Poll: What databases does your company use?
Please upvote your favorite database system
Author: mariuz
http://wiki.ubuntu.com/Mariuz
Upgrade to Firebird 2.5.2 : Vulnerability Summary for CVE-2012-5529
Here is the full text for the CVE-2012-5529
TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
Solution to this Security vulnerability is to Upgrade to Firebird 2.5.2
Firebird 2.5.2 Final for #Mageia is ready
Firebird 2.5.2 Final for #opensuse is ready
Jugglingdb Firebird adapter is ready for testing.
Jugglingdb (NodeJS ORM) Firebird adapter is ready for testing
News via Henri’s tweet
Can not load default Firebird clients (libfbembed.so or libfbclient.so). Check your installation
If you are using Free Pascal / Lazarus to develop applications that needs to access FireBird database, or you need to run applications that has been written using FreePascal/Lazarus and Firebird database, make sure you have installed Firebird client library
FenixSql is updated to version 0.9.1
Fenixsql simple multiplatform admin tool for Firebird developed with Firebird Library and released under GPL License (produced with Lazarus ide)
Firebird 2.5.2 Final for all Ubuntu releases is uploaded into Firebird stable ppa
Here you can find the latest stable release Firebird 2.5.2 for all supported Ubuntu releases.
Follow the Firebird 2.5.x guide for usage and installation.
One more reason to upgrade to Firebird 2.5.2 : CVE-2012-5529
News via oss-sec and [pkg-firebird-general] mailing list
A denial of service flaw was found in the way the TraceManager of
Firebird, performed preparation of an empty dynamic SQL query. When the trace mode was
enabled, a remote, authenticated database user could use this flaw
to cause the Firebird server to crash with a NULL pointer dereference.
References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210
[2] http://tracker.firebirdsql.org/browse/CORE-3884
[3] https://bugzilla.redhat.com/show_bug.cgi?id=876613
Relevant upstream patch: [4]
http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision
Firebird 2.5.2 Debian and Ubuntu status
The packaging is ready and anybody wanting to build the package can
find the sources in the Git repository[1]. Since Debian is in a freeze
preparing to its next release, I asked the release team for a freeze
exception[2]. It would be great to have the final release in
Debian/wheezy.
[1] http://git.debian.org/?p=pkg-firebird/2.5.git;a=summary
[2] http://bugs.debian.org/693216
sudo su
apt-get git-core devscripts
apt-get build-dep firebird2.5
git clone http://anonscm.debian.org/git/pkg-firebird/2.5.git
cd 2.5
git-buildpackage
Ignore the last error debsign: gpg error occurred! Aborting (it only for Debian maintainers who sign the package like Damyan)
all the packages will be in ../
you can install for example firebird super classic this way
cd ../
sudo dpkg -i firebird2.5-superclassic* firebird2.5-common* firebird2.5-server-common* firebird2.5-classic-common*
ps: the above instructions were tested on Ubuntu 12.10 , Stable Firebird ppa is updated for all Ubuntu Releases