Combined fix for security vulnerability APARs IC62164, IC62450 and IZ56259

Downloadable files


Abstract

This document links to the download records for a combined fix for security vulnerability APARs IC62164, IC62450 and IZ56259.

Download Description

The following URLs contain details of the vulnerabilities reported under these APARs.

IC62164 - Malformed data could cause a trap on a WebSphere MQ v7 server.
This is applicable to 7.0.0.0, 7.0.0.1 and 7.0.0.2 only.
http://xforce.iss.net/xforce/xfdb/53190

IC62450 - Remote denial of service vulnerability in rriDecompress
This is applicable to all levels of V6 up to and including 6.0.2.7, as well as 7.0.0.0, 7.0.0.1, 7.0.0.2 and 7.0.1.0.
http://xforce.iss.net/xforce/xfdb/53191

IZ56259 - Memory overwrite when asynchronous consume or readahead is used.
This is applicable to 7.0.0.1, 7.0.0.2 and 7.0.1.0 only.
http://xforce.iss.net/xforce/xfdb/53285

Installation Instructions

Follow the installation instructions in the readme files contained inside the relevant packages.

If contacting IBM after applying this fix, please ensure you mention that this fix has been applied so it can be included in any future fix you are provided with.

URL LANGUAGE SIZE(Bytes)
List of fixes for all platforms English 1

Download package

The download link above links to a list of available fix packages for these APARs. The fix packages also contain fixes for previously reported vulnerabilities where appropriate. The actual fixes included in each package are documented in the readme file contained within the packages.

Fix packages are available for all maintenance levels released over the last 5 months. Combined interim fixes are not available for levels prior to 6.0.2.6 and 7.0.0.2 due to the high number of prerequisite changes that would also need to be included. System i users will need to contact IBM support to obtain fixes for this issue.

Note that where fix packs include fixes for these APARs, once they are released they will appear as the main download choices when following the link below. To find the combined fixes for earlier levels, please expand the sections which look like this:
Show additional interim fixes that are included in this fix pack


How critical is this fix?

This fix is recommended for systems that are not secured by SSL and/or authentication security exits.  

Problems solved

IC62450 - Remote denial of service vulnerability in rriDecompress

IZ56259 - Memory overwrite when asynchronous consume or readahead is used.

IC62164 - Malformed data could cause a trap on a WebSphere MQ v7 server.

Known side effects

None

Product Alias/Synonym

WMQ MQ

Problems (APARS) fixed
IC62164, IC62450, IZ56259

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere MQ
Security

Software version:

6.0, 6.0.1, 6.0.1.1, 6.0.2, 6.0.2.1, 6.0.2.2, 6.0.2.3, 6.0.2.4, 6.0.2.5, 6.0.2.6, 6.0.2.7, 7.0, 7.0.0.1, 7.0.0.2, 7.0.1

Operating system(s):

AIX, HP Itanium, HP-UX, IBM i, Linux, Solaris, Windows

Reference #:

4024153

Modified date:

2009-09-14

Translate my page

Machine Translation

Content navigation