Dmitry Kovalenko discovered that the Firebird database server is prone to a denial of service vulnerability. An unauthenticated remote attacker could send a malformed network packet to a firebird server, which would cause the server to crash.

For the stable distribution (wheezy), this problem has been fixed in version 2.5.2.26540.ds4-1~deb7u2. For the upcoming stable distribution (jessie), this problem has been fixed in version 2.5.3.26778.ds4-5. For the unstable distribution (sid), this problem has been fixed in version 2.5.3.26778.ds4-5. We recommend that you upgrade your firebird2.5 packages.

Firebird is a relational database offering many ANSI SQL-99 features that runs on Linux, Windows, and a variety of Unix platforms. Firebird offers excellent concurrency, high performance, and powerful language support for stored procedures and triggers.

firebird2.5 on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-3109.html

---

Updated on 2015-03-25