Release Notes
Abstract
This technical note provides guidance for installing IBM Security Guardium Data Protection patch 12.0p6007, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-12.0p6007.tgz.enc.sig
- MD5 checksum: 4dd1724290ba9fcf6f8be62d0dbf0e79
Finding the patch
Make the following selections to locate this patch for download on the IBM Fix Central website:
Make the following selections to locate this patch for download on the IBM Fix Central website:
- Product selector: IBM Security Guardium
- Installed version: 12.0
- Platform: All
- Click "Continue," select "Browse for fixes," and click "Continue" again.
- Select "Appliance patch (GPU and ad hoc)" and enter the patch information in the "Filter fix details" field to locate the patch
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Prerequisites
Guardium Data Protection patch 12.0p15
Installation
Notes:
- This patch is a designated security patch.
- This patch restarts the Guardium system.
- Do not reboot the appliance while the patch install is in progress. Contact Guardium support if there is an issue with patch installation.
Overview:
- Download the patch and extract the compressed package outside the Guardium system.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Apply the latest health check patch.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
Security fixes
This patch contains the following security fixes:
| Issue key | Summary | CVEs |
|---|---|---|
| GRD-82307 | PSIRT: PVR0507058 zlib-v1.2.12 (Publicly disclosed vulnerability found by Mend) - v12 only | CVE-2022-37434 |
| GRD-81273 | PSIRT: PVR0492315 - postgresql-42.0.0.jar (Publicly disclosed vulnerability found by Mend) - CVE-2024-1597 | CVE-2024-1597 |
| GRD-76171 | PSIRT: PVR0470135, PVR0470160, PVR0470184 - multiple vulnerabilities in Tomcat | CVE-2023-45648, CVE-2023-42795, CVE-2023-42794 |
| GRD-80585 | PSIRT: PVR0480846 [All] OpenSSH - CVE-2023-48795 (Publicly disclosed vulnerability) | CVE-2023-48795 |
| GRD-80583 | PSIRT: PVR0481124 [All] OpenSSH - CVE-2023-51385 (Publicly disclosed vulnerability) | CVE-2023-51385 |
| GRD-80574 | PSIRT: PVR0473043 [All] kernel - CVE-2023-46813 (Publicly disclosed vulnerability) | CVE-2023-46813 |
Known limitations
This patch contains the following known limitations:
| Issue key | Summary |
|---|---|
| GRD-83343 | Universal Connector is automatically enabled if this patch is applied after Guardium Data Protection patch 12.0p15 and Universal Connector was previously configured and disabled. To disable Universal Connector, go to Setup > Tools and Views > Configure Universal Connector and click Disable. |
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
15 July 2024
UID
ibm17159950