To: [email protected]Subject: [ MDVSA-2009:186 ] firebird
Date: Sat, 01 Aug 2009 03:52:01 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1MX3lR-000862-GE@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:186
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firebird
Date : August 1, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in firebird:
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
allows remote attackers to cause a denial of service (daemon crash)
via a malformed op_connect_request message that triggers an infinite
loop or NULL pointer dereference (CVE-2009-2620).
This update provides fixes for this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
b079d70502103f4908203dea59a91248 mes5/i586/firebird-2.1.1.17910.0-2.1mdvmes5.i586.rpm
ec752766878bd7e4b00e33d51e667e8b mes5/i586/firebird-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm
e3b66b0a4161966cec7e9b24b8aa71bb mes5/i586/firebird-devel-2.1.1.17910.0-2.1mdvmes5.i586.rpm
dc22e94ff304efea6ff1941cff52f31e mes5/i586/firebird-server-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm
427c8189fad6327c322bfc3e48345808 mes5/i586/firebird-server-common-2.1.1.17910.0-2.1mdvmes5.i586.rpm
14e3ecc7d5ea4eed3476ba554f3e6444 mes5/i586/firebird-server-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm
dea6942157b08a1e5622a537c8c4cdaf mes5/i586/firebird-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm
367cc534375eb76cf14b511601bc87a0 mes5/i586/firebird-utils-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm
25cc78376c46c09194a2e647dd175f36 mes5/i586/firebird-utils-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm
b10012928ebbc975e9fb6f826b30a81b mes5/i586/libfbclient2-2.1.1.17910.0-2.1mdvmes5.i586.rpm
54cfde7d5a3e499f89b91af2a7bc27c4 mes5/i586/libfbembed2-2.1.1.17910.0-2.1mdvmes5.i586.rpm
161b06e3394d92eff141b27b45c85b8d mes5/SRPMS/firebird-2.1.1.17910.0-2.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
981b197469655dd55fefb186c67232bd mes5/x86_64/firebird-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
0a72253abf14a7a0018a3cf1f776405f mes5/x86_64/firebird-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
264264449a6c14d3f0b7a1cfdbf8d8c6 mes5/x86_64/firebird-devel-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
574d22f9bfc94aad63eaca320b650876 mes5/x86_64/firebird-server-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
44252f31dc26efdf162c918d915eedee mes5/x86_64/firebird-server-common-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
60690ee7be6be22f47b5d2c319050274 mes5/x86_64/firebird-server-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
bf89b7fe53efcafd66e280e635cb8dfc mes5/x86_64/firebird-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
302ec83d076fa64501602bc81d85f312 mes5/x86_64/firebird-utils-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
05f57e87ea5b7491596f8a2e7526498f mes5/x86_64/firebird-utils-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
e9c33348f8006660c2f9f78f62bc3dc3 mes5/x86_64/lib64fbclient2-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
76c2a132634890c698f62e6702357bb8 mes5/x86_64/lib64fbembed2-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
161b06e3394d92eff141b27b45c85b8d mes5/SRPMS/firebird-2.1.1.17910.0-2.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKc3gxmqjQ0CJFipgRAoS8AJ9TZtgfIlInvJJBQVbin6XM+pLatgCg8cMM
U8SzJUOPGh6ZfwMQygdqJyo=
=4pTv
-----END PGP SIGNATURE-----