It was found that an unauthenticated remote attacker could send a malformed network packet to a firebird server, which would cause the server to crash. http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/ http://tracker.firebirdsql.org/browse/CORE-4630 http://sourceforge.net/p/firebird/code/60331/
Created firebird tracking bugs for this issue: Affects: fedora-all [bug 1172446] Affects: epel-all [bug 1172447]
Note that the Mageia bug tracker has further information of interest particularly for testing: https://bugs.mageia.org/show_bug.cgi?id=14726 CVE request: http://www.openwall.com/lists/oss-security/2014/12/10/4
A CVE request have been done by upstream, but no ID yet Updates are allready submitted : https://admin.fedoraproject.org/updates/firebird-2.5.2.26539.0-14.fc21 https://admin.fedoraproject.org/updates/firebird-2.5.2.26539.0-10.fc20 https://admin.fedoraproject.org/updates/firebird-2.1.5.18496.0-5.el5 https://admin.fedoraproject.org/updates/firebird-2.5.3.26778.0-2.el6 https://admin.fedoraproject.org/updates/firebird-2.5.3.26778.0-2.el7
firebird-2.5.2.26539.0-14.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
firebird-2.5.2.26539.0-10.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
firebird-2.5.3.26778.0-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
firebird-2.1.5.18496.0-5.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
firebird-2.5.3.26778.0-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.