drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Firebird
Name: |
Zwei Probleme in Firebird |
|
ID: |
USN-3929-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Di, 2. April 2019, 18:43 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6369 |
|
Applikationen: |
Firebird |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4921863901527055839== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xtaEj3Dyrw6NTF1cJI7uEtVSLTIGtvM5H"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xtaEj3Dyrw6NTF1cJI7uEtVSLTIGtvM5H Content-Type: multipart/mixed; boundary="oHmGuqXoqIiJWTF2IqwvHhqenZjGiYgz0"; protected-headers="v1" From: Mike Salvatore <mike.salvatore@canonical.com> Reply-To: security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <a8f16762-d935-a1bb-d167-af54f806bd20@canonical.com> Subject: [USN-3929-1] Firebird vulnerabilities References: <20190402143719.AAEE026C2602@lillypilly.canonical.com> In-Reply-To: <20190402143719.AAEE026C2602@lillypilly.canonical.com>
--oHmGuqXoqIiJWTF2IqwvHhqenZjGiYgz0 Content-Type: text/plain; charset=utf-8 Content-Language: en-U Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3929-1 April 02, 2019
firebird2.5 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Firebird.
Software Description: - firebird2.5: A full-featured, open source SQL database derived from Borland InterBase 6.0
Details:
It was discovered that Firebird incorrectly handled certain malformed packets. A remote attacker could possibly use this issue with a specially crafted network packet to cause Firebird to crash, resulting in a denial of service. (CVE-2014-9323)
It was discovered that Firebird incorrectly handled certain UDF libraries. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2017-6369)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: firebird2.5-classic 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-classic-common 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-server-common 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-super 2.5.2.26540.ds4-9ubuntu1.1 firebird2.5-superclassic 2.5.2.26540.ds4-9ubuntu1.1 libfbclient2 2.5.2.26540.ds4-9ubuntu1.1 libfbembed2.5 2.5.2.26540.ds4-9ubuntu1.1 libib-util 2.5.2.26540.ds4-9ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3929-1 CVE-2014-9323, CVE-2017-6369
Package Information: https://launchpad.net/ubuntu/+source/firebird2.5/2.5.2.26540.ds4-9ubuntu1.1
--oHmGuqXoqIiJWTF2IqwvHhqenZjGiYgz0--
--xtaEj3Dyrw6NTF1cJI7uEtVSLTIGtvM5H Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAlyjg7QACgkQdyg1Qz0o XX2hwRAAgbQF8eIHaQSGIR+jWoW3jaKyiDam9/s/EIQqVxlM2a/fwWKF7f1DMwUZ 8SY1v3E5mLMDtFE42BGsb2/LWvhMPkCteN7svtgUjuAMobDZZize/oVoH/SjaziL uuIQJNBWXpFBrbN1BBpPm28QAt34b0A5qYsqtpiZyAlrJDLiRDCftzK0hmUTU/Wy U3vLeGqhGZiywEu3VOu0XgfTaGOeJi1uIwkCfka+9dmUDSg2BL8+hb1xvX/ZW1/7 1cCUi2eEBErdC2+yQvBJVP+BtYXtnkTX5+cCaEIUefcR304+R6iSROgewCatjplw FZDvlb1RKxWYCczVFpNWACr3LP+UgVMloX7nAPCwc79IezF13rTVwinZmmLhpwHx QpCIMnTXtqJBBK8C9cHCbYtFhY4tjTRzeT5aEQ7cyMLl4tKggFLZ+x+QhO8TntdN 8g+epgjofmtXm0ksl/OljAUmsc66IwYcGO7PYGR3KYXzhYH767Vkk4s1iPqCGfqK QWLDnA0Qpoq7MwmJqifYR7oNd9u2kMNQWl/P/FD8q3qnkoVDxbHvNUful8hKynIV DHZqBXM+aU/vk56+mhkbT1n0fj2w1T+zzHTnRJaP/nMy6726IeO0WwCBJMjydkPi fXG/cUM88CB/KVjTMdo1bhWhL4ZYs5sBmdmk3u6OAG1/bOIUW8E= =P+ox -----END PGP SIGNATURE-----
--xtaEj3Dyrw6NTF1cJI7uEtVSLTIGtvM5H--
--===============4921863901527055839== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============4921863901527055839==--
|
|
|
|