=========================================================================Ubuntu Security Notice USN-3929-1
April 02, 2019
firebird2.5 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Firebird.
Software Description:
- firebird2.5: A full-featured, open source SQL database derived from Borland InterBase 6.0
Details:
It was discovered that Firebird incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue with a specially
crafted network packet to cause Firebird to crash, resulting in a denial of
service.
(CVE-2014-9323)
It was discovered that Firebird incorrectly handled certain UDF libraries.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2017-6369)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
firebird2.5-classic 2.5.2.26540.ds4-9ubuntu1.1
firebird2.5-classic-common 2.5.2.26540.ds4-9ubuntu1.1
firebird2.5-server-common 2.5.2.26540.ds4-9ubuntu1.1
firebird2.5-super 2.5.2.26540.ds4-9ubuntu1.1
firebird2.5-superclassic 2.5.2.26540.ds4-9ubuntu1.1
libfbclient2 2.5.2.26540.ds4-9ubuntu1.1
libfbembed2.5 2.5.2.26540.ds4-9ubuntu1.1
libib-util 2.5.2.26540.ds4-9ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-3929-1
CVE-2014-9323, CVE-2017-6369
Package Information:
https://launchpad.net/ubuntu/+source/firebird2.5/2.5.2.26540.ds4-9ubuntu1.1