Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0845 Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for Linux, UNIX, and Windows Version 10.5 9 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: DB2 Connect Server DB2 Developer Edition DB2 Enterprise Server DB2 Express Server DB2 Workgroup Server Publisher: IBM Operating System: Linux variants Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-4204 CVE-2020-4200 CVE-2020-4135 CVE-2019-4587 CVE-2019-4584 CVE-2019-4524 CVE-2019-4322 CVE-2019-4154 CVE-2019-4102 CVE-2019-4101 CVE-2019-4057 CVE-2019-4016 CVE-2019-4015 CVE-2019-4014 CVE-2018-3180 CVE-2018-1980 CVE-2018-1978 CVE-2018-1936 CVE-2018-1923 CVE-2018-1922 CVE-2018-1897 CVE-2018-1834 CVE-2018-1802 CVE-2018-1799 CVE-2018-1781 CVE-2018-1780 CVE-2018-1711 CVE-2018-1710 CVE-2018-1685 Reference: ASB-2019.0299 ASB-2019.0217 ESB-2020.0821.2 ESB-2020.0814 ESB-2019.4753 Original Bulletin: https://www.ibm.com/support/pages/node/716793 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for Linux, UNIX, and Windows Version 10.5 Flashes (Alerts) Abstract This document contains a list of fixes for Security and HIPER APARs in DB2 Version 10.5. IBM(R) recommends that you review the APAR descriptions and deploy one of the above fix packs to correct them on your affected DB2 installations. Content A set of security vulnerabilities was discovered in some DB2 database products. These vulnerabilities were analyzed by the DB2 development organization and a set of corresponding fixes was created to address the reported issues. IBM is not currently aware of any externally reported incidents where production DB2 installations have been compromised due to these issues. The affected DB2 UDB for Linux, UNIX, and Windows products are: DB2 Connect Server (all Editions) DB2 Developer Edition DB2 Enterprise Server (all Editions) DB2 Express Server (all Editions) DB2 Workgroup Server (all Editions) DB2 Client component and DB2 products or components other than those listed above are not affected. Due to the complexity of the fixes required to eliminate the reported service issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 10.5 fix packs. Select a Fix Pack: 11 10 9 8 7 6 5 4 3a 3 1 - --> DB2 Version 10.5 Fix Pack 11 Security APARs IT25719 SECURITY: BUFFER OVERFLOW IN DB2 DB2LICM UTILITY (CVE-2018-1710) IT25814 SECURITY: PRIVILEGE ESCALATION VULNERABILITY IN DB2CACPY (CVE-2018-1685) IT25826 SECURITY: ADMINISTRATIVE TASK SCHEDULER IS VULNERABLE TO A PRIVILEGE ESCALATION (CVE-2018-1711) IT25829 SECURITY: VULNERABILITIES IN GSKIT AFFECT IBM SPECTRUM SCALE IT26133 SECURITY: DB2 IS VULNERABLE TO SYMBOLIC LINK ATTACK LEADING TO PRIVILEGE ESCALATION (CVE-2018-1780) IT26136 SECURITY: DB2 DAS PRIVILEGE ESCALATION FROM DAS OWNER TO ROOT VIA SYMBOLIC LINK ATTACK (CVE-2018-1781) IT26137 SECURITY: DB2 VULNERABLE TO SYMBOLIC LINK ATTACK RESULTING IN PRIVILEGE ESCALATION (CVE-2018-1799) IT26138 SECURITY: PRIVILEGE ESCALATION IN ROOT SETUID EXECUTABLES (CVE-2018-1802) IT26156 SECURITY: IBM SDK JAVA QUARTERLY CPU - JUL 2018 IT26316 SECURITY: DB2 IS VULNERABLE TO PRIVILEGE ESCALATION (CVE-2018-1834) IT26513 SECURITY: DB2 IS AFFECTED BY A VULNERABILITY IN IBM SPECTRUM SCALE IT26714 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2018-1897) IT26858 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2018-1922) IT26881 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2018-1923, CVE-2018-1978) IT27031 SECURITY: DB2 IS AFFECTED BY THE SECURITY VULNERABILITIES CVE-2018-3180 [PSIRT IT27129 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2018-1980) IT27143 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2018-1936) IT27192 SECURITY: PRIVILEGE ESCALATION DURING ROUTINE EXECUTION IN FENCED MODE (CVE-2019-4057) IT27305 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2019-4014) IT27347 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2019-4016) IT27391 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION IT27392 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2019-4015) IT28251 SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE (CVE-2019-4101) IT28252 SECURITY: DB2 DOES NOT EXPLICITLY FORBID A WEAKER THAN EXPECTED 3DES CIPHER WHEN CONFIGURED TO USE SSL (CVE-2019-4102) IT28441 SECURITY: DB2 IS VULNERABLE TO A BUFFER OVERFLOW (CVE-2019-4154) IT29113 SECURITY: DB2 AFFECTED BY BUFFER OVERFLOW VULNERABILITIES (CVE-2019-4322) IT30140 SECURITY: DB2 AFFECTED BY BUFFER OVERFLOW VULNERABILITIES (CVE-2019-4584) IT30147 SECURITY: DB2 EXPOSES SENSITIVE INFORMATION WHEN USING ADMIN_CMD WITH LOAD OR UPDATE ALERT CFG (CVE-2019-4524) IT30428 SECURITY: DB2 IS VULNERABLE TO PRIVILEGE ESCALATION (CVE-2019-4587) IT31516 SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE ATTACK (CVE-2020-4200) IT31517 SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE ATTACK (CVE-2020-4135) IT31639 SECURITY: DB2 IS VULNERABLE TO MULTIPLE BUFFER OVERFLOWS (CVE-2020-4204) HIPER APARs IT25314 UNICODE DATA WHICH BUILT WITH SUPPLEMENTARY CHARACTERS FAILS TO CONVERT TO 1392 CODESET IT25735 INCORRECT RESULTS COULD HAPPEN WITH OUTER JOINS AND EXPRESSIONS IN JOIN COLUMNS IT25935 FODC APPERR AFTER APPLYING FIXPACK10 ON V10.5 for queries against Created Global Temporary Tables IT26439 JOIN OF COLUMN-ORGANIZED TABLES MIGHT RETURN INCORRECT RESULTS IT26454 WHEN USING REOPT OPTIMIZER GUIDELINE UPDATES, INSERTS AND DELETES RUNNING IN BATCHES MIGHT INSERT WRONG DATA IT27746 POSSIBLE TO LOAD BAD ROWS INTO A TABLE WHICH HAS NOT NULL GENERATED COLUMNS WHEN COMPUTED GENERATED VALUES ARE NULL IT27825 DB2: HIGH NUMBER OF SQL VARIATIONS & ANCHOR_COMMON LATCH WAITS CAUSING CPU SPIKE IT27830 PERFORMANCE MAY BE AFFECTED BY DYNAMIC SQL CACHE NON REUSE IT28738 WRONG RESULTS MIGHT BE OBSERVED WHEN RUNNING QUERIES WITH OUTER JOINS AND GROUP BY OPERATIONS IT28945 DB2 MAY RETURN INCORRECT RESULT WHEN EXECUTING QUERY WITH UNION VIEW INCLUDE MULTIPLE TABLES IT29977 DB2 MAY RETURN INCORRECT RESULTS WHEN EXECUTING IUD STATEMENTS CONTAINING A SUBQUERY WITH CORRELATION AND AGGREGATION IT30006 DB2 MAY PRODUCE INCORRECT RESULTS FOR HSJN WITH PREDICATE THAT HAS CASE(COALESCE) AND NLJN OR ZZJOIN ON THE OUTER IT30252 WRONG RESULTS ARE POSSIBLE FOR FEDERATED OR COLUMNAR QUERY WITH AGGREGATION OVER DISTINCT OUTER JOIN IT30469 DB2 MAY PRODUCE INCORRECT RESULTS WHEN EXECUTING QUERIES CONTAINING JOINS WITH DIFFERING FLOATING-POINT PRECISIONS IT30470 MULTIPLE CLP FRONTENDS ISSUED FROM DIFFERENT SHELL SCRIPTS USES THE SAME BACKEND AGENT, CAUSING UNEXPECTED RESULTS OR ERRORS. IT31687 ON RARE OCCASION, DATA CORRUPTION MIGHT BE INDUCED BY FAILURE TO PANIC THE DATABASE ON ENCRYPTION ERROR. Back to top - --> DB2 fix packs for all supported versions can be downloaded at the following site: http://www.ibm.com/support/docview.wss?uid=swg27007053 The DB2 team will continue to have a strong focus on delivering timely fixes for newly discovered issues along with information that helps our customers to decide on an appropriate course of action. The DB2 team regrets the inconvenience that these issues are causing to you, our customers. We believe that our actions are the most prudent steps to address your concerns and remain open to suggestions on how to further improve our processes. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXmXYBWaOgq3Tt24GAQhhdg/+LRLeX3k91NjehkbSLdgUA9VPtpG4zHuO EH2XNPjbtzQemVSf/Q2A+F0R6X3MPqAUlvf8dERyZO5b+LnqXQC60GyqPEWpuDp0 AmHah92AYZ80Z3EKtVpyWueSypcAuQki+e6mhglaLzk/sOBn0Xt8IJdGmDqpsNl3 kfVKAObrqghCv0LSWpO6zmSSJmtTy9IdQ/7SoVBE7On6r+lU7TNh5gWaqd1/fLZa JGF88OgNEnqbgwIklZfkgSrcC7QGQYf51yyKY6plaOPAs9EiR6TYyN65WLGflrd6 2C3RmhDW1G8CmG0b1tkbwkssqDzLsdBXzLsx2mYaubg3MRRSQZ8LugIl3SA1Q4Ce +plkwCFArCdDEyKbWFiuPs0ZuQP4isT77vN4g4BAfoX/oCHpFYeIttu4FL7EJ/RU vbj6Q6WJF732NB5IhDDo6fSjn7JLVYXS1WhFGtGAxkxuZeMaVhrkTh1B++6UYQZr bK8Sa2yPIGU3Lzy4fNBlUuu6ZNDpkRwU2GyWHHVftcEi7OmzQnjsu6yhy2u+gglH LkYmy6Lq37vHkBNy+GPFW2SgwG8iYeQ+2Di44+jXVModer7aLxykrkNZkvancI6V ov3K3KC0aWFFX3UvvzruIgRDJnI35/hNnbZDqGMhSk+obu2HL0NlGUUQXtvJMkqj Ep9+485EDUI= =4rpj -----END PGP SIGNATURE-----