Related debian discussion
https://lists.debian.org/debian-lts/2018/04/msg00090.html
and announcement for debian stable
https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html
On Thu, Apr 12, 2018 at 5:28 PM, marius adrian popa <map...@gmail.com>
wrote:
> So the only solution is disabling external UDF libraries from being loaded
> by changing configuration from UdfAccess=Restrict to UdfAccess=None
>
> On Thu, Apr 12, 2018 at 2:34 PM, Alex Peshkoff via Firebird-devel <
> firebird-devel@lists.sourceforge.net> wrote:
>
>> On 04/12/18 10:37, marius adrian popa wrote:
>>
>>> https://www.tenable.com/security/research/tra-2017-36
>>>
>>
>> That's fixed in FB4 - loading UDFs is denied by default configuration,
>> use of them is deprecated, replacement is UDRs which are nt affected by
>> mentioned vulnerability.
>> In FB3 one should be sysdba or granted special right to declare extrernal
>> functions. This does not solve the problem - just makes it a bit less
>> dangerous.
>> We can't do something better with this, therefore no fixes for current
>> releases.
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> Firebird-Devel mailing list, web interface at
>> https://lists.sourceforge.net/lists/listinfo/firebird-devel
>>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
