Flashes (Alerts)
Abstract
This document contains a list of fixes for Security and HIPER APARs in DB2 Version 9.7
IBM® recommends that you review the APAR descriptions and deploy one of the above fix packs to correct them on your affected DB2 installations.
Content
A set of security vulnerabilities was discovered in some DB2 database products. These vulnerabilities were analyzed by the DB2 development organization and a set of corresponding fixes was created to address the reported issues. IBM is not currently aware of any externally reported incidents where production DB2 installations have been compromised due to these issues.
The affected DB2 for Linux, UNIX, and Windows products are:
- DB2 Enterprise Server Edition
- DB2 Workgroup Server (all Editions)
- DB2 Express Server (all Editions)
- DB2 Personal Edition
- DB2 Connect Server (all Editions)
DB2 Client component and DB2 products or components other than those listed above are not affected.
Due to the complexity of the fixes required to eliminate the reported service issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 9.7 fix packs.
Select a Fix Pack: 11 | 10 | 9a | 9 | 8 | 7 | 6 | 5 | 4 | 3a | 3 | 2 | 1
DB2 Version 9.7 Fix Pack 11 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC96934 | SECURITY: Multiple ALTER TABLE statements can cause DB2 to terminate (CVE-2014-6210). | ||||
IT05645 | SECURITY: ALTER TABLE on an identity column may cause DB2 to terminate (CVE-2014-6209). | ||||
IT05937 | SECURITY: XML QUERY WILL CAUSE DB2 TO INCREASE CPU USAGE CVE-2014-8901). | ||||
IT06348 | SECURITY: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730) | ||||
IT06356 | SECURITY: IBM DB2 contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910) | ||||
IT07103 | SECURITY: DB2 TRAPS WHEN EXECUTING A SPECIALLY-CRAFTED SQL STATEMENT WITH SCALAR FUNCTIONS (CVE-2015-0157) | ||||
IT07547 | SECURITY: DB2 contains a sensitive information exposure vulnerability in the monitoring and audit feature (CVE-2014-0919) | ||||
IT07648 | SECURITY: VULNERABILITIES IN GSKIT AFFECT IBM DB2 LUW (CVE-2015-0138) | ||||
IT08086 | SECURITY: DB2 CONTAINS A FILE DISCLOSURE VULNERABILITY IN THE DATABASE AUTOMATED MAINTENANCE FEATURE (CVE-2015-1883) | ||||
IT08523 | SECURITY: DB2 USER CAN DELETE TABLE DATA WITHOUT APPROPRIATE PRIVILEGES (CVE-2015-1922) | ||||
IT08534 | SECURITY: VULNERABILITY IN RC4 STREAM CIPHER AFFECTS IBM® DB2® LUW (CVE-2015-2808) | ||||
IT08668 | SECURITY: DB2 LUW CONTAINS A VULNERABILITY IN SCALAR FUNCTION THAT MAY CAUSE DB2 SERVER TO TERMINATE ABNORMALLY (CVE-2015-1935) | ||||
IT09897 | SECURITY: GSKIT IS AFFECTED BY SECURITY VULNERABILITIES (CVE-2015-1788) | ||||
HIPER APARs | |||||
IC94634 | THERE MIGHT BE A DOUBLE FREE OR LIST CORRUPTION IN THE SQLRLC_CSM_DEFUNCT() FUNCTION | ||||
IT04226 | SQL STATEMENT WITH REPARTITIONED JOINS MIGHT RETURN INCORRECT RESULTS IN A DPF SYSTEM | ||||
IT05893 | SQL STATEMENT WITH MULTIPLE SIMILAR CORRELATED SUBEXPRESSIONS MIGHT RETURN INCORRECT RESULTS | ||||
IT05909 | COMMANDS ACCESSING DB DIRECTORY ( "CREATE DB", "LIST DB DIRECTORY", ETC) MAY HANG | ||||
IT06046 | WHEN INTRA_PARALLEL ENABLED, QUERY WITH OLAP FUNCTION PARTITIONED BY A SCALAR RESULT MIGHT RETURN INCORRECT RESULTS | ||||
IT06646 | SYSIBM.POWER ( EXPRESSION1, EXPRESSION2 ) WILL RETURN INCORRECT RESULTS FOR SOME VALUES WHEN THE BIGINT DATA TYPE IS USED | ||||
IT07560 | IN RARE SCENARIOS COMPLEX QUERY WITH AN OLAP SPECIFICATION AND A SUBQUERY MIGHT RETURN EXTRA ROWS | ||||
IT08059 | CONTENTION ON SQLP_LTRN_CHAIN__ENTRY_LATCH AFTER LOCK ESCALATION IS INTERRUPTED DEGRADES PERFORMANCE | ||||
IT08816 | INCORRECT RESULTS FROM SORT OPERATIONS ON DB2 VERSION 9.7.0.10 | ||||
IT09136 | WRONG RESULT FROM STATEMENT WITH TWO OR MORE OLAP FUNCTIONS WITH COMPATIBLE PARTITION-BY CLAUSES WITH ONE EQUATING TO CONSTANTS | ||||
IT09335 | IN A RARE CONDITION, A QUERY OF A CHAIN OF EQUALITY JOIN PREDICATES BETWEEN 4 OR MORE TABLES COULD PRODUCE EXTRA ROWS | ||||
IT09831 | INCORRECT RESULT WHEN QUERY HAS LEFT OUTER JOIN AND UNION ALL | ||||
IT10811 | INDEX/DATA MISMATCH MIGHT OCCUR IN AN MDC TABLE AFTER A DEFERRED ROLLOUT IS SUSPENDED |
DB2 Version 9.7 Fix Pack 10 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IT02592 | Security: DB2 contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094) | ||||
IT02645 | SECURITY: DB2 contains a denial of service vulnerability in SQL Compiler (CVE-2014-3095) | ||||
IT03786 | DB2 MAY TERMINATE ABNORMALLY WHEN ISSUING AN ALTER TABLE STATEMENT CVE-2014-6097 | ||||
IT05105 | SECURITY: DB2 may terminate abnormally when issuing an ALTER TABLE statement with AUTO_REVAL set to IMMEDIATE (CVE-2014-6159). | ||||
HIPER APARs | |||||
IC97288 | THE DBMS_LOB.COMPARE FUNCTION AND DBMS_LOB.READ PROCEDURE DO NOT PROCESS CLOBS CORRECTLY IF MULTI-BYTE CHARACTERS ARE PRESENT | ||||
IC97774 | INSTANCE MIGHT ABEND OR RETURN INCORRECT RESULTS DUE TO AN INCORRECT EXECUTION SECTION FOR STAR JOIN | ||||
IC98117 | COLLATION_KEY_BIT MIGHT GENERATE EMPTY STRINGS IN ORACLE MODE IF INPUT STRING CONSISTS OF BLANKS | ||||
IC99044 | DATABASE DAMAGED BY RESTORE DB AFTER ENABLING AUTOMATIC STORAGE IF RESTORING A BACKUP FROM BEFORE AUTOMATIC STORAGE WAS ENABLED | ||||
IT00425 | POTENTIAL INDEX CORRUPTION WHEN USING INDEX COMPRESSION AND UNICODE DATABASES WHICH USE UCA COLLATION WITH S(STRENGTH) = 1 OR 2 | ||||
IT00607 | CLI-BASED APPLICATIONS RECEIVE SQL0501N AGAINST DB2 Z/OS WHEN STORED PROCEDURE CALL HAS MULTIPLE CURSORS | ||||
IT01085 | SQL STATEMENT WITH UNCORRELATED SUBQUERY PREDICATE MIGHT RETURN INCORRECT RESULTS WHEN INTRA_PARALLEL IS ENABLED | ||||
IT01101 | CHAR(' ',0) RETURNS EMPTY STRING INSTEAD OF NULL IN VARCHAR2 ENABLED DATABASE. | ||||
IT01616 | QUERIES WITH XMLTABLE FUNCTIONS MIGHT RETURN INCORRECT RESULTS WHEN MORE THAN ONE EQUAL PREDICATE IS USED IN WHERE CLAUSE | ||||
IT01653 | TABLE SPACE ROLLFORWARD MIGHT NOT UNDO TRANSACTION CORRECTLY, LEAVING INCONSISTENT DATA | ||||
IT01660 | INCORRECT RESULTS MIGHT BE PRODUCED WITH PREDICATES INVOLVING NULL CONSTANTS | ||||
IT01670 | QUERY MIGHT HAVE OR PREDICATE WRONGLY REMOVED RESULTING IN EXTRA ROWS IN THE RESULTS | ||||
IT02045 | ACCESS PLANS CONTAINING INDEX ORING BETWEEN MDC AND NON MDC INDEX MAY NOT FETCH ALL ROWS FROM SECOND EXECUTION ONWARDS |
DB2 Version 9.7 Fix Pack 9a | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC99474 | Security: IBM DB2 is impacted by multiple TLS/SSL security vulnerabilities (CVE-2013-6747, CVE-2014-0963) | ||||
IC99478 | SECURITY: VULNERABILITY IN STORED PROCEDURE INFRASTRUCTURE CAN ALLOW ESCALATION OF PRIVILEGE TO ADMINISTRATOR (CVE-2013-6744). | ||||
IT00684 | SECURITY: ELEVATED PRIVILEGES WITH DB2 EXECUTABLES (CVE-2014-0907) |
DB2 Version 9.7 Fix Pack 9 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC90395 | SECURITY: MULTIPLE GSKIT VULNERABILITIES IN IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203). | ||||
IC92495 | SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN DB2AUD AND DB2FLACC (CVE-2013-3475). | ||||
IC94523 | SECURITY: UNAUTHORIZED ACCESS TO TABLE VULNERABILITY IN DB2 (CVE-2013-4033) | ||||
IC95641 | SECURITY: QUERY WITH OLAP SPECIFICATION CAUSES DB2 SERVER TO SHUTDOWN DATABASE. (CVE-2013-6717) | ||||
IC97470 | SECURITY: NULL POINTER DEREFERENCE IN DB2'S XSLT PARSING ENGINE (CVE-2013-5466). | ||||
HIPER APARs | |||||
IC91110 | THE QUERY STATEMENT WITH A SUBQUERY PREDICATE MIGHT NOT RETURN ROWS AFTER ENABLING DB2_COMPATIBILITY_VECTOR=ORA | ||||
IC91458 | A QUERY MIGHT RETURN INCORRECT RESULTS OR TRAP DURING OPTIMIZATION IN QRW PHASE IN FUNCTION SQLNR_OR_PREDS_OPT, IN 9.7 FIXPACK 8 | ||||
IC92963 | INDEX / DATA MISMATCH MIGHT OCCUR IN AN MDC TABLE AFTER A DEFERRED ROLLOUT | ||||
IC93995 | UPDATE OF UNIQUE COLUMNS MIGHT RESULT IN DUPLICATES IN A TABLE WITH A UNIQUE INDEX | ||||
IC95712 | BITWISE SCALAR FUNCTIONS MIGHT RETURN INCORRECT RESULTS WHEN USED WITH DECFLOAT DATATYPE ON AIX POWER7 | ||||
IC96093 | INCORRECT RESULT IN UNICODE DB WITH LIKE PREDICATE AND FULLWIDTH UNDERSCORE WILD CHARACTER ON A CLOB COLUMN | ||||
IC96906 | QUERIES WITH THE XMLTABLE FUNCTION MIGHT RETURN INCORRECT RESULTS | ||||
IC97380 | THE ROUND FUNCTION WITH A MINIMUM VALUE FOR INTEGER AND BIGINT VALUES IS NOT RETURNING THE CORRECT RESULTS | ||||
IC98331 | A QUERY WITH AN OR PREDICATE MIGHT RETURN INCORRECT RESULTS IN 9.7 FIXPACK 8 |
DB2 Version 9.7 Fix Pack 8 | |||||
---|---|---|---|---|---|
HIPER APARs | |||||
IC87345 | ROWS MIGHT BE INSERTED INTO WRONG MDC TABLE CELL AFTER PREVIOUS INSERTS IN SAME TRANSACTION ENCOUNTER TABLESPACE FULL | ||||
IC89290 | INDEX CORRUPTION MIGHT BE INTRODUCED DURING A DATABASE UPGRADE TO DB2 VERSION 9.7 | ||||
IC89412 | READ STABILITY ISOLATION IS NOT ENFORCED UNDER CERTAIN SQL ACCESS PLANS | ||||
IC89495 | INCORRECT RESULTS ON RANGE PARTITIONED TABLE WITH XML COLUMN | ||||
IC90199 | ROLLFORWARD OR REPLAY LOG ON THE HADR STANDBY DATABASE FAILS AND LEAVES THE TABLE UNRECOVERABLE | ||||
Special Attention APARs | |||||
IC90721 | SQLGETDIAGFIELDW() SHOULD RETURN THE STRINGLENGTHPTR AS BYTES INSTEAD OF AS CHARACTERS. |
DB2 Version 9.7 Fix Pack 7 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC84714 | SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY (CVE-2012-2194). | ||||
IC84748 | SECURITY: GET_WRAP_CFG_C AND GET_WRAP_CFG_C2 ALLOWS UNAUTHORIZED ACCESS XML FILES (CVE-2012-2196). | ||||
IC84753 | SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN JAVA STORED PROCEDURE INFRASTRUCTURE (CVE-2012-2197). | ||||
IC86781 | SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN SQL/PERSISTENT STORED MODULES DEBUGGING INFRASTRUCTURE (CVE-2012-4826). | ||||
HIPER APARs | |||||
IC83578 | XQUERY MIGHT RETURN INCORRECT RESULTS WHEN BOTH 'AND' AND 'OR' PREDICATES EXIST AND ALL PREDICATES CAN BE APPLIED TO XML INDEXES | ||||
IC83976 | WITH REOPT ENABLED, STATEMENTS CONTAINING ARRAY OR ROW VARIABLES MIGHT PRODUCE INCORRECT OUTPUT | ||||
Special Attention APARs | |||||
IC83608 | SQL WITH NESTED MATH OPERATIONS ON COLUMNS THAT ARE DEFINED WITH NOT NULL AND USING FUNCTIONS MAY RETURNED DIFFERENT RESULTS. | ||||
IC84764 | INDEX CORRUPTION MAY BE INTRODUCED DURING A DATABASE UPGRADE TO DB2 VERSION 9.7 | ||||
IC85196 | CREATING A UNIQUE GLOBAL INDEX ON A TABLE WITH DETACHED PARTITION AND DEPENDANT MQT MIGHT LEAD TO INCORRECT RESULT AFTER REFRESH | ||||
IC85422 | QUERY WITH A UNION AND TWO CORRELATED BRANCHES MIGHT RETURN INCORRECT RESULTS IN PARTITIONED DATABASE ENVIRONMENTS | ||||
IC85433 | BATCH INSERTS CAUSING DUPLICATE ROWS WHEN USING NULLIDRA (REOPT=ALWAYS) VS. NULLIDR1 (REOPT=ONCE) |
DB2 Version 9.7 Fix Pack 6 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC79274 | SECURITY: DB2 ESCALATION OF PRIVILEGE VULNERABILITY | ||||
IC80729 | SECURITY: REMOTE ESCALATION OF PRIVILEGE VULNERABILITY IN DAS. | ||||
IC81380 | SECURITY: DENIAL OF SERVICE SECURITY VULNERABILITY IN DB2'S XML FEATURE. | ||||
IC81390 | SECURITY: UNAUTHORIZED ACCESS TO TABLES | ||||
IC81462 | SECURITY: UNAUTHORIZED ACCESS TO XML FILES IN DB2'S XML FEATURE | ||||
IC82234 | SECURITY: DB2 DENIAL OF SERVICE VULNERABILITY IN THE DRDA COMPONENT. | ||||
HIPER APARs | |||||
IC80899 | COALESCE EXPRESSION IN THE OUTER JOIN OPERATOR (+) MAY RETURN INCORRECT RESULTS | ||||
IC81066 | WITH FILE SYSTEM CACHING ENABLED, SYSTEM OUTAGE MIGHT RESULT IN CORRUPTION DURING LOB OR REORG PROCESSING | ||||
IC81096 | DATABASE CORRUPTION UPON REACHING PHYSICAL LIMITS OF SMS TABLE SPACE | ||||
IC82403 | CRASH RECOVERY OR ROLL FORWARD OPERATION MIGHT FAIL WHEN CERTAIN LOG RECORDS ARE REPLAYED ON A TABLE WITH COMPRESSION ENABLED | ||||
Special Attention APARs | |||||
IC79727 | QUERIES WITH LIKE OPERATORS MIGHT RETURN INCORRECT RESULTS DUE TO AN INVALID HIGHEST PADDING CHARACTER | ||||
IC80394 | CHANCES OF MEMORY LEAK INTRODUCED IN VERSION 9.7 FIX PACK 5 | ||||
IC80456 | LIKE CLAUSES MIGHT RETURN INCORRECT RESULTS FOR COLUMNS WITH VARCHAR DATA TYPE IN UNICODE DATABASES | ||||
IC81388 | FAILED ONLINE LOAD WITH INDEX REBUILD CAN LEAD TO MISMATCH BETWEEN TABLE AND INDEX | ||||
IC81466 | WITH FILE SYSTEM CACHING ENABLED, SYSTEM OUTAGE DURING LOAD PROCESSING MIGHT RESULT IN CORRUPTION | ||||
IC81649 | DB2START FAILS WITH SQL10003 ON SOLARIS 10, SPARC T4 PROCESSOR WITH 2GB PAGE SIZE SUPPORT | ||||
IC82348 | DATABASE CAN BE MARKED BAD DURING RECOVERY OR HADR REPLAY WHEN XML DATA IS IN THE TABLE | ||||
IC82921 | INCORRECT RESULTS AFTER LOADING A TABLE WITH CONSTRAINTS FOLLOWED BY RUNNING ALTER TABLE STATEMENT WITH ATTACH OR DETACH OPTIONS |
DB2 Version 9.7 Fix Pack 5 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC70473 | SECURITY: POTENTIAL TRAP WITH STMM ENABLED AND DATABASE_MEMORY SET TO AUTOMATIC | ||||
IC76901 | SECURITY: REMOTE DENIAL OF SERVICE OF DB2 SERVER. | ||||
HIPER APARs | |||||
IC78251 | ADMIN_MOVE_TABLE PROCEDURE RETURNS SQL0969N, SQL1188N or SQL0408N ERROR CODE | ||||
IC77502 | TRANSACTION LOG CORRUPTION DUE TO ENTERING A TIMING HOLE UPON RECEIVING AN INTERRUPT DURING CRASH RECOVERY | ||||
IC77510 | CLI FUNCTIONS RETURN SQL_SUCCESS EVEN WHEN SQL_ATTR_INSERT_BUFFERING = SQL_ATTR_INSERT_BUFFERING_IGD and INSERT COMMAND FAILS | ||||
IC77439 | POSSIBLE INCORRECT RESULTS FROM A GROUP OF LEFT JOIN, INNER JOIN, AND COALESCE EXPRESSION IN AN ON PREDICATE | ||||
IC77337 | INCORRECT OUTPUT MIGHT BE RETURNED BY A QUERY WITH PARTITION ELIMINATION INVOLVING MULTIPLE COLUMNS AND NON-CONSTANT KEYS | ||||
IC76792 | BAD PAGE HEADER ENCOUNTERED BY PREFETCHER DURING ONLINE BACKUP ON LINUX PLATFORM. BACKUP IMAGE MAY BE CORRUPTED. | ||||
IC76679 | INCORRECT RESULTS ARE RETURNED IF AN SQL QUERY CONTAINS RID(), RID_BIT() or ROWID | ||||
IC76116 | INCORRECT RESULTS OBTAINED WHEN USING VARCHAR_FORMAT (TO_CHAR) TO CONVERT NUMERIC VALUES TO FORMATTED STRINGS | ||||
Special Attention APARs | |||||
IC76415 | SQL30021 MESSAGE STATING 'MANAGER "0X1440" AT LEVEL "9" NOT SUPPORTED' IS RETURNED WHILE CONNECTING TO HOST VIA SEPARATE GATEWAY |
DB2 Version 9.7 Fix Pack 4 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC72119 | Users able to update statistics for tables without appropriate privileges | ||||
IC71375 | SECURITY: User continues to have privilege to execute a non-DDL statement after role membership has been revoked from its group | ||||
HIPER APARs | |||||
IC75037 | AFTER LOAD INSERT INTO MDC+RP (RANGE PARTITIONED) TABLE, SET INTEGRITY MAY SILENTLY FAIL TO VALIDATE ROWS AGAINST CONSTRAINTS | ||||
IC74244 | NESTED-LOOP JOIN WITH EARLYOUT FOR GROUPBY CLAUSES, YIELDS INCORRECT RESULTS WHEN JOIN COLUMNS ARE OF DIFFERENT DATA TYPES | ||||
IC72698 | INCORRECT RESULTS OR "SQL204N TABLE NOT FOUND" ERROR RETURNED WHEN SELECTING FROM VIEW. | ||||
Special Attention APARs | |||||
IC73163 | HIGH MEMORY ALLOCATION WHILE PROCESSING TABLE QUEUE ( TQ ) SPILLS ON DPF SYSTEMS |
DB2 Version 9.7 Fix Pack 3a | |||||
---|---|---|---|---|---|
HIPER APARs | |||||
IC70959 | INSERT OR UPDATE WITH INDEX COMPRESSION MAY CAUSE MEMORY CORRUPTION AND CRASH | ||||
IC69772 | POTENTIAL CORRUPTION WHEN REPLAYING LOG RECORDS THAT INSERT KEYS INTO AN INDEX AND TRIGGER PAGE SPLITS |
DB2 Version 9.7 Fix Pack 3 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC68015 | SECURITY: FUNCTIONS ARE NOT INVALIDATED NOR DROPPED EVEN WHEN THE OWNER LOSES SUFFICIENT PRIVILEGE TO ACCESS UNDERLYING OBJECTS. | ||||
IC70406 | SECURITY: UPDATE AGAINST A TABLE VIA A COMPOUND SQL (COMPILED) STATEMENT MAY BE EXECUTED BY USER WTHOUT REQUIRED PRIVILEGE | ||||
IC70539 | SECURITY: REMOTE BUFFER OVERFLOW VULNERABILITY IN DB2 ADMINISTRATIVE SERVER | ||||
IC72029 | SECURITY: DB2 DAS REMOTE CODE EXECUTION VULNERABILITY | ||||
HIPER APARs | |||||
IC71241 | Possible incorrect result on recursive views which joins to a table on a unique column | ||||
Special Attention APARs | |||||
IC70482 | OCCURRENCE OF INSTANCE CRASH WITH SIGNAL 11 |
DB2 Version 9.7 Fix Pack 2 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC67008 | SECURITY: SYSTEM GRANTED PRIVILEGES NOT REGENERATED ON VIEWS WHEN AUTO_REVAL IS SET TO IMMEDIATE | ||||
IC67819 | SECURITY: MONITOR ADMINISTRATIVE VIEWS IN SYSIBMADM SCHEMA ARE VIEWABLE BY PUBLIC. | ||||
IC63548 | SECURITY APAR: MODIFIED SQL DATA table function is not dropped when definer loses required privileges to maintain the objects. | ||||
IC65742 | SECURITY: VULNERABILITY IN DB2STST. | ||||
IC65762 | Security: DB2DART CAN OVERWRITE FILES OWNED BY THE NSTANCE OWNER. | ||||
IC65935 | SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462) | ||||
IC68762 | SECURITY: THE TIVOLI MONITORING AGENT (KUDDB2) FOR DB2 HAS DOS VULNERABILITY. (CVE-2010-0472) | ||||
IC66643 | Security: Special group and user enumeration on Windows 2008 could trap the server. | ||||
IC68055 | SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION WEAK SECURITY CVE-2009-3555 | ||||
IC66815 | SECURITY: User continues to have privilege to execute a non-DDL statement after their DBADM authority has been revoked. | ||||
HIPER APARs | |||||
IC66358 | DELETE NOT REMOVING DATA FROM MDC TABLE. | ||||
IC65446 | LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET TABLE LOB COLUMN | ||||
IC65328 | In DB2 V9.7 FP1 ONLINE BACKUP MAY FAIL WITH SQL2048 RC = 5, ERROR RAISED IN SQLUBRESIZEBUFSPACE PROBE 472 or it may hang. | ||||
IC64864 | DELETING DATA FROM MULTIDIMENSIONAL CLUSTERED (MDC) TABLES RETURNS INACCURATE RESULTS DUE TO DEFERRED ROLLOUT PROCESSING | ||||
IC62126 | Multi-threaded non-Java application either crashes or has code page conversion issues such as truncation of data | ||||
IC64092 | THE ROUND SQL FUNCTION CAN RETURN THE WRONG RESULT ON A DECFLOAT INPUT VALUES OF Infinity/-Infinity |
DB2 Version 9.7 Fix Pack 1 | |||||
---|---|---|---|---|---|
Security APARs | |||||
IC64759 | DASAUTO COMMAND CAN BE RUN BY NON-PRIVILEGED USERS | ||||
IC62502 | Security: db2licm utility vulnerability | ||||
IC63525 | SECURITY: Remote exploits of DB2 provided routines. | ||||
IC63302 | Security: Manipulation of db2ra data stream of Load utility request can cause seg fault. | ||||
IC64852 | SECURITY: SEQUENCE OR GLOBAL VARIABLE CAN BE USED WITHOUT THE APPROPRIATE PRIVILEGE | ||||
IC63959 | INCORRECT FILE PERMISSION AND AUTHORIZATION FOR HA SCRIPTS WHEN INSTALLED VIA V9.5. | ||||
IC64325 | In a rare case, calling a SQL stored procedure could cause the DB2 server to trap | ||||
IC64853 | VISIBILITY OF PASSWORDS IN SET ENCRYPTION PASSWORD STATEMENT AS SEEN VIA GET SNAPSHOT DYNAMIC SQL | ||||
IC68055 | SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION WEAK SECURITY CVE-2009-3555 | ||||
Security: DB2 instance terminates abnormally while compiling a SQL query | |||||
HIPER APARs | |||||
IC61886 | VERSION 9.7 DATABASE UPGRADE MAY CREATE A CORRUPTED LOG CONTROL FILE | ||||
IC62219 | DYNAMIC SQL STATEMENTS WITH HOST VARIABLES, USING A REOPT ALWAYS OPTIMIZER GUIDELINE, MAY RETURN WRONG RESULTS | ||||
IC62771 | INDEX COMPRESSION CAN RESULT IN A CORRUPTED INDEX | ||||
IC64066 | Incorrect result with multiple IN list to join (GENROW) plans via transivity on SMP and MPP environment | ||||
IC62088 | LOAD UTILITY MAY MARK A ROW BIT INCORRECTLY CAUSING INDEX SCAN TO RETURN INCORRECT RESULTS | ||||
IC63415 | OUTER JOIN OPERATION MAY RETURN INCORRECT RESULTS WITH A PREDICATE WITH A SUBQUERY RETURNING NOT MORE THAN ONE ROW | ||||
IC63668 | INCORRECT RESULTS WHEN ORDERED COLUMN GROUP OR PREDICATE CAN BE USED AS INDEX KEYS | ||||
IC64767 | ALTER BUFFERPOOL REDUCE OR STMM MAY HANG IF SET WRITE SUSPEND HAD BEEN ISSUED | ||||
IC64541 | SQLSETSTMTATTRW(SQL_ATTR_CHAINING_END) RETURNS 0, EVEN WHEN ONE OF THE PREVIOUS CHAINED STATEMENTS FAILED | ||||
IC64462 | UPDATE/DELETE OPERATION FROM A TABLE AFTER ONLINE TABLE MOVE CAUSES DB2 TO CRASH |
DB2 fix packs for all supported versions can be downloaded at the following site: http://www.ibm.com/support/docview.wss?uid=swg27007053
The DB2 team will continue to have a strong focus on delivering timely fixes for newly discovered issues along with information that helps our customers to decide on an appropriate course of action. The DB2 team regrets the inconvenience that these issues are causing to you, our customers. We believe that our actions are the most prudent steps to address your concerns and remain open to suggestions on how to further improve our processes.
My Notifications
Sign-up to receive e-mail notification of changes to this document.
1. Sign in to My Notifications
2. select Subscribe tab
3. select "Information Management" from the Software column
4. select the check box for "DB2 for Linux, UNIX and Windows"
click the Continue button.
5. select the check box for "Flashes" and all other document types
click the Submit button.
For more information about My Notifications please click on
- the Benefits and features or
- take an guided tour of My Notifications.
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21450666