==========================================================================
Ubuntu Security Notice USN-3929-1
April 02, 2019
firebird2.5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Firebird.
Software Description:
– firebird2.5: A full-featured, open source SQL database derived from Borland InterBase 6.0
Details:
It was discovered that Firebird incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue with a specially
crafted network packet to cause Firebird to crash, resulting in a denial of
service.
(CVE-2014-9323)
It was discovered that Firebird incorrectly handled certain UDF libraries.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2017-6369)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
firebird2.5-classic 2.5.2.26540.ds4-9ubuntu1.1
firebird2.5-classic-common 2.5.2.26540.ds4-9ubuntu1.1
firebird2.5-server-common 2.5.2.26540.ds4-9ubuntu1.1
firebird2.5-super 2.5.2.26540.ds4-9ubuntu1.1
firebird2.5-superclassic 2.5.2.26540.ds4-9ubuntu1.1
libfbclient2 2.5.2.26540.ds4-9ubuntu1.1
libfbembed2.5 2.5.2.26540.ds4-9ubuntu1.1
libib-util 2.5.2.26540.ds4-9ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3929-1
CVE-2014-9323, CVE-2017-6369
Package Information:
https://launchpad.net/ubuntu/+source/firebird2.5/2.5.2.26540.ds4-9ubuntu1.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAlyjg7QACgkQdyg1Qz0o
XX2hwRAAgbQF8eIHaQSGIR+jWoW3jaKyiDam9/s/EIQqVxlM2a/fwWKF7f1DMwUZ
8SY1v3E5mLMDtFE42BGsb2/LWvhMPkCteN7svtgUjuAMobDZZize/oVoH/SjaziL
uuIQJNBWXpFBrbN1BBpPm28QAt34b0A5qYsqtpiZyAlrJDLiRDCftzK0hmUTU/Wy
U3vLeGqhGZiywEu3VOu0XgfTaGOeJi1uIwkCfka+9dmUDSg2BL8+hb1xvX/ZW1/7
1cCUi2eEBErdC2+yQvBJVP+BtYXtnkTX5+cCaEIUefcR304+R6iSROgewCatjplw
FZDvlb1RKxWYCczVFpNWACr3LP+UgVMloX7nAPCwc79IezF13rTVwinZmmLhpwHx
QpCIMnTXtqJBBK8C9cHCbYtFhY4tjTRzeT5aEQ7cyMLl4tKggFLZ+x+QhO8TntdN
8g+epgjofmtXm0ksl/OljAUmsc66IwYcGO7PYGR3KYXzhYH767Vkk4s1iPqCGfqK
QWLDnA0Qpoq7MwmJqifYR7oNd9u2kMNQWl/P/FD8q3qnkoVDxbHvNUful8hKynIV
DHZqBXM+aU/vk56+mhkbT1n0fj2w1T+zzHTnRJaP/nMy6726IeO0WwCBJMjydkPi
fXG/cUM88CB/KVjTMdo1bhWhL4ZYs5sBmdmk3u6OAG1/bOIUW8E=
=P+ox
—–END PGP SIGNATURE—–
—