Ubuntu
firebird2.5 package

firebird2.5: CVE-2013-2492: Request Processing Buffer Overflow Vulnerability

Bug #1156942 reported by Logan Rosen
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firebird2.5 (Debian)
Fix Released
Unknown
firebird2.5 (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Won't Fix
Undecided
Unassigned
Raring
Won't Fix
Undecided
Unassigned
Saucy
Fix Released
Undecided
Unassigned

Bug Description

Imported from Debian bug http://bugs.debian.org/702736:

Source: firebird2.5
Severity: grave
Tags: security

Hi

the following vulnerability was published for firebird2.5.

CVE-2013-2492[0]:
Request Processing Buffer Overflow Vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see also [1] and [2].

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2492
    http://security-tracker.debian.org/tracker/CVE-2013-2492
[1] http://tracker.firebirdsql.org/browse/CORE-4058
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2492

Thank you for looking into this.

Regards,
Salvatore

CVE References

Logan Rosen (logan)
information type: Public → Public Security
Bug Watch Updater (bug-watch-updater)
Changed in firebird2.5 (Debian):
importance: Undecided → Unknown
status: New → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in firebird2.5 (Ubuntu):
status: New → Incomplete
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Download full text (4.8 KiB)

This bug was fixed in the package firebird2.5 - 2.5.2.26540.ds4-1

---------------
firebird2.5 (2.5.2.26540.ds4-1) unstable; urgency=low

  * Official 2.5.2 release
    + CORE-3912: segfault in superclassic (Closes: #693192)
    + Restored the on-disk-structure compatibility with 2.5.1 index keys
      (Closes: #693193)
    + Fixed broken (working as no-op) sweep in SuperServer (Closes: #693195)
    + CORE-3902: Derived fields may not be optimized via an index
      (Closes: #693196)
    + CORE-3895: High memory usage when PSQL code SELECT's from stored
      procedure which modified some data (Closes: #693202)
    + CORE-3238: GEN_UUID returns a non-RFC-4122-compliant UUID
      (Closes: #693207)
    + CORE-3887: CHAR_TO_UUID and UUID_TO_CHAR works different in big endian
      architectures (Closes: #693209)
    + Enabled per-table runtime stats for sweeper
    + Changes not concerning Debian
      - CORE-3786: Hangs on MacOSX 10.7 (Lion) on DB create after reboot
      - CORE-3911: API entrypoints Bopen and BLOB_open are not visible on Darwin
      - CORE-3740: SELECT using IN list with >413 elements causes crash on Mac
        (stack overflow with default stack size)
      - CORE-3740: optimisation bug in GCC on Darwin

  * Update debian/copyright (two new files, no licensing changes)
  * Add NEWS.Debian about incompatible fix in char↔UUID conversion functions

  * drop patches included in the upstream release:
    + upstream/r54702-cve-2012-5529.patch
    + upstream/r57728-cve-2013-2429.patch
  * refresh separate-file-and-sem-perms.patch to apply cleanly

  * Patches taken from upstream SVN
    + r57516r57773-gbak-y-redirection.patch
      make gbak -y work with redirection again (regression from 2.5.1)
      http://tracker.firebirdsql.org/browse/CORE-3995
    + r57707r57710-lots-autonomous-trx-leaks-crash.patch
      fix engine crash/memory leak with many autonomous transactions (remote
      crash/memory leak)
      http://tracker.firebirdsql.org/browse/CORE-3908
    + r57349-bad-trn-num-logged-during-sweep.patch
      fix invalid transaction counters logged during sweep (trivial fix)
      http://tracker.firebirdsql.org/browse/CORE-3978
    + r57714r57716-fix-isql-edit-command.patch
      fix isql's edit command broken in 2.5.2 (regression from 2.5.1)
      http://tracker.firebirdsql.org/browse/CORE-3990
    + r58004-crash-converting-overscaled-numeric-to-string.patch
      fix engine crash while converting an overscaled numeric to a string
      (remote crash)
      http://tracker.firebirdsql.org/browse/CORE-4093
    + r57795-crash-storing-long-incompressible-data.patch
      fix bugcheck/corruption when storing long uncompressible data (possible
      db corruption)
      http://tracker.firebirdsql.org/browse/CORE-4036
  * add out/crash-create-db-restricted.patch
    fixes a server crash when attempting creation of a database outside of
    allowed paths with firebrd.xonf setting of 'DatabaseAccess' other than
    'Full'

 -- Damyan Ivanov <email address hidden> Thu, 09 May 2013 16:39:17 +0300

firebird2.5 (2.5.2~svn+54698.ds4-3) unstable; urgency=high

  * Recover lost doc/libfbclient2 -> firebird2.5-common-doc symlink

    In Lenny, al...

Read more...

Changed in firebird2.5 (Ubuntu):
status: Incomplete → Fix Released
Jamie Strandboge (jdstrand)
Changed in firebird2.5 (Ubuntu Raring):
status: New → Won't Fix
Jamie Strandboge (jdstrand)
Changed in firebird2.5 (Ubuntu Quantal):
status: New → Won't Fix
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in firebird2.5 (Ubuntu Precise):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.