It has been brought to our attention that there is a potential security problem within the InterBase product, versions 4.0 through 6.0, that requires your attention. Please download and execute the patches below; by implementing this patch you will correct the issue with no impact to the functionality of the InterBase product.
Security Update Patches: Windows InterBase versions 4, 5, and 6 IbWinPatch.zip
Linux InterBase versions 4, 5, and 6 IbLinuxPatch.tar.Z
Solaris InterBase versions 4, 5, and 6 IbSolarisPatch.tar.Z
HP-UX InterBase versions 4 and 5 IbHpuxPatch.tar.Z
SCO InterBase versions 4 and 5 IbSCOPatch.tar.Z
Novell InterBase versions 4 and 5 IbNWPatch.tar.Z
Extracting the files
Windows: Use an archiving/compression/extracting program (i.e., WinZip, PKZIP) to extact the contents of IbWinPatch.zip.
UNIX: Depending on your Platform run the follwing commands
%> uncompress IbXXXXPatch.tar.Z (where XXXX is either solaris, Hpux or Linux)
%> tar -xvf IbXXXXPatch.tar
Consult the extracted README.TXT for further information.
Installing Patch
Please make sure that the interbase server is not running and there are no connections to any databases on the machine where you installing the patch.
Launch the patch install application from a command/shell window, or if you are using a graphical interface double click on the name/icon.
The patch will ask:
Please Enter the Complete InterBase install directory :
Please make sure to enter the complete install path when prompted.
For example:
(Windows) D:\program files\databases\interbase
(Unix/Linux) /usr/local/db/interbase
Note: The original library files and binaries are not modified, instead copies of the files are made and then fixed. For example if ibserver.exe is fixed then you would find the following files in the interbase/bin directory:
ibserver.exe -- The original file
ibserver.exe.org -- A copy of original
ibserver.exe.fixed -- The patched file
Note: For classic versions of Interbase (InterBase Architecture: SuperServer vs Classic) there is no ibserver, the shared Library files will be modified.
For example: (Solaris)
gdsmt.so.0 -- The original file
gdsmt.so.0.org -- A copy of original
gdsmt.so.0.fixed -- The patched file
Once the program is finished
Delete ibserver.exe or for classic users delete the appropriate library file (Don't worry, a backup was created of the original file: i.e. "ibserver.exe.org")
Rename ibserver.exe.fixed to ibserver.exe or for classic users rename the appropriate library file.
Start the server
For platforms not covered please contact us at interbase@borland.com and we will work with you individually to create a patch for your platform.
If you are experiencing difficulties installing the patch you can submit an install support case.
For our latest certified release of 5.x, we are working on issuing an updated version that will be available to customers. This inline version will incorporate the security fix and be the official certified version for our current maintenance customers.
We are not responsible for any patches not supplied by Borland and use of any unsupported patches will void any current warranties and/or maintenance contracts you may have in place.
We hope this causes as little inconvenience as possible. Knowing software is not error free we understand that anomalies will occur, we are dedicated to correcting them as quickly and efficiently as possible.
