Vxcqve/58Thf3mN9l18xcO/HkmKAx/H+Dq7l
HfCbE1YqQatlNsyf7QnDannQ3nWsgwWMovYG+fKQbx6kEaez73MSE3JhqQE2piui
0jYtzXCto4kKCJ8niIv7kvNOCFD5w+w2Z9QFJtDrLNqe/lOG828=
=wyuw
-----END PGP SIGNATURE-----


Reply to: