Firebird Documentation IndexFirebird 1.5.6 Release NotesBugfixes and Additions since Release 1.0 → Release 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4 and 1.5.5 Bugs Fixed in v.1.5.6
Firebird Home Firebird Home Prev: Bugfixes and Additions since Release 1.0Firebird Documentation IndexUp: Bugfixes and Additions since Release 1.0Next: Release 1.5, 1.5.1, 1.5.2, 1.5.3 and 1.5.4 Bugs Fixed in v.1.5.5

Release 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4 and 1.5.5 Bugs Fixed in v.1.5.6

Bug CORE-2563

fixed by D. Yemanov

It was possible to shut down the Superserver's main port (3050 by default) by sending a malformed packet of some special format, that would lead to a Denial of Service condition for new incoming connections. This exploit could be used by an unauthenticated client.

Reported 15-Jul-2009 by Core Security Technologies.

Bug CORE-2368

fixed by V. Khorsun

An isc_cancel_events() call would be succeeded by an access violation if the event was not found.

Bug CORE-2282

fixed by C. Valderrama

*truncate UDFs were broken for numbers smaller than -1.

Bug CORE-2281

fixed by C. Valderrama

*round UDFs were broken for negative numbers.

Bug CORE-2271

fixed by A. Peshkov

The gfix utility had a legacy bug that exhibited itself during the database validation/repair routines on large databases. The privilege level of the user running these routines was being checked too late in the operation, thus allowing a non-privileged user (i.e., not SYSDBA or Owner) to start a validation operation. Once the privilege check occurred, the database validation could halt in mid-operation and thus be left unfinished, resulting in logical corruption that might not have been there otherwise.

Bug CORE-2223

fixed by A. Peshkov

gbak was encountering several bugs when operating on the access control lists (ACLs) that store SQL privileges.

Bug CORE-2055

fixed by A. Peshkov

Backported a fix for a known buffer overflow in the Firebird client library.

Bug CORE-1972

fixed by A. Peshkov

A non-SYSDBA user was able to change the Forced Writes mode of any database, along with several other database characteristics that should be restricted to the SYSDBA. This long-standing, legacy loophole in the handling of DPB parameters could lead to database corruptions or give ordinary users access to SYSDBA-only operations. The changes could affect several existing applications, database tools and connectivity layers (drivers, components).

For details, see the This Edition notes in the Introduction.

Bug CORE-1957

fixed by A. Peshkov

Because of a change done in the conversion to C++ at v.1.5.0, ACLs (Access Control Lists) longer than about 20 characters were being truncated. This has caused particular problems for applications that construct access privileges in run-time and has also given rise to privileges “going missing” when there are more than about 2000 privileges (for a report of the latter, see Tracker issue CORE-216).

Bug CORE-1830

fixed by V. Khorsun

Index corruption was possible when multiple updates of the same record were performed in the same transaction with savepoints in use.

Bug CORE-1810

fixed by A. Peshkov

There was an issue with user names containing the '.' character.

Bug CORE-1681

fixed by D. Yemanov

Garbage data in the incoming remote packet could crash the server.

Bug CORE-1603

fixed by A. Peshkov

A long user name was a potential source of buffer overflow.

Bug CORE-1011

fixed by A. Peshkov, D. Yemanov

The server would crash if an application tried to connect to it via an InterBase version of gds32.dll.

Bug CORE-538

fixed by N. Samofatov, A. Peshkov

Superserver could crash under load.

Prev: Bugfixes and Additions since Release 1.0Firebird Documentation IndexUp: Bugfixes and Additions since Release 1.0Next: Release 1.5, 1.5.1, 1.5.2, 1.5.3 and 1.5.4 Bugs Fixed in v.1.5.5
Firebird Documentation IndexFirebird 1.5.6 Release NotesBugfixes and Additions since Release 1.0 → Release 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4 and 1.5.5 Bugs Fixed in v.1.5.6