-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : firebird2.5 Version : 2.5.2.26540.ds4-1~deb7u4 CVE ID : CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The only known solution is to disable external UDF libraries from being loaded. In order to achieve this, the default configuration has changed to UdfAccess=None. This will prevent the fbudf module from being loaded, but may also break other functionality relying on modules. For Debian 7 "Wheezy", these problems have been fixed in version 2.5.2.26540.ds4-1~deb7u4. We recommend that you upgrade your firebird2.5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlr1Nt4ACgkQKpJZkldk SvqUUg//UP3kGRaaliynXbGcfcCuWwsF+uXMZInCwJb4X29mBGP8iN3chnJHIYn2 Ky9tvjNYAdIhgvolfg5m0M8H/1k4lkwr09DUQrkVMP+qJvShn7Q0soaCEslt8taU kgE1dqcE2qqT/3mmHSsFidgOYRjd/8EOdKyZ/8wavxpS0s4fsHhtDn8Xrkx9u4hp pDCJ2XOmx6FAKJ+1i+t9OYC3drOnQTHIpYdA3qi5kiD40/Q3SNOS251vBV3ggEWE 18IJJiJo11+KYzAAO/QMOWINIdR0ej3wxofibCzcEqXoBGkxMnWh/n7jRy4aUa8f BPx9bc0YfB44Gdj70DjxKKQmdxBMS+tqG3dsSPUEOgQtTEVxAwpFHJ8E7ckCaJt5 w1OAw1atF7GyAKO/5CRwyGMnwehL10FoaNwBHWTZf/vk5akBH89/3URUzIZmBlAD 5yLUsFrKG2FKF8KGxbjOoCVMGpVzJsoAKvjam/tuA3iGu+2drtGMdvOs2ehS1Vkz wReWuaglXL6oAopIgGxI+XvGdUZm0A+azt7WwsRLvY3qaD94vQOtJswXYQf6eOak xMR1S9SWzAjXIaefndT8pMZy8fF9ZODcuT84pjWEevyrSyv1K+gfwfIZp4pd3geD 443dbbTwlCf0djghKq1oiHIakeAzDh6gqGJjWlFidlsD4KuBTf0= =pojf -----END PGP SIGNATURE-----
