Firebird 2.5.5 can be crashed remotely by authenticated clients by invoking gbak via the service manager using invalid command line switch. This is harmless for the -classic flavour where the server process serves only that particular connection, but is at least a DoS for -super and -superclassic where the crashed process serves multiple connections. Upstream issue: http://tracker.firebirdsql.org/browse/CORE-5068 CVE request: http://seclists.org/oss-sec/2016/q1/57
Created firebird tracking bugs for this issue: Affects: fedora-all [bug 1297450] Affects: epel-all [bug 1297451]
firebird-2.5.5.26952.0-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
firebird-2.5.5.26952.0-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
firebird-2.5.5.26952.0-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Patch from upstream applied