IBM Support

IBM® DB2® for Linux, Unix and Windows is not directly affected by the OpenSSL Heartbleed vulnerability, IBM DB2 pureScale™ Feature utilizes services from GPFS for which a flash has been published (CVE-2014-0160)

Flashes (Alerts)


Abstract

IBM DB2 for Linux, Unix and Windows is not directly affected by the OpenSSL HeartBleed vulnerability (CVE-2014-0160), IBM DB2 pureScale Feature utilizes services from GPFS for which a flash has been published.

Content

IBM DB2 for Linux, Unix and Windows is not directly affected by the OpenSSL HeartBleed vulnerability (CVE-2014-0160). However, IBM DB2 pureScale Feature utilizes services from GPFS for which a flash has been published here http://www-01.ibm.com/support/docview.wss?uid=isg3T1020713. We strongly suggest you read the flash and take the appropriate actions.

IBM DB2 pureScale Feature is part of the following products. Potential exposure only exists in these products if you are using the pureScale Feature.

IBM DB2 9.8 pureScale Feature for Enterprise Server Edition
IBM DB2 10.1 pureScale Feature
IBM DB2 10.5 Advanced Enterprise Server Edition
IBM DB2 10.5 Advanced Workgroup Server Edition
IBM DB2 10.5 Developer Edition for Linux, Unix and Windows


The following IBM DB2 for Linux, Unix and Windows products are NOT vulnerable to the OpenSSL Heartbleed vulnerability.

IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Connect™ Application Server Edition
IBM DB2 Connect Application Server Advanced Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System i®
IBM DB2 Connect Unlimited Edition for System z®
IBM DB2 Connect Unlimited Advanced Edition for System z

When not using IBM DB2 pureScale Feature the following products are not affected.

IBM DB2 10.5 Advanced Enterprise Server Edition
IBM DB2 10.5 Advanced Workgroup Server Edition
IBM DB2 10.5 Developer Edition for Linux, Unix and Windows



Remediation/Fixes:
If you are using IBM DB2 pureScale Feature then we strongly suggest you read the flash http://www-01.ibm.com/support/docview.wss?uid=isg3T1020713 and take the appropriate actions.


Change History:
11 April 2014: Original document published
17 April 2014: Added DB2 pureScale Feature/GPFS details.


22 April 2014: Fix link to GPFS flash.

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Database Objects\/Config - Database","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.8;9.7;9.5;9.1;10.1;10.5","Edition":"Advanced Enterprise Server;Advanced Workgroup Server;Enterprise Server;Express;Express-C;Personal;Workgroup Server","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSEPDU","label":"Db2 Connect"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.7;9.5;9.1;8.2;10.1;10.5","Edition":"Application Server;Enterprise Server;Personal;Unlimited for System i;Unlimited for System z","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
25 September 2022

UID

swg21670112

Page Feedback