Debian: New Firebird packages fix several vulnerabilities

    Date27 Mar 2008
    CategoryDebian
    3645
    Posted ByLinuxSecurity Advisories
    Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1529-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    March 24, 2008                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : firebird2
    Vulnerability  : several
    Problem type   : local/remote
    Debian-specific: no
    CVE Id(s)      : CVE-2008-0387 CVE-2008-0467 CVE-2006-7211 CVE-2007-4664
                     CVE-2007-4665 CVE-2007-4666 CVE-2007-4667 CVE-2007-4668
                     CVE-2007-4669 CVE-2007-3527 CVE-2007-3181 CVE-2007-2606
                     CVE-2006-7212 CVE-2006-7213 CVE-2006-7214
    Debian Bug(s)  : 362001 432753 444976 441405 460048 463596
    
    Multiple security problems have been discovered in the Firebird database,
    which may lead to the execution of arbitrary code or denial of service.
    
    This Debian security advisory is a bit unusual. While it's normally 
    our strict policy to backport security bugfixes to older releases, this
    turned out to be infeasible for Firebird 1.5 due to large infrastructural
    changes necessary to fix these issues. As a consequence security support
    for Firebird 1.5 is hereby discontinued, leaving two options to
    administrators running a Firebird database:
    
    I.  Administrators running Firebird in a completely internal setup with
        trusted users could leave it unchanged.
    
    II. Everyone else should upgrade to the firebird2.0 packages available at 
        http://www.backports.org/backports.org/pool/main/f/firebird2.0/
    
        Version 2.0.3.12981.ds1-6~bpo40+1 fixes all known issues.
    
        Please refer to the general backports.org documentation to add the
        packages to your package management configuration:
        http://www.backports.org/dokuwiki/doku.php?id=instructions
    
        These packages are backported to run with Debian stable. Since
        firebird2.0 is not a drop-in replacement for firebird2 (which
        is the source package name for the Firebird 1.5 packages)
        these updates are not released through security.debian.org.
        Potential future security problems affecting Debian stable will be
        released through backports.org as well.
    
        Arrangements have been made to ensure that Firebird in the upcoming
        Debian 5.0 release will be supportable with regular backported
        security bugfixes again.
    
    For a more detailed descriptions of the security problems, please refer
    to the entries in the Debian Bug Tracking System referenced above and
    the following URLs:
    
    http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf
    http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
    http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf
    
    - ---------------------------------------------------------------------------------
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.