-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2824-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 20, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : firebird3.0 Version : 3.0.1.32609.ds4-14+deb9u1 CVE ID : CVE-2017-11509 An authenticated remote attacker can execute arbitrary code in Firebird, a relational database based on InterBase 6.0, by executing a malformed SQL statement. The only known solution is to disable external UDF libraries from being loaded. In order to achieve this, the default configuration has changed to UdfAccess=None. This will prevent the fbudf module from being loaded, but may also break other functionality relying on modules. For Debian 9 stretch, this problem has been fixed in version 3.0.1.32609.ds4-14+deb9u1. We recommend that you upgrade your firebird3.0 packages. For the detailed security status of firebird3.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firebird3.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmGY0gkACgkQDTl9HeUl XjAOyw/9HcamAr+80IXL0LHojaZiXh/jlyi6Qhu5I5vx2jaCcTbYm51WQyoLNdQ/ TpGKoWdN8oz3FDz35R/7rKYHYUYwYoDMuLfWE9bHasnmp8e/JyqKVvsn5/TEtF2w NSPxQPg7yJb7L4Dkhr5xKnRngK0bMuq9b1Ty8jlhuj8/F5Xfb1xg2F39WOuY9jcP RTAExS+urSCY+vlhJPho4rLjh0Zu5ehGhL3O3QeBIv3+pIQt+NGmZqccshIda8QY ziQZzWMjyTw4LtpecO6D0sZtE/qLXp/5v2S49/DN4JvIESOccag6LstVv4Mljfu+ xmL0hntZm7mIJWB3reu7df26x/jTwvVsEU3aBoKpkzzaCKuxHSn5WOD8Um+hPH+p 3wMI43IMLRONFYNPrh+c2kv/taoeCWg8XyZrw+oKggdiEmP0NrOa+68LkIcETPnR mJ21anuL8QNUgkkTNPA7j09Sn7FTKEQl+dthJjGRbbAqc3glWu0gfNmVLYb3sPtg 2VzhqtmXlr6eT1MVaDKYbhIw0PKWBI3lSF7aLuLLu/QUd1kfrnjEvyz6vTxcYdri 8wWVqwfn2jCVoUOJZTd9T0H0OwZhtImTWXJqx0VZXpNhtnDHHQOlQ54NaXNTNtdt VCWmjGoO84TslQwwYbyB7Ev1UIo7+tXeOz/NypTloeciO9jFRoE= =Dr/b -----END PGP SIGNATURE-----
