IBM Support

IT09899: SECURITY: GSKIT IS AFFECTED BY SECURITY VULNERABILITIES (CVE-2015-1788)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • GSKit V8 is impacted by the OpenSSL security vulnerability
    (CVE-2015-1788)
    
    Customers that have Secure Sockets Layer (SSL) support enabled
    in
    their DB2 database system are affected. SSL support is not
    enabled in DB2 by default.
    
    No workaround is available. DB2 needs to pick up new version of
    GSKit V8.0.50.47 to resolve this vulnerability.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All DB2 systems on all Linux, Unix and Windows platforms at  *
    * service levels Version 10.1 GA  through to Version 10.1 Fix  *
    * Pack 5.                                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to DB2 Version 10.1 Fix Pack 6.                      *
    * Refer to security bulletin for remediation::                 *
    * http://www-01.ibm.com/support/docview.wss?uid=swg21964766    *
    ****************************************************************
    

Problem conclusion

  • The complete fix for this problem first appears in DB2 Version
    10.1 Fix Pack 6 and all the subsequent Fix Packs.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT09899

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    A10

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-07-07

  • Closed date

    2017-02-28

  • Last modified date

    2017-02-28

  • APAR is sysrouted FROM one or more of the following:

    IT09897

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

  • RA10 PSN

       UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
28 February 2017