Release Notes
Abstract
This technical note provides guidance for installing IBM Security Guardium Data Protection patch 12.0p6006, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-12.0p6006.tgz.enc.sig
- MD5 checksum: 56962b38a4b21bc353bbd79b5f3e6c63
Finding the patch
Make the following selections to locate this patch for download on the IBM Fix Central website:
Make the following selections to locate this patch for download on the IBM Fix Central website:
- Product selector: IBM Security Guardium
- Installed version: 12.0
- Platform: All
- Click "Continue," select "Browse for fixes," and click "Continue" again.
- Select "Appliance patch (GPU and ad hoc)" and enter the patch information in the "Filter fix details" field to locate the patch
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Prerequisites
Guardium Data Protection patch 12.0p15
Installation
Notes:
- This patch is a designated security patch.
- This patch restarts the Guardium system.
- Do not reboot the appliance while the patch install is in progress. Contact Guardium support if there is an issue with patch installation.
Overview:
- Download the patch and extract the compressed package outside the Guardium system.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Apply the latest health check patch.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
Security fixes
This patch contains the following security fixes:
| Issue key | Summary | CVEs |
|---|---|---|
| GRD-76178 | PSIRT: PVR0469527 - http2-hpack-9.4.44.v20210927.jar and jetty-http-9.4.10.v20180503.jar (Publicly disclosed vulnerability found by Mend) - Kafka | CVE-2023-36478 |
| GRD-79284 | PSIRT: PVR0466432 - [All] kernel - CVE-2023-42753 (Publicly disclosed vulnerability) | CVE-2023-42753 |
| GRD-79308 | PSIRT: PVR0484990,PVR0476693,PVR0484985 -- Gnu GnuTLS upgrade required |
CVE-2023-5981
CVE-2024-0553
CVE-2024-0567 |
| GRD-79312 | PSIRT: PVR0468086, PVR0472300,PVR0480239, PVR0473509-- kernel upgrade required |
CVE-2023-1192
CVE-2023-5345
CVE-2023-5633 CVE-2023-6679 |
| GRD-79822 | PSIRT: PVR0489259 - IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850 | CVE-2023-33850 |
| GRD-80557 | PSIRT: PVR0489878 [All] PostgreSQL - CVE-2024-0985 (Publicly disclosed vulnerability) | CVE-2024-0985 |
| GRD-80574 | PSIRT: PVR0473043 [All] kernel - CVE-2023-46813 (Publicly disclosed vulnerability) | CVE-2023-46813 |
| GRD-80583 | PSIRT: PVR0481124 [All] OpenSSH - CVE-2023-51385 (Publicly disclosed vulnerability) | CVE-2023-51385 |
| GRD-80585 | PSIRT: PVR0480846 [All] OpenSSH - CVE-2023-48795 (Publicly disclosed vulnerability) | CVE-2023-48795 |
| GRD-80922 | PSIRT: PVR0487149 - Multiple OS components need updates - V12 only - RHEL9 |
CVE-2020-12762
CVE-2022-4904 CVE-2022-44638
CVE-2023-3341 CVE-2023-5363
CVE-2023-5824 CVE-2023-6817
CVE-2023-7104 CVE-2023-25173
CVE-2023-27522 CVE-2023-27533 CVE-2023-27534 CVE-2023-29499 CVE-2023-33204 CVE-2023-37369 CVE-2023-39975 CVE-2023-43804 CVE-2023-46724 CVE-2023-46728 CVE-2023-46847 CVE-2023-46848 CVE-2023-49285 CVE-2023-49286 CVE-2023-50269 CVE-2024-0553
CVE-2024-0567 CVE-2024-0646 CVE-2024-25617 |
| GRD-81735 | Multiple OS components need updates - V12 only - RHEL9 |
CVE-2023-3138
CVE-2023-3972
CVE-2023-29491
CVE-2023-31484
CVE-2023-31486
|
| GRD-81736 | OS component needs update - Snappy jar file CVE-2023-43642 | CVE-2023-43642 |
Known limitations
This patch contains the following known limitations:
| Issue key | Summary |
|---|---|
| GRD-83343 | Universal Connector is automatically enabled if this patch is applied after Guardium Data Protection patch 12.0p15 and Universal Connector was previously configured and disabled. To disable Universal Connector, go to Setup > Tools and Views > Configure Universal Connector and click Disable. |
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
24 June 2024
UID
ibm17155153