Lucene search

DebianDEBIAN:DSA-3824-1:1871A

HistoryMar 29, 2017 - 5:56 p.m.

[SECURITY] [DSA 3824-1] firebird2.5 security update

2017-03-2917:56:48

lists.debian.org

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.006

Percentile

77.6%

JSON

Debian Security Advisory DSA-3824-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
March 29, 2017 https://www.debian.org/security/faq

Package : firebird2.5
CVE ID : CVE-2017-6369
Debian Bug : 858641

George Noseevich discovered that firebird2.5, a relational database
system, did not properly check User-Defined Functions (UDF), thus
allowing remote authenticated users to execute arbitrary code on the
firebird server.

For the stable distribution (jessie), this problem has been fixed in
version 2.5.3.26778.ds4-5+deb8u1.

We recommend that you upgrade your firebird2.5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8powerpclibfbclient2-dbg< 2.5.3.26778.ds4-5+deb8u1libfbclient2-dbg_2.5.3.26778.ds4-5+deb8u1_powerpc.deb
Debian8mipslibfbembed2.5< 2.5.3.26778.ds4-5+deb8u1libfbembed2.5_2.5.3.26778.ds4-5+deb8u1_mips.deb
Debian7armhffirebird2.5-superclassic< 2.5.2.26540.ds4-1~deb7u3firebird2.5-superclassic_2.5.2.26540.ds4-1~deb7u3_armhf.deb
Debian7armelfirebird-dev< 2.5.2.26540.ds4-1~deb7u3firebird-dev_2.5.2.26540.ds4-1~deb7u3_armel.deb
Debian7armhffirebird2.5-server-common< 2.5.2.26540.ds4-1~deb7u3firebird2.5-server-common_2.5.2.26540.ds4-1~deb7u3_armhf.deb
Debian8kfreebsd-i386firebird2.5-super-dbg< 2.5.3.26778.ds4-5+deb8u1firebird2.5-super-dbg_2.5.3.26778.ds4-5+deb8u1_kfreebsd-i386.deb
Debian8armellibib-util< 2.5.3.26778.ds4-5+deb8u1libib-util_2.5.3.26778.ds4-5+deb8u1_armel.deb
Debian7armhffirebird-dev< 2.5.2.26540.ds4-1~deb7u3firebird-dev_2.5.2.26540.ds4-1~deb7u3_armhf.deb
Debian8arm64firebird2.5-super< 2.5.3.26778.ds4-5+deb8u1firebird2.5-super_2.5.3.26778.ds4-5+deb8u1_arm64.deb
Debian8i386libfbclient2-dbg< 2.5.3.26778.ds4-5+deb8u1libfbclient2-dbg_2.5.3.26778.ds4-5+deb8u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	powerpc	libfbclient2-dbg	< 2.5.3.26778.ds4-5+deb8u1	libfbclient2-dbg_2.5.3.26778.ds4-5+deb8u1_powerpc.deb
Debian	8	mips	libfbembed2.5	< 2.5.3.26778.ds4-5+deb8u1	libfbembed2.5_2.5.3.26778.ds4-5+deb8u1_mips.deb
Debian	7	armhf	firebird2.5-superclassic	< 2.5.2.26540.ds4-1~deb7u3	firebird2.5-superclassic_2.5.2.26540.ds4-1~deb7u3_armhf.deb
Debian	7	armel	firebird-dev	< 2.5.2.26540.ds4-1~deb7u3	firebird-dev_2.5.2.26540.ds4-1~deb7u3_armel.deb
Debian	7	armhf	firebird2.5-server-common	< 2.5.2.26540.ds4-1~deb7u3	firebird2.5-server-common_2.5.2.26540.ds4-1~deb7u3_armhf.deb
Debian	8	kfreebsd-i386	firebird2.5-super-dbg	< 2.5.3.26778.ds4-5+deb8u1	firebird2.5-super-dbg_2.5.3.26778.ds4-5+deb8u1_kfreebsd-i386.deb
Debian	8	armel	libib-util	< 2.5.3.26778.ds4-5+deb8u1	libib-util_2.5.3.26778.ds4-5+deb8u1_armel.deb
Debian	7	armhf	firebird-dev	< 2.5.2.26540.ds4-1~deb7u3	firebird-dev_2.5.2.26540.ds4-1~deb7u3_armhf.deb
Debian	8	arm64	firebird2.5-super	< 2.5.3.26778.ds4-5+deb8u1	firebird2.5-super_2.5.3.26778.ds4-5+deb8u1_arm64.deb
Debian	8	i386	libfbclient2-dbg	< 2.5.3.26778.ds4-5+deb8u1	libfbclient2-dbg_2.5.3.26778.ds4-5+deb8u1_i386.deb