Firebird: Buffer Overflow — GLSA 201512-11

A buffer overflow in Firebird might allow remote attackers to execute arbitrary code.

Affected Packages

dev-db/firebird on all architectures
Affected versions < 2.5.3.26780.0-r3
Unaffected versions >= 2.5.3.26780.0-r3

Background

Firebird is a multi-platform, open source relational database.

Description

The vulnerability is caused due to an error when processing requests from remote clients.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Firebird users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=dev-db/firebird-2.5.3.26780.0-r3"
 

NOTE: Firebird package was moved to the testing branch (unstable) of Gentoo. There is currently no stable version of Firebird, and there will be no further GLSAs for this package.

References

Release Date
December 30, 2015

Latest Revision
December 30, 2015: 1

Severity
high

Exploitable
remote

Bugzilla entries