Hi.

Following the question below, about the availability of Firebird 1.5.5
for Solaris,
is there any update about it? Is there any chance it will be available
in the near future?

We are using firebird 1.5 (and below) for several years in our
Solaris-based system.
Upgrading to 2.x seems to be risky as we'll need to test the system
thoroughly.

On the other hand, we need despertly the fix of the security problem
described below (for a high-level security user).

What is your advise?

Thanks.

Menashe Sulkies

Product Manager

Cloverleaf Communications


________________________________

From: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] On Behalf Of Helen Borrie
Sent: Tuesday, July 22, 2008 2:13 PM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Patch availability for release 1.5



At 18:22 22/07/2008, you wrote:

>A security problem was fixed in Firebird-2.0.1. This specific problem

is

>described below.
>Question: Is there a patch that can be applied to Firebird-1.5 (on
>Solaris) for fixing this problem?

Solaris, no. Linux, Windows, MacOSX, yes (Firebird 1.5.5).

./hb

>Thanks.
>
>
>Description :
>
>The version of Firebird installed on the remote host is vulnerable to
>a buffer overflow in its protocol handling routine. By sending a
>specially-crafted 'op_connect' request, a remote, unauthenticated
>attacker can execute code on the affected host with SYSTEM privileges.

[Non-text portions of this message have been removed]