Support / Security / Advisories / Mandriva Enterprise Server 5 / MDVSA-2009:183

Package name: firebird
Date: 2009-08-01
Advisory ID: MDVSA-2009:183
Affected versions: MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in firebird:

src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
allows remote attackers to cause a denial of service (daemon crash)
via a malformed op_connect_request message that triggers an infinite
loop or NULL pointer dereference (CVE-2009-2620).

This update provides fixes for this vulnerability.

Updated packages

MES5 i586

 b079d70502103f4908203dea59a91248  mes5/i586/firebird-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 ec752766878bd7e4b00e33d51e667e8b  mes5/i586/firebird-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 e3b66b0a4161966cec7e9b24b8aa71bb  mes5/i586/firebird-devel-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 dc22e94ff304efea6ff1941cff52f31e  mes5/i586/firebird-server-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 427c8189fad6327c322bfc3e48345808  mes5/i586/firebird-server-common-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 14e3ecc7d5ea4eed3476ba554f3e6444  mes5/i586/firebird-server-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 dea6942157b08a1e5622a537c8c4cdaf  mes5/i586/firebird-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 367cc534375eb76cf14b511601bc87a0  mes5/i586/firebird-utils-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 25cc78376c46c09194a2e647dd175f36  mes5/i586/firebird-utils-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 b10012928ebbc975e9fb6f826b30a81b  mes5/i586/libfbclient2-2.1.1.17910.0-2.1mdvmes5.i586.rpm
 54cfde7d5a3e499f89b91af2a7bc27c4  mes5/i586/libfbembed2-2.1.1.17910.0-2.1mdvmes5.i586.rpm 
 161b06e3394d92eff141b27b45c85b8d  mes5/SRPMS/firebird-2.1.1.17910.0-2.1mdvmes5.src.rpm

MES5 x86_64

 981b197469655dd55fefb186c67232bd  mes5/x86_64/firebird-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 0a72253abf14a7a0018a3cf1f776405f  mes5/x86_64/firebird-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 264264449a6c14d3f0b7a1cfdbf8d8c6  mes5/x86_64/firebird-devel-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 574d22f9bfc94aad63eaca320b650876  mes5/x86_64/firebird-server-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 44252f31dc26efdf162c918d915eedee  mes5/x86_64/firebird-server-common-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 60690ee7be6be22f47b5d2c319050274  mes5/x86_64/firebird-server-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 bf89b7fe53efcafd66e280e635cb8dfc  mes5/x86_64/firebird-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 302ec83d076fa64501602bc81d85f312  mes5/x86_64/firebird-utils-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 05f57e87ea5b7491596f8a2e7526498f  mes5/x86_64/firebird-utils-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 e9c33348f8006660c2f9f78f62bc3dc3  mes5/x86_64/lib64fbclient2-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm
 76c2a132634890c698f62e6702357bb8  mes5/x86_64/lib64fbembed2-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 
 161b06e3394d92eff141b27b45c85b8d  mes5/SRPMS/firebird-2.1.1.17910.0-2.1mdvmes5.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620