Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [SECURITY] [DSA 1529-1] New Firebird packages fix seve

from [Moritz Muehlenhoff] Network Security [Permanent Link]
Subject: [Full-disclosure] [SECURITY] [DSA 1529-1] New Firebird packages fix several vulnerabilities
Date: Wed, 26 Mar 2008 23:19:10 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1529-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
March 24, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : firebird2
Vulnerability  : several
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0387 CVE-2008-0467 CVE-2006-7211 CVE-2007-4664
                 CVE-2007-4665 CVE-2007-4666 CVE-2007-4667 CVE-2007-4668
                 CVE-2007-4669 CVE-2007-3527 CVE-2007-3181 CVE-2007-2606
                 CVE-2006-7212 CVE-2006-7213 CVE-2006-7214
Debian Bug(s)  : 362001 432753 444976 441405 460048 463596

Multiple security problems have been discovered in the Firebird database,
which may lead to the execution of arbitrary code or denial of service.

This Debian security advisory is a bit unusual. While it's normally 
our strict policy to backport security bugfixes to older releases, this
turned out to be infeasible for Firebird 1.5 due to large infrastructural
changes necessary to fix these issues. As a consequence security support
for Firebird 1.5 is hereby discontinued, leaving two options to
administrators running a Firebird database:

I.  Administrators running Firebird in a completely internal setup with
    trusted users could leave it unchanged.

II. Everyone else should upgrade to the firebird2.0 packages available at 
    http://www.backports.org/backports.org/pool/main/f/firebird2.0/

    Version 2.0.3.12981.ds1-6~bpo40+1 fixes all known issues.

    Please refer to the general backports.org documentation to add the
    packages to your package management configuration:
    http://www.backports.org/dokuwiki/doku.php?id=instructions

    These packages are backported to run with Debian stable. Since
    firebird2.0 is not a drop-in replacement for firebird2 (which
    is the source package name for the Firebird 1.5 packages)
    these updates are not released through security.debian.org.
    Potential future security problems affecting Debian stable will be
    released through backports.org as well.

    Arrangements have been made to ensure that Firebird in the upcoming
    Debian 5.0 release will be supportable with regular backported
    security bugfixes again.

For a more detailed descriptions of the security problems, please refer
to the entries in the Debian Bug Tracking System referenced above and
the following URLs:

http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf

- 
---------------------------------------------------------------------------------
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH6subXm3vHE4uyloRAnHaAJ46J9dUTRLJA/nNr/r5fqvezenMAgCePrM/
JO6vfhxwzbrL8i4F6we+lZc=
=zyjo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [SECURITY] [DSA 1529-1] New Firebird packages fix several vulnerabilities, Moritz Muehlenhoff <=
Previous by Date:  Re: [Full-disclosure] Free Iraq.., Rankin, James R
Next by Date:  [Full-disclosure] The reason why "Pangolin is backdoor", zwell.nosec
Previous by Thread:  [Full-disclosure] [ MDVSA-2008:078 ] - Updated openssh packages fix X connection hijacking, security
Next by Thread:  [Full-disclosure] The reason why "Pangolin is backdoor", zwell.nosec
Indexes:  [Date] [Thread] [Top] [All Lists]