Security update for firebird SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02991-1 Final 1 1 2025-08-27T11:56:30Z current 2025-08-27T11:56:30Z 2025-08-27T11:56:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for firebird This update for firebird fixes the following issues: - CVE-2025-54989: Fixed NULL pointer dereference in XDR message parsing leading to denial-of-service (ZDI-CAN-26486, bsc#1248143) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2991,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2991,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2991,openSUSE-SLE-15.6-2025-2991 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502991-1/ Link for SUSE-SU-2025:02991-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041366.html E-Mail link for SUSE-SU-2025:02991-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1248143 SUSE Bug 1248143 https://www.suse.com/security/cve/CVE-2025-54989/ SUSE CVE CVE-2025-54989 page SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 openSUSE Leap 15.6 firebird-3.0.4.33054-150200.3.3.1 firebird-doc-3.0.4.33054-150200.3.3.1 firebird-examples-3.0.4.33054-150200.3.3.1 firebird-server-3.0.4.33054-150200.3.3.1 firebird-utils-3.0.4.33054-150200.3.3.1 libfbclient-devel-3.0.4.33054-150200.3.3.1 libfbclient2-3.0.4.33054-150200.3.3.1 libfbclient2-32bit-3.0.4.33054-150200.3.3.1 libfbclient2-64bit-3.0.4.33054-150200.3.3.1 libib_util-3.0.4.33054-150200.3.3.1 libib_util-32bit-3.0.4.33054-150200.3.3.1 libib_util-64bit-3.0.4.33054-150200.3.3.1 libib_util-devel-3.0.4.33054-150200.3.3.1 firebird-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 firebird-examples-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 firebird-server-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 firebird-utils-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libfbclient-devel-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libfbclient2-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libib_util-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libib_util-devel-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 firebird-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 firebird-examples-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 firebird-server-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 firebird-utils-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libfbclient-devel-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libfbclient2-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libib_util-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libib_util-devel-3.0.4.33054-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 firebird-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 firebird-doc-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 firebird-examples-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 firebird-server-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 firebird-utils-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 libfbclient-devel-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 libfbclient2-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 libfbclient2-32bit-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 libib_util-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 libib_util-32bit-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 libib_util-devel-3.0.4.33054-150200.3.3.1 as a component of openSUSE Leap 15.6 Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3. CVE-2025-54989 SUSE Linux Enterprise Module for Package Hub 15 SP6:firebird-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:firebird-examples-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:firebird-server-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:firebird-utils-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libfbclient-devel-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libfbclient2-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libib_util-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libib_util-devel-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:firebird-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:firebird-examples-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:firebird-server-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:firebird-utils-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libfbclient-devel-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libfbclient2-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libib_util-3.0.4.33054-150200.3.3.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libib_util-devel-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:firebird-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:firebird-doc-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:firebird-examples-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:firebird-server-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:firebird-utils-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:libfbclient-devel-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:libfbclient2-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:libfbclient2-32bit-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:libib_util-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:libib_util-32bit-3.0.4.33054-150200.3.3.1 openSUSE Leap 15.6:libib_util-devel-3.0.4.33054-150200.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502991-1/ https://www.suse.com/security/cve/CVE-2025-54989.html CVE-2025-54989 https://bugzilla.suse.com/1248143 SUSE Bug 1248143