Security Information / 2014 / Security Information -- DSA-3109-1 firebird2.5

Debian Security Advisory

DSA-3109-1 firebird2.5 -- security update

Date Reported:

21 Dec 2014

Affected Packages:

firebird2.5

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 772880.
In Mitre's CVE dictionary: CVE-2014-9323.

More information:

Dmitry Kovalenko discovered that the Firebird database server is prone to a denial of service vulnerability. An unauthenticated remote attacker could send a malformed network packet to a firebird server, which would cause the server to crash.

For the stable distribution (wheezy), this problem has been fixed in version 2.5.2.26540.ds4-1~deb7u2.

For the upcoming stable distribution (jessie), this problem has been fixed in version 2.5.3.26778.ds4-5.

For the unstable distribution (sid), this problem has been fixed in version 2.5.3.26778.ds4-5.

We recommend that you upgrade your firebird2.5 packages.