IBM Support

Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for Linux, UNIX, and Windows Version 9.5

Flashes (Alerts)


Abstract

This document contains a list of fixes for Security and HIPER APARs in DB2 Version 9.5

IBM® recommends that you review the APAR descriptions and deploy one of the above fix packs to correct them on your affected DB2 installations.

Content

A set of HIPER APARs were discovered in some DB2 database products. These APARs were analysed by the DB2 development organization and a set of corresponding fixes was created to address the reported issues. IBM is not currently aware of any externally reported incidents where production DB2 installations have been compromised due to these issues.

The affected DB2 UDB for Linux, UNIX, and Windows products are:

  • DB2 Enterprise Server Edition
  • DB2 Workgroup Server (all Editions)
  • DB2 Express Server (all Editions)
  • DB2 Personal Edition
  • DB2 Connect Server (all Editions)

DB2 Client component and DB2 products or components other than those listed above are not affected.

Due to the complexity of the fixes required to eliminate the reported service issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 9.5 fix packs.

Select a Fix Pack: 10 | 9 | 8 | 7 | 6a | 5 | 4a | 4 | 3a | 3 | 2 | 1

DB2 Version 9.5 Fix Pack 10
Security APARs
IC84752 SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN JAVA STORED PROCEDURE INFRASTRUCTURE (CVE-2012-2197).
IC84712 SECURITY: GET_WRAP_CFG_C AND GET_WRAP_CFG_C2 ALLOWS UNAUTHORIZED ACCESS XML FILES (CVE-2012-2196).
IC84711 SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY (CVE-2012-2194).
IC81461 SECURITY: UNAUTHORIZED ACCESS TO XML FILES IN DB2'S XML FEATURE (CVE-2012-0713).
HIPER APARs
IC83977 WITH REOPT ENABLED, STATEMENTS CONTAINING ARRAY VARIABLES MIGHT PRODUCE INCORRECT OUTPUT
Special Attention APARs
IC81653 DB2START FAILS WITH SQL10003 ON SOLARIS 10, SPARC T4 PROCESSOR WITH 2GB PAGE SIZE SUPPORT
IC84690 QUERY WITH A UNION AND TWO CORRELATED BRANCHES MIGHT RETURN INCORRECT RESULTS IN PARTITIONED DATABASE ENVIRONMENTS
IC83674 SQL WITH NESTED MATH OPERATIONS ON COLUMNS THAT ARE DEFINED WITH NOT NULL AND USING FUNCTIONS MAY RETURNED DIFFERENT RESULTS.

DB2 Version 9.5 Fix Pack 9
Security APARs
IC81387 SECURITY: UNAUTHORIZED ACCESS TO TABLES.
IC81379 Security: Denial of Service Security Vulnerability in DB2's XML Feature.
IC80728 SECURITY: Remote Escalation of Privilege Vulnerability in DAS.
IC79970 SECURITY: DB2 ESCALATION OF PRIVILEGE VULNERABILITY.
IC76899 SECURITY: REMOTE DENIAL OF SERVICE OF DB2 SERVER.
HIPER APARs
IZ19001 INSERT, UPDATE, or DELETE might not be fully processed (data loss) when following a CALL statement
IC81062 With file system caching enabled, system outage might result in corruption during LOB, REORG, or LOAD processing
IC77565 CLI FUNCTIONS RETURN SQL_SUCCESS EVEN WHEN SQL_ATTR_INSERT_BUFFERING=SQL_ATTR_INSERT_BUFFERING_IGD and INSERT COMMAND FAILS
IC77489 POSSIBLE INCORRECT RESULTS FROM A GROUP OF LEFT JOIN, INNER JOIN, AND COALESCE EXPRESSION IN AN ON PREDICATE
IC77340 INCORRECT OUTPUT MIGHT BE RETURNED BY A QUERY WITH PARTITION ELIMINATION INVOLVING MULTIPLE COLUMNS AND NON-CONSTANT KEYS
Special Attention APARs
IC81495 QUERIES WITH LIKE OPERATORS MIGHT RETURN INCORRECT RESULTS DUE TO AN INVALID HIGHEST PADDING CHARACTER
IC81458 WITH FILE SYSTEM CACHING ENABLED, SYSTEM OUTAGE DURING LOAD PROCESSING MIGHT RESULT IN CORRUPTION

DB2 Version 9.5 Fix Pack 8
Security APARs
IC71115 SECURITY: POTENTIAL TRAP WITH STMM ENABLED AND DATABASE_MEMORY SET TO AUTOMATIC
HIPER APARs
IC75322 Log Replay of Update LOB Field Concatenation Can Cause Corruption
IC74708 ALTER TABLE OPERATION AGAINST MDC TABLE MISTAKENLY MARKS MATCHING INDEX AS UNIQUE ALTHOUGH IT CONTAINS DUPLICATE KEYS.

DB2 Version 9.5 Fix Pack 7
Security APARs
IC72028 SECURITY: DB2 DAS REMOTE CODE EXECUTION VULNERABILITY
IC71413 Users able to update statistics for tables without appropriate privileges
IC71263 SECURITY: User continues to have privilege to execute a non-DDL statement after role membership has been revoked from its group
HIPER APARs
IC71982 NESTED-LOOP JOIN WITH EARLYOUT FOR GROUPBY CLAUSES, YIELDS INCORRECT RESULTS WHEN JOIN COLUMNS ARE OF DIFFERENT DATA TYPES

DB2 Version 9.5 Fix Pack 6a
Security APARs
IC70538 SECURITY: REMOTE BUFFER OVERFLOW VULNERABILITY IN DB2 ADMINISTRATIVE SERVER
IC68054 SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION WEAK SECURITY CVE-2009-3555
IC66814 SECURITY: User continues to have privilege to execute a non-DDL statement after their DBADM authority has been revoked.
IC66642 Security: Special group and user enumeration on Windows 2008 could trap the server.
IC65933 SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462)
IC65756 Security: DB2DART CAN OVERWRITE FILES OWNED BY THE INSTANCE OWNER.
IC65703 SECURITY: VULNERABILITY IN DB2STST.
IZ46774 SECURITY APAR: MODIFIED SQL DATA table function is not dropped when definer loses required privileges to maintain the objects.
HIPER APARs
IZ70790 INCORRECT RESULTS ARE RETURNED WHEN SELECT DISTINCT SUBQUERY IS ROUTED TO MATERIALIZED QUERY TABLES (MQT)
IC70080 Tablespace corruption due to IN-MEMORY POOL CONTROL BLOCK OUT OF SYNCH WITH POOL PAGE 0 IN REGARDS TO LAST INITIALIZED SMP EXTENT
IC65445 LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET TABLE LOB COLUMN
IC62742 THE ROUND SQL FUNCTION CAN RETURN THE WRONG RESULT ON A DECFLOAT INPUT VALUES OF Infinity/-Infinity
IC62125 Multi-threaded non-Java application either crashes or has code page conversion issues such as truncation of data

DB2 Version 9.5 Fix Pack 5
Security APARs
IC64298 In a rare case, calling a SQL stored procedure could cause the DB2 server to trap
IC62625 SECURITY: Remote exploits of DB2 provided routines.
IC62583 SECURITY: SEQUENCE OR GLOBAL VARIABLE CAN BE USED WITHOUT THE APPROPRIATE PRIVILEGE
IC63581 INCORRECT FILE PERMISSION AND AUTHORIZATION FOR HA SCRIPTS WHEN INSTALLED VIA V9.5.
IC62501 Security: db2licm utility vulnerability
IZ52083 Security: Manipulation of db2ra data stream of Load utility request can cause seg fault.
IZ38819 VISIBILITY OF PASSWORDS IN SET ENCRYPTION PASSWORD STATEMENT AS SEEN VIA GET SNAPSHOT DYNAMIC SQL
JR31948 Security: DB2 instance terminates abnormally while compiling a SQL query
HIPER APARs
IC64825 ALTER BUFFERPOOL REDUCE OR STMM MAY HANG IF SET WRITE SUSPEND HAD BEEN ISSUED
IC64540 SQLSETSTMTATTRW(SQL_ATTR_CHAINING_END) RETURNS 0, EVEN WHEN ONE OF THE PREVIOUS CHAINED STATEMENTS FAILED
IC63414 OUTER JOIN OPERATION MAY RETURN INCORRECT RESULTS WITH A PREDICATE WITH A SUBQUERY RETURNING NOT MORE THAN ONE ROW
IZ62791 INCORRECT RESULTS WHEN ORDERED COLUMN GROUP OR PREDICATE CAN BE USED AS INDEX KEYS
IZ55987 DYNAMIC SQL STATEMENTS WITH HOST VARIABLES, USING A REOPT ALWAYS OPTIMIZER GUIDELINE, MAY RETURN WRONG RESULTS
IZ55552 LOAD UTILITY MAY MARK A ROW BIT INCORRECTLY CAUSING INDEX SCAN TO RETURN INCORRECT RESULTS
IZ52573 USE OF ESCAPE SET TO NULL MIGHT EITHER RETURN INCORRECT RESULT OR CAUSE INSTANCE TRAP IN CULTURALLY CORRECT DATABASE
IZ47730 Incorrect result with multiple IN list to join (GENROW) plans via transivity on SMP and MPP environment
IZ46535 DATA REDISTRIBUTION WITH NOT ROLLFORWARD RECOVERABLE PARAMETER MIGHT CAUSE CORRUPTION IN TABLES ENABLED FOR ROW COMPRESSION

DB2 Version 9.5 Fix Pack 4a
HIPER APARs
IZ51211 INSTANCE ABEND DUE TO BAD PAGE ON TABLE SPACES LARGER THAN 2 TB
IZ50993 With AUTO_DEL_REC_OBJ = ON needed logs for retained backups may be deleted

DB2 Version 9.5 Fix Pack 4
Security APARs
IZ50079 SECURITY: USER WITHOUT SUFFICIENT PRIVILEGE COULD INSERT, UPDATE OR DELETE ROWS IN A TABLE
IZ40352 DASAUTO COMMAND CAN BE RUN BY NON-PRIVILEGED USERS
JR32268 UNAUTHORIZED CONNECTIONS POSSIBLE ON DATABASE SERVERS WITH LDAP-BASED AUTHENTICATION
HIPER APARs
IZ50916 INCORRECT RESULTS POSSIBLE IN QUERIES THAT WERE BOUND WITH REOPT ONCE AND INVOLVE LIKE PREDICATES
IZ47448 DATABASE BACKUP IMAGE DOES NOT CONTAIN ALL FILES FOR SMS TABLE SPACES WITH "FILE SYSTEM CACHING" ENABLED AND DB2_MMAP_READ=ON
IZ43316 INCORRECT RESULTS ON USING THE "NOT LIKE" PREDICATE ON A DATABASE CREATED WITH THE UCA500R1 COLLATION KEYWORD
LI74152 A DECIMAL DIVISION RETURNS AN INCORRECT RESULT IF THE RESULTING PRECISION IS 32 AND MIN_DEC_DIV_3=YES
JR31883 A QUERY MAY RETURN INCORRECT RESULTS WHEN ITS OUTER JOIN OPERATOR IS EXPECTED TO OUTPUT AT MOST ONE ROW

DB2 Version 9.5 Fix Pack 3a
Security APARs
IZ39653 SECURITY: MALICOUS DATA STREAM CAN CAUSE THE DB2 SERVER TO TRAP.
IZ37697 SECURITY: MALICIOUS CONNECT DATA STREAM CAN CAUSE DENIAL OF SERVICE.
HIPER APARs
IZ38961 POSSIBLE INCORRECT RESULTS WHEN REWRITING NOT EXISTS SUBQUERY
IZ37641 QUERY HAVING A JOIN OVER A RANGE PARTITION TABLE MAY GET INCORRECT RESULT

DB2 Version 9.5 Fix Pack 3
HIPER APARs
IZ30392 ONLINE INDEX CREATION OR REORGANIZATION MAY PRODUCE CORRUPTED INDEXES, ROLLFORWARD RECOVERY CAUSES DATA CORRUPTION OR ABENDS.
JR30285 DB2 OBJECTS ARE ALLOCATED ON THE OS HEAP DURING SQL PROCESSING AND ARE NOT FREED.

DB2 Version 9.5 Fix Pack 2
Security APARs
JR30227 SECURITY VULNERABILITY: DB2FMP PROCESS ON WINDOWS RUNNING WITH OS PRIVILEGE
JR28431 SECURITY VULNERABILITY IN DEPLOYMENT OF CLR STORED PROCEDURES FROM IBM DATABASE ADD-INS FOR VISUAL STUDIO
IZ22190 Buffer overflow condition in DAS server code.
IZ22143 DB USER CAN CREATE OR OVERWRITE FILES USING INSTANCE OWNER'S ID
HIPER APARs
LI73603 INDEX SCAN USING EXCLUSIVE START KEY MIGHT RETURN INCORRECT RESULTS
LI73318 DATA CORRUPTION WHEN A LOB OBJECT ASSOCIATED WITH A TABLE GROWS LARGER THAN 2 TB
LI73307 CASTING OF A ROUND FUNCTION TO A DECIMAL CAN PRODUCE INCONSISTENT RESULTS ON WINDOWS OPERATING SYSTEMS
IZ29118 INCORRECT RESULTS FOR OUTER JOINS WITH SELECT DISTINCT
IZ23950 XML LOAD: RESTARTING IN BUILD PHASE IGNORES UNIQUE VALUES KEY VIOLATIONS
IZ23439 WRONG RESULT IN QUERY WITH XMLEXISTS AND "FETCH FIRST N ROWS ONLY"
IZ20716 A QUERY MAY RETURN UNEXPECTED RESULTS IN DPF/SMP ENVIRONMENTS WHEN SELECTING A DECFLOAT COLUMN OR PERFORMING AGGREGATION ON IT
IZ18783 HIGH MEMORY USAGE/PAGING WITH LOCAL CONNECTIONS OR ATTACHMENTS USING SOLARIS 10
IZ18078 rollforward - sqldCompressRec, probe:787 - Compression dictionary is invalid
IZ14057 INCORRECT RESULT MAY BE RETURNED IN OPTLEVEL 5 OR HIGHER IF THE QUERY HAS A FULL OUTER JOIN USED AS AN INPUT TO UNION ALL.

DB2 Version 9.5 Fix Pack 1
Security APARs
JR28314 SECURITY: THE PASSWORD USED TO CONNECT TO THE DATABASE CAN BE SEEN IN CLEAR TEXT FROM A MEMORY DUMP
IZ19155 SECURITY: DB2 SECURITY VULNERABILITY RELATED TO DB2FMP PROCESS
IZ18431 SECURITY: POSSIBLE BUFFER OVERRUN IN XQUERY, XMLQUERY, XMLEXISTS AND XMLTABLE.
IZ14939 SECURITY: Security vulnerability in db2ls command
IZ12994 SECURITY: DB2WATCH AND DB2FREEZE HAS SOME SECURITY VULNERABILITY.
IZ12798 SECURITY: LOCAL EXPLOITATION OF A FILE CREATION VULNERABILITY IN THE ADMIN SERVER ALLOWS ATTACKERS TO ELEVATE PRIVILEGES TO ROOT
IZ12406 SECURITY: Buffer overflow vulnerability in DAS server program.
IZ10917 SECURITY VULNERABILITY IN SYSPROC.ADMIN_SP_C
IZ10776 SECURITY VULNERABILITY IN SYSPROC.NNSTAT.
HIPER APARs
JR27834 DELETE STATEMENT ON NOT LOGGED GLOBAL DECLARED TEMP TABLE DELETES ALL ROWS
IZ12465 Inserting or executing certain queries on XML docs with large text nodes may lead to incorrect data or an engine crash.
IZ12174 IDENTITY/SEQ. COLumns ARE RESET back to 'START WITH' value AFTER 'RESTART' AND 'SET' ARE ISSUED IN SEQUENCE AGAINST THE TABLE
IZ08044 AN INPLACE TABLE REORG SCENARIO CAN CAUSE ABEND AND POSSIBLE CORRUPTION
IZ07740 INCORRECT RESULTS DURING REVERSE SCAN
IZ07531 IMPROPER REMOVAL OF A JOINED TABLE DURING THE QUERY REWRITE PHASE OF OPTIMIZATION PRODUCES INCORRECT RESULTS.





DB2 fix packs for all supported versions can be downloaded at the following site: http://www.ibm.com/support/docview.wss?uid=swg27007053

The DB2 team will continue to have a strong focus on delivering timely fixes for newly discovered issues along with information that helps our customers to decide on an appropriate course of action. The DB2 team regrets the inconvenience that these issues are causing to you, our customers. We believe that our actions are the most prudent steps to address your concerns and remain open to suggestions on how to further improve our processes.


My Notifications
Sign-up to receive e-mail notification of changes to this document.
1. Sign in to My Notifications
2. select Subscribe tab
3. select "Information Management" from the Software column
4. select the check box for "DB2 for Linux, UNIX and Windows"
click the Continue button.
5. select the check box for "Flashes" and all other document types
click the Submit button.

For more information about My Notifications please click on

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"OTHER - Uncategorised","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSEPDU","label":"Db2 Connect"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"9.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
26 September 2022

UID

swg21633016