This document contains a list of fixes for Security and HIPER APARs in DB2 Version 10.1.
IBM® recommends that you review the APAR descriptions and deploy one of the above fix packs to correct them on your affected DB2 installations.
A set of security vulnerabilities was discovered in some DB2 database products. These vulnerabilities were analyzed by the DB2 development organization and a set of corresponding fixes was created to address the reported issues. IBM is not currently aware of any externally reported incidents where production DB2 installations have been compromised due to these issues.
The affected DB2 UDB for Linux, UNIX, and Windows products are:
DB2 Enterprise Server Edition
DB2 Workgroup Server (all Editions)
DB2 Express Server (all Editions)
DB2 Personal Edition
DB2 Connect Server (all Editions)
DB2 Client component and DB2 products or components other than those listed above are not affected.
Due to the complexity of the fixes required to eliminate the reported service issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 10.1 fix packs.
|DB2 Version 10.1 Fix Pack 2|
|IC86783||SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN SQL/PERSISTENT STORED MODULES DEBUGGING INFRASTRUCTURE (CVE-2012-4826).|
|IC85608||XQUERY MIGHT RETURN INCORRECT RESULTS WHEN BOTH 'AND' AND 'OR' PREDICATES EXIST AND ALL PREDICATES CAN BE APPLIED TO XML INDEXES|
|IC87500||ROWS MIGHT BE INSERTED INTO WRONG MDC TABLE CELL AFTER PREVIOUS INSERTS IN SAME TRANSACTION ENCOUNTER TABLESPACE FULL|
|Special Attention APARs|
|IC85425||QUERY WITH A UNION AND TWO CORRELATED BRANCHES MIGHT RETURN INCORRECT RESULTS IN PARTITIONED DATABASE ENVIRONMENTS|
|IC85841||BATCH INSERTS CAUSING DUPLICATE ROWS WHEN USING NULLIDRA (REOPT=ALWAYS) VS. NULLIDR1 (REOPT=ONCE)|
|IC86029||CREATING A UNIQUE GLOBAL INDEX ON A TABLE WITH DETACHED PARTITION AND DEPENDANT MQT MIGHT LEAD TO INCORRECT RESULT AFTER REFRESH|
|DB2 Version 10.1 Fix Pack 1|
|IC84716||SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY (CVE-2012-2194).|
|IC84751||SECURITY: GET_WRAP_CFG_C AND GET_WRAP_CFG_C2 ALLOWS UNAUTHORIZED ACCESS XML FILES (CVE-2012-2196).|
|IC84755||SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN JAVA STORED PROCEDURE INFRASTRUCTURE (CVE-2012-2197).|
|IC85513||SECURITY: UTL_FILE could allow unauthorized access to files (CVE-2012-3324).|
|IC83823||WITH REOPT ENABLED, STATEMENTS CONTAINING ARRAY OR ROW VARIABLES MIGHT PRODUCE INCORRECT OUTPUT|
|Special Attention APARs|
|IC83469||INCORRECT RESULTS AFTER LOAD INTO TABLE WITH CONSTRAINTS FOLLOWED BY ATTACH OR DETACH|
|IC84856||INDEX CORRUPTION MAY BE INTRODUCED DURING A DATABASE UPGRADE FROM DB2 VERSION 9.5 TO DB2 VERSION 10.1|
|IC84899||DATABASE OPERATIONS MIGHT FAIL WITH "KEY DATA MISMATCH" ERRORS, OR ROWS THAT EXIST IN THE DATABASE CANNOT BE FOUND|
|IC85221||SQL WITH NESTED MATH OPERATIONS ON COLUMNS THAT ARE DEFINED WITH NOT NULL AND USING FUNCTIONS MAY RETURNED DIFFERENT RESULTS.|
DB2 fix packs for all supported versions can be downloaded at the following site: http://www.ibm.com/support/docview.wss?uid=swg27007053
The DB2 team will continue to have a strong focus on delivering timely fixes for newly discovered issues along with information that helps our customers to decide on an appropriate course of action. The DB2 team regrets the inconvenience that these issues are causing to you, our customers. We believe that our actions are the most prudent steps to address your concerns and remain open to suggestions on how to further improve our processes.
Sign-up to receive e-mail notification of changes to this document.
Sign in to My Notifications
2. select Subscribe tab
3. select " Information Management" from the Software column
4. select the check box for " DB2 for Linux, UNIX and Windows"
click the Continue button.
5. select the check box for " Flashes" and all other document types
click the Submit button.
|Information Management||DB2 Connect||10.1|
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.