Release Notes
Abstract
This document lists the updates that have been done and are available for IBM Guardium Database Protection Service (DPS). Rapid Response DPS supports the maintenance of common vulnerabilities and exposures (CVE). Uploads are used to keep information current and within industry best practices to protect against newly discovered vulnerabilities. Distribution of updates is done whenever a CVE is published with a score of 7.0 or greater.
Content
This Rapid Response DPS depends on the Quarterly DPS 2025 Q1 (see release note).
Rapid Response DPS is available only to customers with IBM Guardium Data Protection version 12.x and 11.x. Rapid Response DPS is cumulative, just like the Quarterly DPS. To stay current, you must upload the latest Quarterly DPS and the latest Rapid Response DPS.
To have the DPS process automatically update your security assessments with future CVE or authorized program analysis report (APAR) tests, modify your security assessment and check the box after "Automatically add all future CVE or APAR tests after DPS uploaded".
Note: If you plan to apply any patch, ad hoc, upgrade, or bundle after you apply a Rapid Response DPS, you must apply the latest Rapid Response DPS file since the last Quarterly DPS, up until the next Quarterly DPS (which is cumulative and will contain all previous Rapid Response DPS data).
DPS files
| Version | Filename and MD5SUM |
|---|---|
| 12.x |
Filename: Guardium_V12_Rapid_Response_DPS_For_2025_Q1_20250221.enc
MD5SUM: be1d331f2cdb20a0a7a5daaf5e4a96d6
|
| 11.x |
Filename: Guardium_V11_Rapid_Response_DPS_For_2025_Q1_20250221.enc
MD5SUM: 0fadc767358108b106827166a36e46e8 |
New tests for 21 February 2025 Rapid Response DPS
| Version | Test name | Test ID | Description | Database type |
|---|---|---|---|---|
| 12.x, 11.x |
CVE-2024-10979
|
9780
|
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (for example, PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
|
POSTGRESQL
|
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000cvkbAAA","label":"DPS"},{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
21 February 2025
UID
ibm17183628