[security-announce] openSUSE-SU-2013:0504-1: important: firebird: fix for remote stack overflow

[news 28]

openSUSE Security Update: firebird: fix for remote stack overflow

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2013:0504-1

Rating: important

References: #808268

Cross-References: CVE-2013-2492

Affected Products:

openSUSE 11.4

______________________________________________________________________________

 

An update that fixes one vulnerability is now available.

 

Description:

 

This update fixes a bug which allows an unauthenticated

remote attacker to cause a stack overflow in server code,

resulting in either server crash or even code execution as

the user running firebird.

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 11.4:

 

zypper in -t patch 2013-43

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 11.4 (i586 x86_64):

 

firebird-2.1.3.18185.0-16.1

firebird-classic-2.1.3.18185.0-16.1

firebird-classic-debuginfo-2.1.3.18185.0-16.1

firebird-debuginfo-2.1.3.18185.0-16.1

firebird-debugsource-2.1.3.18185.0-16.1

firebird-devel-2.1.3.18185.0-16.1

firebird-devel-debuginfo-2.1.3.18185.0-16.1

firebird-doc-2.1.3.18185.0-16.1

firebird-filesystem-2.1.3.18185.0-16.1

firebird-superserver-2.1.3.18185.0-16.1

firebird-superserver-debuginfo-2.1.3.18185.0-16.1

libfbclient2-2.1.3.18185.0-16.1

libfbclient2-debuginfo-2.1.3.18185.0-16.1

libfbembed2-2.1.3.18185.0-16.1

libfbembed2-debuginfo-2.1.3.18185.0-16.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2013-2492.html

https://bugzilla.novell.com/808268

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org