[SECURITY] [DLA 879-1] firebird2.5 security update

2017-03-2920:41:15

lists.debian.org

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.006

Percentile

77.6%

JSON

Package : firebird2.5
Version : 2.5.2.26540.ds4-1~deb7u3
CVE ID : CVE-2017-6369
Debian Bug : 858641

George Noseevich discovered that firebird2.5, a relational database
system, did not properly check User-Defined Functions (UDF), thus
allowing remote authenticated users to execute arbitrary code on the
firebird server.

For Debian 7 "Wheezy", these problems have been fixed in version
2.5.2.26540.ds4-1~deb7u3.

We recommend that you upgrade your firebird2.5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8i386libfbclient2-dbg< 2.5.3.26778.ds4-5+deb8u1libfbclient2-dbg_2.5.3.26778.ds4-5+deb8u1_i386.deb
Debian8kfreebsd-i386libfbclient2< 2.5.3.26778.ds4-5+deb8u1libfbclient2_2.5.3.26778.ds4-5+deb8u1_kfreebsd-i386.deb
Debian8ppc64ellibib-util< 2.5.3.26778.ds4-5+deb8u1libib-util_2.5.3.26778.ds4-5+deb8u1_ppc64el.deb
Debian8i386firebird2.5-classic-common< 2.5.3.26778.ds4-5+deb8u1firebird2.5-classic-common_2.5.3.26778.ds4-5+deb8u1_i386.deb
Debian8amd64libfbembed2.5< 2.5.3.26778.ds4-5+deb8u1libfbembed2.5_2.5.3.26778.ds4-5+deb8u1_amd64.deb
Debian8kfreebsd-i386firebird-dev< 2.5.3.26778.ds4-5+deb8u1firebird-dev_2.5.3.26778.ds4-5+deb8u1_kfreebsd-i386.deb
Debian8allfirebird2.5-common-doc< 2.5.3.26778.ds4-5+deb8u1firebird2.5-common-doc_2.5.3.26778.ds4-5+deb8u1_all.deb
Debian8arm64firebird2.5-super-dbg< 2.5.3.26778.ds4-5+deb8u1firebird2.5-super-dbg_2.5.3.26778.ds4-5+deb8u1_arm64.deb
Debian8ppc64elfirebird2.5-super-dbg< 2.5.3.26778.ds4-5+deb8u1firebird2.5-super-dbg_2.5.3.26778.ds4-5+deb8u1_ppc64el.deb
Debian8powerpcfirebird2.5-server-common< 2.5.3.26778.ds4-5+deb8u1firebird2.5-server-common_2.5.3.26778.ds4-5+deb8u1_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	libfbclient2-dbg	< 2.5.3.26778.ds4-5+deb8u1	libfbclient2-dbg_2.5.3.26778.ds4-5+deb8u1_i386.deb
Debian	8	kfreebsd-i386	libfbclient2	< 2.5.3.26778.ds4-5+deb8u1	libfbclient2_2.5.3.26778.ds4-5+deb8u1_kfreebsd-i386.deb
Debian	8	ppc64el	libib-util	< 2.5.3.26778.ds4-5+deb8u1	libib-util_2.5.3.26778.ds4-5+deb8u1_ppc64el.deb
Debian	8	i386	firebird2.5-classic-common	< 2.5.3.26778.ds4-5+deb8u1	firebird2.5-classic-common_2.5.3.26778.ds4-5+deb8u1_i386.deb
Debian	8	amd64	libfbembed2.5	< 2.5.3.26778.ds4-5+deb8u1	libfbembed2.5_2.5.3.26778.ds4-5+deb8u1_amd64.deb
Debian	8	kfreebsd-i386	firebird-dev	< 2.5.3.26778.ds4-5+deb8u1	firebird-dev_2.5.3.26778.ds4-5+deb8u1_kfreebsd-i386.deb
Debian	8	all	firebird2.5-common-doc	< 2.5.3.26778.ds4-5+deb8u1	firebird2.5-common-doc_2.5.3.26778.ds4-5+deb8u1_all.deb
Debian	8	arm64	firebird2.5-super-dbg	< 2.5.3.26778.ds4-5+deb8u1	firebird2.5-super-dbg_2.5.3.26778.ds4-5+deb8u1_arm64.deb
Debian	8	ppc64el	firebird2.5-super-dbg	< 2.5.3.26778.ds4-5+deb8u1	firebird2.5-super-dbg_2.5.3.26778.ds4-5+deb8u1_ppc64el.deb
Debian	8	powerpc	firebird2.5-server-common	< 2.5.3.26778.ds4-5+deb8u1	firebird2.5-server-common_2.5.3.26778.ds4-5+deb8u1_powerpc.deb