Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1868

Security update for firebird

Type: security
Severity: critical
Issued: 2026-05-15
Description:
This update for firebird fixes the following issues

- CVE-2025-65104: Information leak vulnerability in firebird3 client when used with newer (>= 4) server (bsc#1262330).
- CVE-2026-27890: Pre-Auth DOS (bsc#1262328).
- CVE-2026-28212: One packet DoS (bsc#1262329).
- CVE-2026-28214: Server hangs when using specific clumplet on batch creation (bsc#1262327).
- CVE-2026-28224: CryptCallback DOS (bsc#1262326).
- CVE-2026-33337: Buffer overflow on parsing corrupted slice packet (bsc#1262325).
- CVE-2026-34232: DoS via `op_response` packet from client (bsc#1262324).
- CVE-2026-35215: DoS via malicious slice descriptor in slice packet (bsc#1262322).
- CVE-2026-40342: Path traversal when declaring external routine (bsc#1262320).

References

Packages

  • firebird-3.0.14.33856-150200.3.9.1