Summary: | dev-db/firebird: malformed network packet can cause denial of service (CVE-2014-9323) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1172445 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-12-10 10:26:52 UTC
+*firebird-2.5.3.26780.0 (11 Dec 2014) + + 11 Dec 2014; Pacho Ramos <pacho@gentoo.org> +firebird-2.5.3.26780.0.ebuild, + -files/70firebird, -files/firebird-2.5.0.26074.0-Makefile.in.static.createdb, + -files/firebird-update-valgrind.patch, -files/firebird.conf.d, + -files/firebird.conf.d.2, -files/firebird.init.d, -files/firebird.xinetd.2, + -files/xinetd.2, -firebird-2.5.2.26540.0.ebuild: + Fix security bug 532124 + All should be done with this CVE-2014-9323 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9323): The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. Closing as noglsa per our policy |