Release Notes
Abstract
This document lists the updates that have been done and are available for IBM Security Guardium Database Protection Service (DPS). Rapid Response DPS supports the maintenance of common vulnerabilities and exposures (CVE). Uploads are used to keep information current and within industry best practices to protect against newly discovered vulnerabilities. Distribution of updates is done whenever a CVE is published with a score of 7.0 or greater.
Content
This Rapid Response DPS depends on the Quarterly DPS 2024 Q3 (see release notes).
Rapid Response DPS is available only to customers with IBM Security Guardium Data Protection version 12.x and 11.x. Rapid Response DPS is cumulative, just like the Quarterly DPS. To stay current, you must upload the latest Quarterly DPS and the latest Rapid Response DPS.
To have the DPS process automatically update your security assessments with future CVE or authorized program analysis report (APAR) tests, modify your security assessment and check the box after "Automatically add all future CVE or APAR tests after DPS uploaded".
Note: If you plan to apply any patch, ad hoc, upgrade, or bundle after you apply a Rapid Response DPS, you must apply all Rapid Response DPS files since the last Quarterly DPS, up until the next Quarterly DPS (which is cumulative and will contain all previous Rapid Response DPS data).
DPS files
| Version | Filename and MD5SUM |
|---|---|
| 12.x |
Filename: Guardium_V12_Rapid_Response_DPS_For_2024_Q3_20240822.enc
MD5SUM: 9b5c1ac3f9c153f3c745acb8106c412c
|
| 11.x |
Filename: Guardium_V11_Rapid_Response_DPS_For_2024_Q3_20240822.enc
MD5SUM: 5cba2019c9210a8638edf4d0af49c308 |
New test for 22 August 2024 Rapid Response DPS
| Version | Test name | Test ID | Description | Database type |
|---|---|---|---|---|
| 12.x, 11.x | CVE-2024-7348 | 9708 |
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user is running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
|
POSTGRESQL |
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
22 August 2024
UID
ibm17165911