Several security issues were fixed in Firebird.
Software Description:
- firebird2.5: A full-featured, open source SQL database derived from Borland InterBase 6.0
Details:
It was discovered that Firebird incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue with a specially
crafted network packet to cause Firebird to crash, resulting in a denial of
service.
(CVE-2014-9323)
It was discovered that Firebird incorrectly handled certain UDF libraries.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2017-6369)
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: firebird2.5-classic 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-classic-common 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-server-common 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-super 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-superclassic 2.5.2.26540.ds4-9ubuntu1.1 libfbclient2 2.5.2.26540.ds4-9ubuntu1.1 libfbembed2.5 2.5.2.26540.ds4-9ubuntu1.1 libib-util 2.5.2.26540.ds4-9ubuntu1.1 In general, a standard system update will make all the necessary changes.
CVE-2014-9323, CVE-2017-6369
Get the latest Linux and open source security news straight to your inbox.