-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0845
 Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2
                 for Linux, UNIX, and Windows Version 10.5
                               9 March 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           DB2 Connect Server
                   DB2 Developer Edition
                   DB2 Enterprise Server
                   DB2 Express Server
                   DB2 Workgroup Server
Publisher:         IBM
Operating System:  Linux variants
                   Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Increased Privileges            -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-4204 CVE-2020-4200 CVE-2020-4135
                   CVE-2019-4587 CVE-2019-4584 CVE-2019-4524
                   CVE-2019-4322 CVE-2019-4154 CVE-2019-4102
                   CVE-2019-4101 CVE-2019-4057 CVE-2019-4016
                   CVE-2019-4015 CVE-2019-4014 CVE-2018-3180
                   CVE-2018-1980 CVE-2018-1978 CVE-2018-1936
                   CVE-2018-1923 CVE-2018-1922 CVE-2018-1897
                   CVE-2018-1834 CVE-2018-1802 CVE-2018-1799
                   CVE-2018-1781 CVE-2018-1780 CVE-2018-1711
                   CVE-2018-1710 CVE-2018-1685 

Reference:         ASB-2019.0299
                   ASB-2019.0217
                   ESB-2020.0821.2
                   ESB-2020.0814
                   ESB-2019.4753

Original Bulletin: 
   https://www.ibm.com/support/pages/node/716793

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for
Linux, UNIX, and Windows Version 10.5

Flashes (Alerts)


Abstract

This document contains a list of fixes for Security and HIPER APARs in DB2
Version 10.5.

IBM(R) recommends that you review the APAR descriptions and deploy one of the
above fix packs to correct them on your affected DB2 installations.

Content

A set of security vulnerabilities was discovered in some DB2 database products.
These vulnerabilities were analyzed by the DB2 development organization and a
set of corresponding fixes was created to address the reported issues. IBM is
not currently aware of any externally reported incidents where production DB2
installations have been compromised due to these issues.

The affected DB2 UDB for Linux, UNIX, and Windows products are:

DB2 Connect Server (all Editions)
DB2 Developer Edition
DB2 Enterprise Server (all Editions)
DB2 Express Server (all Editions)
DB2 Workgroup Server (all Editions)

DB2 Client component and DB2 products or components other than those listed
above are not affected.

Due to the complexity of the fixes required to eliminate the reported service
issues, it is not feasible to retrofit the same fixes into earlier DB2 Version
10.5 fix packs.


Select a Fix Pack: 11 10 9 8 7 6 5 4 3a 3 1

- -->

                       DB2 Version 10.5 Fix Pack 11
Security APARs
IT25719 SECURITY: BUFFER OVERFLOW IN DB2 DB2LICM UTILITY (CVE-2018-1710)
IT25814 SECURITY: PRIVILEGE ESCALATION VULNERABILITY IN DB2CACPY
        (CVE-2018-1685)
IT25826 SECURITY: ADMINISTRATIVE TASK SCHEDULER IS VULNERABLE TO A
        PRIVILEGE ESCALATION (CVE-2018-1711)
IT25829 SECURITY: VULNERABILITIES IN GSKIT AFFECT IBM SPECTRUM SCALE
IT26133 SECURITY: DB2 IS VULNERABLE TO SYMBOLIC LINK ATTACK LEADING TO
        PRIVILEGE ESCALATION (CVE-2018-1780)
IT26136 SECURITY: DB2 DAS PRIVILEGE ESCALATION FROM DAS OWNER TO ROOT VIA
        SYMBOLIC LINK ATTACK (CVE-2018-1781)
IT26137 SECURITY: DB2 VULNERABLE TO SYMBOLIC LINK ATTACK RESULTING IN
        PRIVILEGE ESCALATION (CVE-2018-1799)
IT26138 SECURITY: PRIVILEGE ESCALATION IN ROOT SETUID EXECUTABLES
        (CVE-2018-1802)
IT26156 SECURITY: IBM SDK JAVA QUARTERLY CPU - JUL 2018
IT26316 SECURITY: DB2 IS VULNERABLE TO PRIVILEGE ESCALATION (CVE-2018-1834)
IT26513 SECURITY: DB2 IS AFFECTED BY A VULNERABILITY IN IBM SPECTRUM SCALE
IT26714 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION (CVE-2018-1897)
IT26858 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION (CVE-2018-1922)
IT26881 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION (CVE-2018-1923, CVE-2018-1978)
IT27031 SECURITY: DB2 IS AFFECTED BY THE SECURITY VULNERABILITIES
        CVE-2018-3180 [PSIRT
IT27129 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION (CVE-2018-1980)
IT27143 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION (CVE-2018-1936)
IT27192 SECURITY: PRIVILEGE ESCALATION DURING ROUTINE EXECUTION IN FENCED
        MODE (CVE-2019-4057)
IT27305 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION (CVE-2019-4014)
IT27347 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION (CVE-2019-4016)
IT27391 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION
IT27392 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE
        ESCALATION (CVE-2019-4015)
IT28251 SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE (CVE-2019-4101)
IT28252 SECURITY: DB2 DOES NOT EXPLICITLY FORBID A WEAKER THAN EXPECTED
        3DES CIPHER WHEN CONFIGURED TO USE SSL (CVE-2019-4102)
IT28441 SECURITY: DB2 IS VULNERABLE TO A BUFFER OVERFLOW (CVE-2019-4154)
IT29113 SECURITY: DB2 AFFECTED BY BUFFER OVERFLOW VULNERABILITIES
        (CVE-2019-4322)
IT30140 SECURITY: DB2 AFFECTED BY BUFFER OVERFLOW VULNERABILITIES
        (CVE-2019-4584)
IT30147 SECURITY: DB2 EXPOSES SENSITIVE INFORMATION WHEN USING ADMIN_CMD
        WITH LOAD OR UPDATE ALERT CFG (CVE-2019-4524)
IT30428 SECURITY: DB2 IS VULNERABLE TO PRIVILEGE ESCALATION (CVE-2019-4587)
IT31516 SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE ATTACK
        (CVE-2020-4200)
IT31517 SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE ATTACK
        (CVE-2020-4135)
IT31639 SECURITY: DB2 IS VULNERABLE TO MULTIPLE BUFFER OVERFLOWS
        (CVE-2020-4204)
HIPER APARs
IT25314 UNICODE DATA WHICH BUILT WITH SUPPLEMENTARY CHARACTERS FAILS TO
        CONVERT TO 1392 CODESET
IT25735 INCORRECT RESULTS COULD HAPPEN WITH OUTER JOINS AND EXPRESSIONS IN
        JOIN COLUMNS
IT25935 FODC APPERR AFTER APPLYING FIXPACK10 ON V10.5 for queries against
        Created Global Temporary Tables
IT26439 JOIN OF COLUMN-ORGANIZED TABLES MIGHT RETURN INCORRECT RESULTS
IT26454 WHEN USING REOPT OPTIMIZER GUIDELINE UPDATES, INSERTS AND DELETES
        RUNNING IN BATCHES MIGHT INSERT WRONG DATA
IT27746 POSSIBLE TO LOAD BAD ROWS INTO A TABLE WHICH HAS NOT NULL GENERATED
        COLUMNS WHEN COMPUTED GENERATED VALUES ARE NULL
IT27825 DB2: HIGH NUMBER OF SQL VARIATIONS & ANCHOR_COMMON LATCH WAITS
        CAUSING CPU SPIKE
IT27830 PERFORMANCE MAY BE AFFECTED BY DYNAMIC SQL CACHE NON REUSE
IT28738 WRONG RESULTS MIGHT BE OBSERVED WHEN RUNNING QUERIES WITH OUTER
        JOINS AND GROUP BY OPERATIONS
IT28945 DB2 MAY RETURN INCORRECT RESULT WHEN EXECUTING QUERY WITH UNION
        VIEW INCLUDE MULTIPLE TABLES
IT29977 DB2 MAY RETURN INCORRECT RESULTS WHEN EXECUTING IUD STATEMENTS
        CONTAINING A SUBQUERY WITH CORRELATION AND AGGREGATION
IT30006 DB2 MAY PRODUCE INCORRECT RESULTS FOR HSJN WITH PREDICATE THAT HAS
        CASE(COALESCE) AND NLJN OR ZZJOIN ON THE OUTER
IT30252 WRONG RESULTS ARE POSSIBLE FOR FEDERATED OR COLUMNAR QUERY WITH
        AGGREGATION OVER DISTINCT OUTER JOIN
IT30469 DB2 MAY PRODUCE INCORRECT RESULTS WHEN EXECUTING QUERIES CONTAINING
        JOINS WITH DIFFERING FLOATING-POINT PRECISIONS
IT30470 MULTIPLE CLP FRONTENDS ISSUED FROM DIFFERENT SHELL SCRIPTS USES THE
        SAME BACKEND AGENT, CAUSING UNEXPECTED RESULTS OR ERRORS.
IT31687 ON RARE OCCASION, DATA CORRUPTION MIGHT BE INDUCED BY FAILURE TO
        PANIC THE DATABASE ON ENCRYPTION ERROR.

Back to top


- -->

DB2 fix packs for all supported versions can be downloaded at the following
site: http://www.ibm.com/support/docview.wss?uid=swg27007053

The DB2 team will continue to have a strong focus on delivering timely fixes
for newly discovered issues along with information that helps our customers to
decide on an appropriate course of action. The DB2 team regrets the
inconvenience that these issues are causing to you, our customers. We believe
that our actions are the most prudent steps to address your concerns and remain
open to suggestions on how to further improve our processes.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXmXYBWaOgq3Tt24GAQhhdg/+LRLeX3k91NjehkbSLdgUA9VPtpG4zHuO
EH2XNPjbtzQemVSf/Q2A+F0R6X3MPqAUlvf8dERyZO5b+LnqXQC60GyqPEWpuDp0
AmHah92AYZ80Z3EKtVpyWueSypcAuQki+e6mhglaLzk/sOBn0Xt8IJdGmDqpsNl3
kfVKAObrqghCv0LSWpO6zmSSJmtTy9IdQ/7SoVBE7On6r+lU7TNh5gWaqd1/fLZa
JGF88OgNEnqbgwIklZfkgSrcC7QGQYf51yyKY6plaOPAs9EiR6TYyN65WLGflrd6
2C3RmhDW1G8CmG0b1tkbwkssqDzLsdBXzLsx2mYaubg3MRRSQZ8LugIl3SA1Q4Ce
+plkwCFArCdDEyKbWFiuPs0ZuQP4isT77vN4g4BAfoX/oCHpFYeIttu4FL7EJ/RU
vbj6Q6WJF732NB5IhDDo6fSjn7JLVYXS1WhFGtGAxkxuZeMaVhrkTh1B++6UYQZr
bK8Sa2yPIGU3Lzy4fNBlUuu6ZNDpkRwU2GyWHHVftcEi7OmzQnjsu6yhy2u+gglH
LkYmy6Lq37vHkBNy+GPFW2SgwG8iYeQ+2Di44+jXVModer7aLxykrkNZkvancI6V
ov3K3KC0aWFFX3UvvzruIgRDJnI35/hNnbZDqGMhSk+obu2HL0NlGUUQXtvJMkqj
Ep9+485EDUI=
=4rpj
-----END PGP SIGNATURE-----