Here is the description for CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL

Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The

only known solution is to disable external UDF libraries from being loaded. In

order to achieve this, the default configuration has changed to UdfAccess=None.

This will prevent the fbudf module from being loaded, but may also break other

functionality relying on modules.

Here is the Debian security page with the issue : CVE-2017-11509

And here is the original report https://www.tenable.com/security/research/tra-2017-36