Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection patch 11.0p493, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-11.0p493_Bundle_Dec_11_2024.tgz.enc.sig
- MD5 checksum: 1c0b9e58379595685308d5726c6bca8d
Finding the patch
Make the following selections to locate this patch for download on the IBM Fix Central website:
- Product selector: IBM Security Guardium
- Installed Version: 11.0
- Platform: All
Click Continue.
On the "Identify fixes" page, select Browse for fixes and click Continue .
On the "Select fixes" page, select Appliance patch (GPU and ad hoc). Then, enter the patch information in the Filter fix details field to locate the patch.
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Prerequisites
- Guardium 11.0p400 (see the 11.0p400 release notes for more information)
- The latest health check patch 11.0p9997
Installation
Notes:
- This patch is an appliance bundle that includes fixes for Guardium 11.4.
- This patch is cumulative and includes all the fixes from previously released patches.
- This patch restarts the Guardium system.
- Do not reboot the appliance while the patch install is in progress. Contact IBM Support if there is an issue with patch installation.
Overview:
- Download the patch and extract the compressed package outside the Guardium system.
- Be sure to check the latest version of these patch release notes online just before you install this patch.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Apply the latest health check patch.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
- Apply the latest quarterly DPS patch and rapid response DPS patch even if these patches were applied before the upgrade.
For information about installing Guardium Data Protection patches, see How to install patches in the product documentation.
Attention
Guardium patch signing certificate expires on 29 March 2025
The current patch signing certificate for Guardium appliance patches will expire on 29 March 2025. Guardium appliance patches are signed by an internal certificate to validate that the patch is created by Guardium. Unsigned patch files cannot be installed.
For Guardium 11.4 systems, appliance bundle patch 11.0p492 or later provides an updated certificate. For more information, see IBM Guardium - Patch signing certificate set to expire in March 2025.
SHA256 GIM client certificates
After applying patch 11.0p475 or later, Guardium supports SHA256 Guardium Installation Manager (GIM) certificates. This has the following implications:
After applying patch 11.0p475 or later, Guardium supports SHA256 Guardium Installation Manager (GIM) certificates. This has the following implications:
- The default certificates could be either SHA256 or SHA128, depending on the GIM server certificate setup. Custom certificates that use SHA256 are more secure and are recommended for GIM connections.
- GIM only verifies bundles signed with SHA256 and requires installation of a transitional GIM bundle to support the GIM client upgrade from SHA128 to SHA256.
For more information, see Updating Guardium Data Protection GIM clients with SHA256 certificates.
Microsoft certificates expired on 20 May 2024
Microsoft certificates (microsoftca1-4) expired on 20 May 2024. The following Guardium patches provide updated certificates:
Microsoft certificates (microsoftca1-4) expired on 20 May 2024. The following Guardium patches provide updated certificates:
- 11.3 systems use patch 11.0p392 or later
- 11.4 systems use patch 11.0p485 or later
- 11.5 systems use patch 11.0p535 or later
- 12.0 systems use patch 12.0p5 or later
Install the correct patch for your Guardium system to use the updated certificates. For more information, see https://www.ibm.com/support/pages/node/7080145
Enhancements
This patch includes the following enhancements.
| Issue key | Summary |
|---|---|
|
GRD-79058
|
Universal Connector support is required for OCI - Autonomous Databases
|
|
GRD-88790
|
Teradata gdmmonitor clarification for Guardium 11.4 and later
|
Resolved issues
This patch resolves the following issues.
| Patch | Issue key | Summary | APAR |
|---|---|---|---|
| 11.0p492 | See the 11.0p492 release notes for more information | ||
|
11.0p493
|
GRD-87503
|
Guardium unable to connect with Oracle databases; getting Java Array error - VA
|
DT418630
|
|
GRD-87931
|
GRD - cannot overwrite SNMP contact information
|
DT397399
|
|
|
GRD-89881
|
Guardium FAM policy add another action cannot be saved
|
DT419254
|
Security fixes
This patch contains the following security fixes.
| Patch | Issue key | Summary | CVE |
|---|---|---|---|
|
11.0p492
|
See the 11.0p492 release notes for more information
|
||
|
11.0p493
|
GRD-90223
|
RHEL7 - Red Hat update for linux-firmware (RHSA-2023:7513 RHSA-2024:0753)
|
CVE-2022-27635
CVE-2022-36351
CVE-2022-38076
CVE-2022-40964
CVE-2022-46329
CVE-2023-20569
CVE-2023-20592
CVE-2023-20593
|
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.4.0"}]
Was this topic helpful?
Document Information
Modified date:
07 January 2025
UID
ibm17180209