Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

SUSE-SU-2017:1156-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2017:1156-1

SUSE-SU-2017:1156-1

HIGH8.8

Security update for firebird

Published May 3, 2017

Modified 9 years ago

Fix available

Details

Description of the patch:

This update for firebird fixes the following security issues:

CVE-2017-6369: Insufficient checks in the UDF subsystem in Firebird allowed remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so (bsc#1023990).

Affected Packages

libfbembed2_5

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Software Development Kit 12 SP1SUSE Linux Enterprise Software Development Kit 12 SP2SUSE Linux Enterprise Workstation Extension 12 SP1

Fixed in:

2.5.2.26539-15.1

firebird-devel

SUSE Linux Enterprise Software Development Kit 12 SP1

Fixed in:

2.5.2.26539-15.1

libfbembed-devel

SUSE Linux Enterprise Software Development Kit 12 SP1SUSE Linux Enterprise Software Development Kit 12 SP2

Fixed in:

2.5.2.26539-15.1

References

https://bugzilla.suse.com/1023990

https://lists.suse.com/pipermail/sle-security-updates/2017-May/002843.html

https://www.suse.com/security/cve/CVE-2017-6369/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2017/suse-su-20171156-1/

CVSS Analysis

CVSS v3.1

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.8/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Upstream

Ecosystems(6)

SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP1

Timeline

PublishedMay 3, 2017

ModifiedMay 3, 2017