[SECURITY] [DSA 3109-1] firebird2.5 security update

2014-12-2110:46:41

lists.debian.org

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.02 Low

EPSS

Percentile

88.9%

JSON

Debian Security Advisory DSA-3109-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
December 21, 2014 http://www.debian.org/security/faq

Package : firebird2.5
CVE ID : CVE-2014-9323
Debian Bug : 772880

Dmitry Kovalenko discovered that the Firebird database server is prone
to a denial of service vulnerability. An unauthenticated remote attacker
could send a malformed network packet to a firebird server, which would
cause the server to crash.

For the stable distribution (wheezy), this problem has been fixed in
version 2.5.2.26540.ds4-1~deb7u2.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 2.5.3.26778.ds4-5.

For the unstable distribution (sid), this problem has been fixed in
version 2.5.3.26778.ds4-5.

We recommend that you upgrade your firebird2.5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7armellibib-util< 2.5.2.26540.ds4-1~deb7u2libib-util_2.5.2.26540.ds4-1~deb7u2_armel.deb
Debian6amd64firebird2.5-superclassic< 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_amd64.deb
Debian7armelfirebird2.5-classic-common< 2.5.2.26540.ds4-1~deb7u2firebird2.5-classic-common_2.5.2.26540.ds4-1~deb7u2_armel.deb
Debian6allfirebird2.5-dev< 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
Debian7armhffirebird2.5-classic-dbg< 2.5.2.26540.ds4-1~deb7u2firebird2.5-classic-dbg_2.5.2.26540.ds4-1~deb7u2_armhf.deb
Debian7mipslibib-util< 2.5.2.26540.ds4-1~deb7u2libib-util_2.5.2.26540.ds4-1~deb7u2_mips.deb
Debian7mipsellibfbclient2-dbg< 2.5.2.26540.ds4-1~deb7u2libfbclient2-dbg_2.5.2.26540.ds4-1~deb7u2_mipsel.deb
Debian7s390xfirebird2.5-server-common< 2.5.2.26540.ds4-1~deb7u2firebird2.5-server-common_2.5.2.26540.ds4-1~deb7u2_s390x.deb
Debian7i386firebird2.5-super< 2.5.2.26540.ds4-1~deb7u2firebird2.5-super_2.5.2.26540.ds4-1~deb7u2_i386.deb
Debian7armhflibib-util< 2.5.2.26540.ds4-1~deb7u2libib-util_2.5.2.26540.ds4-1~deb7u2_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armel	libib-util	< 2.5.2.26540.ds4-1~deb7u2	libib-util_2.5.2.26540.ds4-1~deb7u2_armel.deb
Debian	6	amd64	firebird2.5-superclassic	< 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2	firebird2.5-superclassic_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_amd64.deb
Debian	7	armel	firebird2.5-classic-common	< 2.5.2.26540.ds4-1~deb7u2	firebird2.5-classic-common_2.5.2.26540.ds4-1~deb7u2_armel.deb
Debian	6	all	firebird2.5-dev	< 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2	firebird2.5-dev_2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2_all.deb
Debian	7	armhf	firebird2.5-classic-dbg	< 2.5.2.26540.ds4-1~deb7u2	firebird2.5-classic-dbg_2.5.2.26540.ds4-1~deb7u2_armhf.deb
Debian	7	mips	libib-util	< 2.5.2.26540.ds4-1~deb7u2	libib-util_2.5.2.26540.ds4-1~deb7u2_mips.deb
Debian	7	mipsel	libfbclient2-dbg	< 2.5.2.26540.ds4-1~deb7u2	libfbclient2-dbg_2.5.2.26540.ds4-1~deb7u2_mipsel.deb
Debian	7	s390x	firebird2.5-server-common	< 2.5.2.26540.ds4-1~deb7u2	firebird2.5-server-common_2.5.2.26540.ds4-1~deb7u2_s390x.deb
Debian	7	i386	firebird2.5-super	< 2.5.2.26540.ds4-1~deb7u2	firebird2.5-super_2.5.2.26540.ds4-1~deb7u2_i386.deb
Debian	7	armhf	libib-util	< 2.5.2.26540.ds4-1~deb7u2	libib-util_2.5.2.26540.ds4-1~deb7u2_armhf.deb