Firebird: Buffer overflow and the patch for gentoo
A vulnerability has been discovered in Firebird, allowing for the
execution of arbitrary code.
Annoucements about Firebird oficial releases.
A vulnerability has been discovered in Firebird, allowing for the
execution of arbitrary code.
The Firebird team is pleased to announce that the first Beta builds of
Firebird V.2.1 are ready for testing. Binary and source kits should
start appearing at the Sourceforge mirrors today.
Download links for all the released kits can be found here:
http://www.firebirdsql.org/index.php?op=files&id=fb210_beta01
Release Notes are here:
http://www.firebirdsql.org/devel/doc/rlsnotes/html/rlsnotes21.html
Dmitry
Here is the firebird 3.0 developer roadmap for 2007 (also you can watch for firibird 2.1 and 2.0.x fixes)
William L. Thomson Jr added the new package
Vulnerability has been identified in Firebird, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in the “fbserver.exe” service (port 3050/TCP) when processing a “connect” request (0x1) with a large “p_cnct_count” value, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code with the privileges of the database.
Affected Products
Firebird version 2.0.0
Solution
Upgrade ASAP to Firebird version 2.0.1 :
http://www.firebirdsql.org/index.php?op=files&id=engine_201
There are two new updated packages available on ibphoenix.com
I have two new builds of Firebird for x86 MacOS (CS and SS)
The SS build should now use UDF’s properly and
the server should start and stop properly.
Firebird 2.1 alpha, a quick glance at the new features
The Firebird team is pleased to announce that the first Alpha builds of Firebird V.2.1 are ready for testing. Binary and source kits for Linux and and some Win64 and Win32 kits should start appearing at the Sourceforge mirrors today. For a summary of new features and bug fixes, see HERE.