Release Notes
Abstract
This technical note provides guidance for installing IBM Security Guardium Data Protection patch 11.0p6406, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-11.0p6406.tgz.enc.sig
- MD5 checksum: d0d93bd30ba90fc160070a99cf962b40
Finding the patch
Make the following selections to locate this patch for downlaod on the IBM Fix Central website:
Make the following selections to locate this patch for downlaod on the IBM Fix Central website:
- Product selector: IBM Security Guardium
- Installed version: 11.0
- Platform: All
- Click "Continue," select "Browse for fixes," and click "Continue" again.
- Select "Appliance patch (GPU and ad hoc)" and enter the patch information in the "Filter fix details" field to locate the patch
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Prerequisites
- Guardium 11.0p490
Installation
Notes:
- This patch is a designated security patch.
- This patch restarts the Guardium system.
- Do not reboot the appliance while the patch install is in progress. Contact Guardium support if there is an issue with patch installation.
Overiew:
- Download the patch and extract the compressed package outside the Guardium system.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Apply the latest health check patch.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
Security fixes
This patch contains the following security fixes:
| Issue key | Summary | CVEs |
|---|---|---|
| GRD-79822 | PSIRT: PVR0489259 - IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850 | CVE-2023-33850 |
| GRD-79284 | PSIRT: PVR0466432 - [All] kernel - CVE-2023-42753 (Publicly disclosed vulnerability) | CVE-2023-42753 |
| GRD-79177 | Unable to Import Bundle STAP via Grdapi | -- |
| GRD-78874 | PSIRT: PVR0482970, PVR0470863, PVR0470250 - Multiple RPM updates needed for vulnerable components - 11.x and 12.0 | CVE-2023-6377, CVE-2023-5367, CVE-2023-6478, CVE-2022-3550, CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, CVE-2023-0494, CVE-2023-1393, CVE-2023-46847, CVE-2020-22218, CVE-2023-34058, CVE-2023-34059, CVE-2023-3611, CVE-2023-3776, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-5178, CVE-2023-45871 |
| GRD-78332 | Multiple Stored Cross-Site Scripting bugs | -- |
| GRD-76924 | PSIRT: PVR0474270 - SE - Pen Testing On-prem - October, 2023 - Multiple Cross Site scripting issues | CVE-2023-47710 |
| GRD-76560 | PSIRT: PVR0424448 - RHEL7 OS component upgrades needed - March Sec Patch | CVE-2020-22218 |
| GRD-76398 | Upgrade of BigFix client needed for appliances | CVE-2022-22576, CVE-2022-27544, CVE-2022-27545, CVE-2022-27775, CVE-2022-27776 |
| GRD-76178 | PSIRT: PVR0469527 - http2-hpack-9.4.44.v20210927.jar and jetty-http-9.4.10.v20180503.jar (Publicly disclosed vulnerability found by Mend) - Kafka | CVE-2023-36478 |
Known limitations
This patch contains the following known limitations:
| Issue key | Summary |
| GRD-82206 |
Universal connector configuration created on AWS env will not work with role_arn field
Workaround: use access key and token while creating a UC configuration.
|
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
17 July 2024
UID
ibm17148451