Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection patch 12.0p105, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-12.0p105_Bundle_Jan_13_2025.tgz.enc.sig
- MD5 checksum: 8d87277134d1403e15ff98e9033c04f1
Finding the patch
- Select the following options to download this patch on the IBM Fix Central website and click Continue.
- Product selector: IBM Security Guardium
- Installed Version: 12.0
- Platform: All
- On the "Identify fixes" page, select Browse for fixes and click Continue.
- On the "Select fixes" page, select Appliance patch (GPU and Ad-Hoc). Then, enter the patch information in the Filter fix details field to locate the patch.
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Prerequisites
- Guardium Data Protection 12.1 (see release note)
- The latest Guardium Data Protection health check patch 12.0p9997
Installation
Notes:
- This patch is an appliance bundle that includes fixes for 12.1.
- This patch restarts the Guardium system.
- Do not reboot the appliance while the patch install is in progress. Contact IBM Support if there is an issue with patch installation.
- When changing the password of CLI and guardcli users in the Guardium command line interface, a password strength warning appears even when strong passwords are not enabled. To remove the strong password checks, execute the CLI command store user strong_password disable.
Overview:
- Download the patch and extract the compressed package outside the Guardium system.
- Review the latest version of the patch release notes just before you install the patch.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Apply the latest health check patch.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
- Apply the latest quarterly DPS patch and rapid response DPS patch even if these patches were applied before the upgrade.
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
Attention
Renewed Guardium patch signing certificate
Guardium appliance patches are signed by an internal certificate to validate that the patch is created by Guardium. Unsigned patch files cannot be installed. This patch is signed by a new patch signing certificate. Therefore, to install this patch, the patch signing certificate on your Guardium appliance must first be updated by installing ad hoc patch 12.0p1012 (see release note) or an appropriate appliance bundle listed in the IBM Guardium - Patch signing certificate set to expire in March 2025 support document.
Guardium appliance patches are signed by an internal certificate to validate that the patch is created by Guardium. Unsigned patch files cannot be installed. This patch is signed by a new patch signing certificate. Therefore, to install this patch, the patch signing certificate on your Guardium appliance must first be updated by installing ad hoc patch 12.0p1012 (see release note) or an appropriate appliance bundle listed in the IBM Guardium - Patch signing certificate set to expire in March 2025 support document.
Special Guardium Database Protection Service file (for Guardium Vulnerability Assessment only)
The Guardium Database Protection Service (DPS) file named Guardium_V12_Quarterly_DPS_2024_Q4_20241216.enc (MD5SUM: ec3bb26b8fb82755a7e1a189d355b037) must be applied after you install patch 12.0p105.
IBM Db2 for z/OS JDBC driver update
In 12.0p105, the IBM Db2 for z/OS JDBC driver in Guardium Vulnerability Assessment is updated to support IBM Db2 13 for z/OS, which enables TLS 1.3 and other advantages. You might need to update your IBM Db2 JDBC license. If so, test your connection in a staging environment and contact the IBM Db2 Support team if licensing issues arise. For assistance, open a case at ibm.com/mysupport.
In 12.0p105, the IBM Db2 for z/OS JDBC driver in Guardium Vulnerability Assessment is updated to support IBM Db2 13 for z/OS, which enables TLS 1.3 and other advantages. You might need to update your IBM Db2 JDBC license. If so, test your connection in a staging environment and contact the IBM Db2 Support team if licensing issues arise. For assistance, open a case at ibm.com/mysupport.
Enhancements
This patch includes the following enhancements:
| Issue key | Summary |
|---|---|
| GRD-60350 |
Vulnerability Assessment support for YugabyteDB 2.21 (Amazon EC2)
|
| GRD-74368 |
Vulnerability Assessment support for Center for Internet Security (CIS) Benchmark for IBM Db2 13 for z/OS
|
| GRD-86443 | Added Milvus as new database type in GUI Policy Builder for Data |
| GRD-86447 | Added Milvus database support in S-TAP Control Inspection Engine to perform create, read, update, and delete (CRUD) operations |
| GRD-87072 |
Enhanced the enterprise load balancer interface to include the LOAD_SAMPLING_METHOD configuration parameter, which controls the average and maximum sniffer load during the sampling period.
|
| GRD-87154 |
Vulnerability Assessment support for IBM Db2 13 for z/OS
|
| GRD-87163 |
Vulnerability Assessment support for Neo4j 5.24
|
|
GRD-87270
GRD-90990
|
Support added for Oracle Unified Audit universal connector over JDBC Connect. For more information, see the product documentation.
|
| GRD-88128 | CVE test support for MongoDB on Windows |
| GRD-90927 | Removed the schema property from the Kafka-Connect configuration and updated Oracle Unified Audit universal connector plug-in to support schema-less events |
Resolved issues
This patch resolves the following issues:
| Issue key | Summary | APAR |
|---|---|---|
| GRD-78855 |
Backup restore didn't restore the SAML and CyberArk configuration from 11.5 to 12
|
DT276401 |
| GRD-85175 |
Initial start updated from the central manager is not updating all the managed units correctly
|
DT396812 |
| GRD-89032 | Error when selecting the "What's new" or Help buttons on the GUI | DT416932 |
| GRD-82250 |
Guardium cannot classify tables with function-based index on Sybase database [Error Code: 11738]
|
DT396797 |
| GRD-83569 | Data in RESULT_DETAIL column of table TEST_RESULT_DETAIL is truncated | DT409139 |
| GRD-88193 | Syslog (messages) backup files created and not purged from version 12 appliances | DT409035 |
| GRD-89105 | syslog daemon service (rsyslogd) keeps crashing and stops logging to the messages syslog file | DT409033 |
| GRD-89659 |
Guardium Vulnerability Assessment Test ID 141 - No Guest User Accounts error on Microsoft SQL Server
|
DT419987 |
| GRD-91084 | systemstats_linux: unexpected header length in /proc/net/snmp | DT421432 |
Security fixes
This patch resolves the following issues:
| Issue key | Summary | CVE |
|---|---|---|
| GRD-80557 | PSIRT: PVR0489878 [All] PostgreSQL - CVE-2024-0985 (Publicly disclosed vulnerability) | CVE-2024-0985 |
| GRD-84216 | PSIRT: PVR0523551 - OpenSSH vulnerability CVE-2024-6387 | CVE-2024-6387 |
| GRD-86728 | expat-2.5.0-1.el9_2.1.x86_64.rpm - RHEL9 CVE for 12.0 | CVE-2023-52425 |
| GRD-86736 | git - RHEL 9 CVEs for 12.0 |
CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465
|
| GRD-86741 | less rpm - RHEL 9 CVEs for 12.x |
CVE-2022-48624, CVE-2024-32487
|
| GRD-86746 | pcp - RHEL 9 CVEs for 12.0 |
CVE-2023-6917, CVE-2024-3019
|
| GRD-86748 | openssh rpm - RHEL 9 CVEs for 12.0 |
CVE-2023-48795, CVE-2023-51385, CVE-2024-6409
|
| GRD-86752 | sssd/libipa rpm - RHEL 9 CVEs for 12.0 | CVE-2023-3758 |
| GRD-86754 | httpd rpm - RHEL 9 CVEs for 12.0 and 12.1 |
CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573
|
| GRD-86758 | squashhfs-tools rpm - RHEL 9 CVEs for 12.0 |
CVE-2021-40153, CVE-2021-41072
|
| GRD-86763 | libx11 rpm - RHEL 9 CVEs for 12.0 |
CVE-2023-43785, CVE-2023-43786, CVE-2023-43787
|
| GRD-86774 |
buildah, podman, skopeo, runc rpms - RHEL 9 CVEs for 12.0
|
CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39321, CVE-2023-39322, CVE-2023-39326, CVE-2023-45287, CVE-2023-45290, CVE-2023-48795, CVE-2024-1394, CVE-2024-1753, CVE-2024-24786, CVE-2024-28176, CVE-2024-28180
|
| GRD-86777 | python3 rpm - RHEL 9 CVEs for 12.0 |
CVE-2007-4559, CVE-2023-6597, CVE-2024-0450, CVE-2024-3651
|
| GRD-86778 | squid rpm - RHEL 9 CVEs for 12.0 |
CVE-2024-23638, CVE-2024-37894
|
| GRD-86779 | libuv rpm - RHEL 9 CVEs for 12.0 |
CVE-2024-24806
|
| GRD-86780 | cockpit rpm - RHEL 9 CVEs for 12.0 |
CVE-2024-2947
|
| GRD-86781 | gdk-pixbuf2 rpm - RHEL 9 CVEs for 12.0 | CVE-2022-48622 |
| GRD-86783 | systemd rpm - RHEL 9 CVEs for 12.0 | CVE-2023-7008 |
| GRD-86785 | apr rpm - RHEL 9 CVEs for 12.0 | CVE-2022-24963 |
| GRD-87382 | PSIRT: PVR0523390 krb5 - CVE-2024-37370, CVE-2024-37371 - 12.0 and 12.1 |
CVE-2024-37370
|
| GRD-87435 | PSIRT: PVR0528822 [All] Oracle MySQL - July 2024 - CPU - 12.1 |
CVE-2024-20996, CVE-2024-21125, CVE-2024-21127, CVE-2024-21129, CVE-2024-21130, CVE-2024-21134, CVE-2024-21135, CVE-2024-21137, CVE-2024-21142, CVE-2024-21157, CVE-2024-21159, CVE-2024-21160, CVE-2024-21162, CVE-2024-21163, CVE-2024-21165, CVE-2024-21166, CVE-2024-21170, CVE-2024-21171, CVE-2024-21173, CVE-2024-21176, CVE-2024-21177, CVE-2024-21179, CVE-2024-21185
|
| GRD-88395 | PSIRT: PVR0546593, PVR0533719, PVR0546701 - multiple spring vulnerabilities |
CVE-2024-38808, CVE-2024-38809, CVE-2024-38816
|
| GRD-88399 | PSIRT: PVR0541067 - OpenSSL (Publicly disclosed vulnerability) | CVE-2024-6119 |
| GRD-88409 | PSIRT: PVR0544554, PVR0536941, PVR0536210, PVR0539466, PVR0539642 - RHEL9 Kernel |
CVE-2023-52817, CVE-2024-26662, CVE-2024-26663, CVE-2024-26668, CVE-2024-26700, CVE-2024-26707, CVE-2024-26940, CVE-2024-26958, CVE-2024-26961, CVE-2024-26962, CVE-2024-27010, CVE-2024-27011, CVE-2024-27019, CVE-2024-27020, CVE-2024-27025, CVE-2024-35947, CVE-2024-36010, CVE-2024-36016, CVE-2024-36017, CVE-2024-36020, CVE-2024-36025, CVE-2024-36270, CVE-2024-36489, CVE-2024-36896, CVE-2024-36904, CVE-2024-36905, CVE-2024-36917, CVE-2024-36921, CVE-2024-36927, CVE-2024-36929, CVE-2024-36933, CVE-2024-36940, CVE-2024-36941, CVE-2024-36945, CVE-2024-36960, CVE-2024-36971, CVE-2024-36978, CVE-2024-36979, CVE-2024-38538, CVE-2024-38555, CVE-2024-38573, CVE-2024-38575, CVE-2024-38596, CVE-2024-38598, CVE-2024-38615, CVE-2024-38627, CVE-2024-39276, CVE-2024-39472, CVE-2024-39476, CVE-2024-39487, CVE-2024-39502, CVE-2024-40927, CVE-2024-41042, CVE-2024-41071, CVE-2024-41096, CVE-2024-42238, CVE-2024-42244, CVE-2024-42258 |
| GRD-88539 | Multiple CVEs to be committed into 12.1 | CVE-2023-31122, CVE-2024-1975, CVE-2024-2398, CVE-2024-25062, CVE-2024-25062 |
| GRD-88542 | CVE-2023-43804 python3-urllib3 | CVE-2023-43804 |
| GRD-88558 | CVE-2024-34156 | CVE-2024-34156 |
Known limitations
This patch contains the following known limitations:
| Issue key | Summary |
|---|---|
|
GRD-92053
|
Oracle Unified Audit universal connector (UC) plug-in stops working after the database is rebooted.
Workaround:
|
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000cvkbAAA","label":"DPS"},{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"},{"code":"a8m0z000000Gp0RAAS","label":"VULNERABILITY ASSESSMENT"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.1.0"}]
Was this topic helpful?
Document Information
Modified date:
24 April 2025
UID
ibm17180643