Debian Security Advisory

DSA-3824-1 firebird2.5 -- security update

Date Reported:
29 Mar 2017
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 858641.
In Mitre's CVE dictionary: CVE-2017-6369.
More information:

George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions (UDF), thus allowing remote authenticated users to execute arbitrary code on the firebird server.

For the stable distribution (jessie), this problem has been fixed in version

We recommend that you upgrade your firebird2.5 packages.