610712 – (CVE-2017-6369) <dev-db/firebird-2.5.6.27020.0: Access to undesired external modules during 'Restrict' configuration mode

Bug 610712 (CVE-2017-6369) - <dev-db/firebird-2.5.6.27020.0: Access to undesired external modules during 'Restrict' configuration mode

Summary: <dev-db/firebird-2.5.6.27020.0: Access to undesired external modules during '...

Status:	RESOLVED FIXED

Alias:	CVE-2017-6369

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	~3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-02-23 16:24 UTC by Agostino Sarubbo
Modified:	2017-03-24 05:41 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-02-23 16:24:07 UTC

From ${URL} :

A serious security problem existed with the access to undesired external modules, even if 'Restrict' configuration mode was specified for UdfAccess.

References:

http://www.firebirdsql.org/file/documentation/release_notes/html/en/2_5/rnfb25-bug.html#bug-257


@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.

Comment 1 Andreas Sturmlechner gentoo-dev

2017-02-23 21:09:24 UTC

2.5.7 added to tree in commit 943cf2f17d4dce5dbe2fe8b8b747e8c8378a86d5
Vulnerable versions removed in commit 84d978326f996c6ceb6805038da83d4c4e1e48d1

Comment 2 Yury German Gentoo Infrastructure

2017-02-24 01:01:57 UTC

No stable versions, closing as noglsa.
Will assign cve when it comes out.