A denial of service flaw was found in the way the TraceManager of Firebird, a SQL relational database management system, performed preparation of an empty dynamic SQL query. When the trace mode was enabled, a remote, authenticated database user could use this flaw to cause the Firebird server to crash with a NULL pointer dereference.
Relevant upstream patch:
This issue affects the versions of the firebird package, as shipped with Fedora release of 16 and 17. Please schedule an update.
This issue affects the version of the firebird package, as shipped with Fedora EPEL 6. Please schedule an update.
This issue did NOT affect the version of the firebird package, as shipped with Fedora EPEL 5 as it did not include the vulnerable code part yet.
Created firebird tracking bugs for this issue
Affects: fedora-all [bug 876619]
Affects: epel-6 [bug 876620]
updates are already there : https://bugzilla.redhat.com/show_bug.cgi?id=873982
The following updates have been created to correct this issue:
1) firebird-188.8.131.52539.0-1.el6 for Fedora EPEL 6,
2) firebird-184.108.40.206539.0-1.fc18 for (upcoming) Fedora 18,
3) firebird-220.127.116.11539.0-1.fc17 for Fedora 17,
4) firebird-18.104.22.168539.0-1.fc16 for Fedora 16.
Once they pass the required level of testing, they will be pushed to the -stable repository.
The CVE identifier of CVE-2012-5529 has been assigned to this issue:
(In reply to comment #4)
> updates are already there :
Thank you, Philippe. Noted in relevant bugs.