IBM Support

IT09899: SECURITY: GSKIT IS AFFECTED BY SECURITY VULNERABILITIES (CVE-2015-1788)

A fix is available

DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • GSKit V8 is impacted by the OpenSSL security vulnerability
(CVE-2015-1788)

Customers that have Secure Sockets Layer (SSL) support enabled
in
their DB2 database system are affected. SSL support is not
enabled in DB2 by default.

No workaround is available. DB2 needs to pick up new version of
GSKit V8.0.50.47 to resolve this vulnerability.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All DB2 systems on all Linux, Unix and Windows platforms at  *
* service levels Version 10.1 GA  through to Version 10.1 Fix  *
* Pack 5.                                                      *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See Error Description                                        *
****************************************************************
* RECOMMENDATION:                                              *
* Upgrade to DB2 Version 10.1 Fix Pack 6.                      *
* Refer to security bulletin for remediation::                 *
* http://www-01.ibm.com/support/docview.wss?uid=swg21964766    *
****************************************************************

    



Problem conclusion


    

  • The complete fix for this problem first appears in DB2 Version
10.1 Fix Pack 6 and all the subsequent Fix Packs.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT09899
    • 

  • Reported component name
    DB2 FOR LUW
    • 

  • Reported component ID
    DB2FORLUW
    • 

  • Reported release
    A10
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2015-07-07
    • 

  • Closed date
    2017-02-28
    • 

  • Last modified date
    2017-02-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IT09897
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DB2 FOR LUW
    • 

  • Fixed component ID
    DB2FORLUW
    • 



Applicable component levels


    

  • RA10  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            28 February 2017
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback