- ------------------------------------------------------------------------Debian Security Advisory DSA-1529-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
March 24, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : firebird2
Vulnerability  : several
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0387 CVE-2008-0467 CVE-2006-7211 CVE-2007-4664
                 CVE-2007-4665 CVE-2007-4666 CVE-2007-4667 CVE-2007-4668
                 CVE-2007-4669 CVE-2007-3527 CVE-2007-3181 CVE-2007-2606
                 CVE-2006-7212 CVE-2006-7213 CVE-2006-7214
Debian Bug(s)  : 362001 432753 444976 441405 460048 463596

Multiple security problems have been discovered in the Firebird database,
which may lead to the execution of arbitrary code or denial of service.

This Debian security advisory is a bit unusual. While it's normally 
our strict policy to backport security bugfixes to older releases, this
turned out to be infeasible for Firebird 1.5 due to large infrastructural
changes necessary to fix these issues. As a consequence security support
for Firebird 1.5 is hereby discontinued, leaving two options to
administrators running a Firebird database:

I.  Administrators running Firebird in a completely internal setup with
    trusted users could leave it unchanged.

II. Everyone else should upgrade to the firebird2.0 packages available at 
    
    Version 2.0.3.12981.ds1-6~bpo40+1 fixes all known issues.

    Please refer to the general backports.org documentation to add the
    packages to your package management configuration:
    
    These packages are backported to run with Debian stable. Since
    firebird2.0 is not a drop-in replacement for firebird2 (which
    is the source package name for the Firebird 1.5 packages)
    these updates are not released through security.debian.org.
    Potential future security problems affecting Debian stable will be
    released through backports.org as well.

    Arrangements have been made to ensure that Firebird in the upcoming
    Debian 5.0 release will be supportable with regular backported
    security bugfixes again.

For a more detailed descriptions of the security problems, please refer
to the entries in the Debian Bug Tracking System referenced above and
the following URLs:


- ---------------------------------------------------------------------------------Mailing list: debian-security-announce@lists.debian.org

Debian: New Firebird packages fix several vulnerabilities

March 27, 2008
Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service.

Summary

Severity

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved