Alex Peshkoff via Firebird-devel wrote 31.03.2022 16:08:
The crash happen when a stream of definite data is tried to be compressed.
IMHO, it is hard (if possible at all) to purposefully construct such stream
*from* server to crash or exploit it.
How long should it be? Can it be put into
On 3/31/22 16:39, Dimitry Sibiryakov wrote:
Alex Peshkoff via Firebird-devel wrote 31.03.2022 15:21:
Note that the crash happen on compression so it doesn't affect
Firebird security.
Did not catch why - we use zlib compression on the wire (since fb3)
and in gbak (since fb4). Both cases
On 2022-03-31 15:39, Dimitry Sibiryakov wrote:
Alex Peshkoff via Firebird-devel wrote 31.03.2022 15:21:
Note that the crash happen on compression so it doesn't affect
Firebird security.
Did not catch why - we use zlib compression on the wire (since fb3)
and in gbak (since fb4). Both
Alex Peshkoff via Firebird-devel wrote 31.03.2022 15:21:
Note that the crash happen on compression so it doesn't affect Firebird
security.
Did not catch why - we use zlib compression on the wire (since fb3) and in gbak
(since fb4). Both cases are not default but anyway not good.
The
On 3/31/22 16:13, Dimitry Sibiryakov wrote:
Alex Peshkoff via Firebird-devel wrote 31.03.2022 15:05:
On 3/31/22 11:11, Mark Rotteveel wrote:
A security vulnerability was found in zlib:
Alex Peshkoff via Firebird-devel wrote 31.03.2022 15:05:
On 3/31/22 11:11, Mark Rotteveel wrote:
A security vulnerability was found in zlib:
https://nakedsecurity.sophos.com/2022/03/29/zlib-data-compressor-fixes-17-year-old-security-bug-patch-errr-now/
Will we include an updated version in
On 3/31/22 11:11, Mark Rotteveel wrote:
A security vulnerability was found in zlib:
https://nakedsecurity.sophos.com/2022/03/29/zlib-data-compressor-fixes-17-year-old-security-bug-patch-errr-now/
Will we include an updated version in the next release?
On linux that's not our problem - we
A security vulnerability was found in zlib:
https://nakedsecurity.sophos.com/2022/03/29/zlib-data-compressor-fixes-17-year-old-security-bug-patch-errr-now/
Will we include an updated version in the next release?
Can people just drop in a replacement?
Mark
Firebird-Devel mailing list, web