| Firebird Documentation Index → Firebird 1.5.6 Release Notes → Bugfixes and Additions since Release 1.0 → Release 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4 and 1.5.5 Bugs Fixed in v.1.5.6 |
|
|
|
fixed by D. Yemanov
It was possible to shut down the Superserver's main port (3050 by default) by sending a malformed packet of some special format, that would lead to a Denial of Service condition for new incoming connections. This exploit could be used by an unauthenticated client.
Reported 15-Jul-2009 by Core Security Technologies.
fixed by V. Khorsun
An isc_cancel_events() call would be succeeded by an access violation if the event was not found.
fixed by C. Valderrama
*truncate UDFs were broken for numbers smaller than -1.
fixed by C. Valderrama
*round UDFs were broken for negative numbers.
fixed by A. Peshkov
The gfix utility had a legacy bug that exhibited itself during the database validation/repair routines on large databases. The privilege level of the user running these routines was being checked too late in the operation, thus allowing a non-privileged user (i.e., not SYSDBA or Owner) to start a validation operation. Once the privilege check occurred, the database validation could halt in mid-operation and thus be left unfinished, resulting in logical corruption that might not have been there otherwise.
fixed by A. Peshkov
gbak was encountering several bugs when operating on the access control lists (ACLs) that store SQL privileges.
fixed by A. Peshkov
Backported a fix for a known buffer overflow in the Firebird client library.
fixed by A. Peshkov
A non-SYSDBA user was able to change the Forced Writes mode of any database, along with several other database characteristics that should be restricted to the SYSDBA. This long-standing, legacy loophole in the handling of DPB parameters could lead to database corruptions or give ordinary users access to SYSDBA-only operations. The changes could affect several existing applications, database tools and connectivity layers (drivers, components).
For details, see the This Edition notes in the Introduction.
fixed by A. Peshkov
Because of a change done in the conversion to C++ at v.1.5.0, ACLs (Access Control Lists) longer than about 20 characters were being truncated. This has caused particular problems for applications that construct access privileges in run-time and has also given rise to privileges “going missing” when there are more than about 2000 privileges (for a report of the latter, see Tracker issue CORE-216).
fixed by V. Khorsun
Index corruption was possible when multiple updates of the same record were performed in the same transaction with savepoints in use.
fixed by A. Peshkov
There was an issue with user names containing the '.' character.
fixed by D. Yemanov
Garbage data in the incoming remote packet could crash the server.
fixed by A. Peshkov
A long user name was a potential source of buffer overflow.
fixed by A. Peshkov, D. Yemanov
The server would crash if an application tried to connect to it via an InterBase version of gds32.dll.
fixed by N. Samofatov, A. Peshkov
Superserver could crash under load.
|
| Firebird Documentation Index → Firebird 1.5.6 Release Notes → Bugfixes and Additions since Release 1.0 → Release 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4 and 1.5.5 Bugs Fixed in v.1.5.6 |