[SECURITY] [DLA 2824-1] firebird3.0 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2824-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
November 20, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : firebird3.0
Version : 3.0.1.32609.ds4-14+deb9u1
CVE ID : CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in
Firebird, a relational database based on InterBase 6.0, by executing a
malformed SQL statement. The only known solution is to disable
external UDF libraries from being loaded. In order to achieve this,
the default configuration has changed to UdfAccess=None. This will
prevent the fbudf module from being loaded, but may also break other
functionality relying on modules.
For Debian 9 stretch, this problem has been fixed in version
3.0.1.32609.ds4-14+deb9u1.
We recommend that you upgrade your firebird3.0 packages.
For the detailed security status of firebird3.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firebird3.0
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmGY0gkACgkQDTl9HeUl
XjAOyw/9HcamAr+80IXL0LHojaZiXh/jlyi6Qhu5I5vx2jaCcTbYm51WQyoLNdQ/
TpGKoWdN8oz3FDz35R/7rKYHYUYwYoDMuLfWE9bHasnmp8e/JyqKVvsn5/TEtF2w
NSPxQPg7yJb7L4Dkhr5xKnRngK0bMuq9b1Ty8jlhuj8/F5Xfb1xg2F39WOuY9jcP
RTAExS+urSCY+vlhJPho4rLjh0Zu5ehGhL3O3QeBIv3+pIQt+NGmZqccshIda8QY
ziQZzWMjyTw4LtpecO6D0sZtE/qLXp/5v2S49/DN4JvIESOccag6LstVv4Mljfu+
xmL0hntZm7mIJWB3reu7df26x/jTwvVsEU3aBoKpkzzaCKuxHSn5WOD8Um+hPH+p
3wMI43IMLRONFYNPrh+c2kv/taoeCWg8XyZrw+oKggdiEmP0NrOa+68LkIcETPnR
mJ21anuL8QNUgkkTNPA7j09Sn7FTKEQl+dthJjGRbbAqc3glWu0gfNmVLYb3sPtg
2VzhqtmXlr6eT1MVaDKYbhIw0PKWBI3lSF7aLuLLu/QUd1kfrnjEvyz6vTxcYdri
8wWVqwfn2jCVoUOJZTd9T0H0OwZhtImTWXJqx0VZXpNhtnDHHQOlQ54NaXNTNtdt
VCWmjGoO84TslQwwYbyB7Ev1UIo7+tXeOz/NypTloeciO9jFRoE=
=Dr/b
-----END PGP SIGNATURE-----
Reply to: