IBM Support

Published Security Vulnerabilities for DB2 for Linux, UNIX, and Windows including Special Build information

Preventive Service Planning


Abstract

Published Security Vulnerabilities for DB2 for Linux, UNIX, and Windows, including links to Special Builds (where available).

Content

Published Security Vulnerabilities

 

Note: The topmost Security Bulletin contains links to the latest Special Build. Special Builds are cumulative so the latest Special Build will contain the fixes for all current Security Vulnerability APARs.

 

For more information about a specific APAR see the relevant Security Bulletin

 

Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin) DB2 9.7 DB2 9.8 DB2 10.1 DB2 10.5 DB2 11.1
           
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2018-1802).

EoS

SB #37995

EoS

EoS

SB #37994

SB #37993

v11.1.4.4

OR

SB #37992

Security Bulletin: IBM® Db2® is affected by multiple privilege escalation vulnerabilities (CVE-2018-1799, CVE-2018-1780, CVE-2018-1781, CVE-2018-1834).

EoS

SB #37995

EoS

EoS

SB #37994

SB #37993

v11.1.4.4

OR

SB #37992 (v11.1.3.3 iFIx002)

Security Bulletin: IBM® Db2®'s RCAC rules are not being enforced by CTAS sub-select statements (CVE-2018-1857) EoS EoS N/A N/A

v11.1.4.4

OR

SB #37992 (v11.1.3.3 iFix002)

Vulnerabilities in GSKit affect IBM Spectrum Scale used by DB2® pureScale™ (CVE-2018-1431, CVE-2018-1447, CVE-2017-3732, CVE-2016-0705). EoS EoS EoS

v10.5 FP11 (TBA)

OR

SB #37993

v11.1.4.4 (TBA)

OR

SB #37992 (v11.1.3.3 iFix002)
Privilege escalation in IBM® DB2® tool db2cacpy (CVE-2018-1685). EoS IT25816 in SB #37838 EoS

EoS

IT25815 in SB #37837

IT25814 in SB #37836 IT25466 in SB #37835 (v11.1.3.3 iFix002)
Security Bulletin: Buffer overflow in IBM® DB2® tool db2licm (CVE-2018-1710). Not Vulnerable EoS

EoS

IT25820 in
SB #37837

IT25719 in SB #37836 IT25819 in SB #37835 (v11.1.3.3 iFix002)

Security Bulletin: Privilege escalation vulnerability affects IBM® DB2® Administrative Task Scheduler (CVE-2018-1711)

EoS IT25824 in SB #37838 EoS

EoS

IT25825 in SB #37837

IT25826 in SB #37836

v11.1.4.4

OR

IT25813 in SB #37835 (v11.1.3.3 iFix002)

Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (CVE-2018-2783, CVE-2018-2794) EoS EoS EoS

v10.5 FP11 (TBA)

OR


JDK upgrade

v11.1.4 FP4 (TBA)

OR

JDK upgrade

 

Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737) EoS EoS EoS

v10.5 FP11 (TBA)

OR


FCM upgrade

v11.1.4 FP4 (TBA)

OR

FCM upgrade

Privilege escalation in IBM DB2 via loading libraries from untrusted path (CVE-2018-1487)

EoS IT24477 in SB #37642

EoS EoS IT24476 in SB #37641 IT24475 in SB #37640

v11.1.3 FP3 iFix002

OR

IT24474 in SB #37639 (v11.1.3.3 iFix001)

Multiple untrusted search path vulnerabilities in the IBM DB2 DAS component on Windows (CVE-2018-1458)

EoS IT24826 in SB #37642

EoS EoS IT24825 in SB #37641 SB #37640

v11.1.3 FP3 iFix002

OR

IT24823 in SB #37639 (v11.1.3.3 iFix001)

Security Bulletin: Format string vulnerability in IBM DB2 tool db2support (CVE-2018-1566)

EoS IT24463 in SB #37642

EoS EoS IT24462 in SB #37641 IT24461 in SB #37640

v11.1.3 FP3 iFix002

OR

IT24283 in SB #37639 (v11.1.3.3 iFix001)

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® DB2®. (CVE-2018-2579, CVE-2018-2678, CVE-2018-2618, CVE-2018-2602)
EoS (manually upgrade IBM JDK)
EoS
EoS
(manually upgrade IBM JDK)
v10.5 FP10
V11.1.3 FP4 (TBA)
Security Bulletin: IBM® DB2® is vulnerable to buffer overflow (CVE-2018-1459)
IT24466 in Special Build #37477
EoS
IT24465 in Special Build #37478
IT24464 in Special Build #37479
IT24311 in v11.1.3.3 iFix001
Security Bulletin: Multiple vulnerabilities affect db2exmig and db2exfmt tools shipped with IBM® Db2® (CVE-2018-1544, CVE-2018-1565)
IT24804 in Special Build #37477
EoS
IT24803 in Special Build #37478
Special Build #37479
IT24799 in v11.1.3.3 iFix001
Security Bulletin: Buffer overflow in the db2convert tool shipped with IBM® DB2® (CVE-2018-1515)
Not vulnerable
EoS
Not vulnerable
IT24645 in Special Build #37479
IT24642 in v11.1.3.3 iFix001
Security Bulletin: Buffer overflow in IBM® DB2® tool db2licm (CVE-2018-1488)
Not vulnerable
EoS
Not vulnerable
IT24478 in Special Build #37479
IT24473 in v11.1.3.3 iFix001
Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452)
IT24217 Special Build #37477
EoS
IT24216 Special Build #37478
IT24215 Special Build #37479
IT24171 in v11.1.3.3 iFix001
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by a Vulnerability in GPFS (CVE-2016-2119)
EoS
EoS
EoS
V10.5 FP9
Spectrum Scale V4.1.1.11 efix9
V11.1.1 FP3
Spectrum Scale V4.1.1.17 efix3
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426, CVE-2018-1447) IT24060
Special Build #37314 (see Security Bulletin)
EoS
IT24061
Special Build #37313 (see Security Bulletin)
IT24058
Special Build #37311 (see Security Bulletin)
IT24059
in v11.1 M3 FP3
Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files (CVE-2018-1448) IT24214
Special Build #37314 (see Security Bulletin)
EoS
IT24213
Special Build #37313 (see Security Bulletin)
IT24212
Special Build #37311 (see Security Bulletin)
IT24170 in v11.1 M3 FP3
The Db2 JDBC driver deserializes an object unsafely potentially leading to arbitrary code execution (CVE-2017-1677) IT23799
Special Build #37314 (see Security Bulletin)
EoS
IT23798
Special Build #37313 (see Security Bulletin)
IT23797
Special Build #37311 (see Security Bulletin)
IT23794 in v11.1 M3 FP3
Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571) IT22411
Special Build #37314 (see Security Bulletin)
EoS
IT22413
Special Build #37313 (see Security Bulletin)
IT22414
Special Build #37311 (see Security Bulletin)
IT22415 in v11.1 M3 FP3
Security Bulletin: : Security vulnerabilities have been identified in Tivoli Storage FlashCopy Manager shipped with IBM Db2.
N/A
EoS
IT18997 in V10.1 FP7 IT20495 in V10.5 FP9 V11.1.3 FP3 Solution in PPA (see Security Bulletin)
Security Bulletin: Privilege escalation vulnerabilities affect IBM® Db2® (CVE-2017-1439, CVE-2017-1451) IT21396 Special Build #36826 (see Security Bulletin)
EoS
IT21395 Special Build #36827 (see Security Bulletin) IT21394 in V10.5 FP9
or
FP8 Special Build #36828
IT21364
V11.1.3
or
v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: Privilege escalation vulnerabilities affect IBM® Db2® (CVE-2017-1438) IT21143 Special Build #36826 (see Security Bulletin)
EoS
IT21163 Special Build #36827 (see Security Bulletin) IT21164 in V10.5 FP9
or
FP8 Special Build #36828
IT21140
v11.1.3
or
v11.1 FP2 Special Build #36792(see Security Bulletin)
Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files. (CVE-2017-1452) IT21465 Special Build #36826 (see Security Bulletin)
EoS
IT21464 Special Build #36827 (see Security Bulletin) IT21463 in V10.5 FP9
or
FP8 Special Build #36828
IT21458
v11.1 FP3
or
v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® Db2® sensitive information exposure in the error log (CVE-2017-1434).
N/A
EoS
N/A
N/A
IT21347
v11.1 FP3
or
v11.1 FP2 Special Build #36792(see Security Bulletin)
Security Bulletin: IBM® Db2® is affected by denial of service vulnerability in the Db2 Connect Server (CVE-2017-1519)
N/A
EoS
N/A
IT21454 in V10.5 FP9
or
FP8 Special Build #36828
IT21455
v11.1 FP3
or
v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® Db2® is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT (CVE-2017-1520) IT21974 Special Build #36826 (see Security Bulletin)
EoS
IT21973 Special Build #36827 (see Security Bulletin) IT21462 in V10.5 FP9
or
FP8 Special Build #36828
IT21459

v11.1 FP3
or
v11.1 FP2
Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® DB2® LUW's Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297). IT20570
Special Build #36621 (see Security Bulletin)
N/A
IT20571
Special Build #36610 (see Security Bulletin)
IT20498
in V10.5 FP9
or FP8 Special Build #36605
IT20562 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by vulnerabilities in zlib (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843). IT9129
Special Build #36621(see Security Bulletin)
N/A
IT20564
Special Build #36610 (see Security Bulletin)
IT20565
in V10.5 FP9
or
FP8 Special Build #36605
IT20566 in V11.1 FP2
Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105) IT20567
Special Build (see Security Bulletin)
N/A
IT20568
Special Build (see Security Bulletin)
IT20461
in V10.5 FP9
IT20463 in V11.1 FP2
Security Bulletin: Privilege escalation vulnerability affects IBM® DB2® LUW (CVE-2017-1134)
N/A
N/A
IT20569 see Security Bulletin IT20460 in V10.5 FP9 IT20462 in V11.1 FP2
Security Bulletin: Information Disclosure vulnerability affects IBM® DB2® LUW (CVE-2017-1150)
N/A
EoS
IT15485 in V10.1 FP6 IT19399 in V10.5 FP9 IT19400 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW is vulnerable to Sweet32 Birthday Attack (CVE-2016-2183) IT17531 Have remediation (see Security Bulletin)
EoS
IT17645 in V10.1 FP6 IT17646 in V10.5 FP9 Have remediation IT17467 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by a Vulnerability in GPFS (CVE-2016-2119) N/A
EoS
N/A
T17644 in V10.5 FP9 IT17530 in V11.1 FP1
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995) IT17010 Special Build (see Security Bulletin)
EoS
IT17011 in V10.1 FP6 IT16921 in V10.5 FP8 IT17012 in V11.1 FP1
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985) IT17531 Special Build (see Security Bulletin)
EoS
IT17645 in V10.1 FP6 IT17646 in V10.5 FP9 IT17647 in V11.1.1 FP1
Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463)
N/A
EoS
N/A
IT17644 in V10.5 FP9 IT17530 in V11.1.1 FP1
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995) IT17010 Special Build (see Security Bulletin)
EoS
IT17011 in V10.1 FP6 IT16921 in V10.5 FP8 IT17012 in V11.1.1 FP1
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985)
N/A
EoS
IT16321 in V10.1 FP6 IT16323 in V10.5 FP8 IT16324 in V11.1.1 FP1
Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463) IT15576 Special Build (see Security Bulletin)
EoS
IT15577 in V10.1 FP6 IT15578 in V10.5 FP8 IT15579 in V11.1.1 FP1
Vulnerabilities in Flexera InstallShield and InstallAnywhere affect IBM Data Server Driver packages (CVE-2016-2542, CVE-2016-4560) IT14993 in V9.7 FP11 (no Special Build)
EoS
IT14999 in V10.1 FP6 IT15000 in V10.5 FP8 Fixed in GA
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS
N/A
N/A
IT16321 in V10.1 FP6 IT16323 in V10.5 FP8 IT16324
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability using a SELECT statement with subquery containing the AVG OLAP function on Oracle compatible database (CVE-2016-0215) IT12673 IT13208 Special Build (see Security Bulletin) IT12669 in V10.1 FP6 IT12675 in V10.5 FP8  
IBM® DB2® LUW contains a denial of service vulnerability in which a malformated DRDA message may cause the DB2 server to terminate abnormally (CVE-2016-0211) IT12462 Special Build (see Security Bulletin) IT13350 Special Build (see Security Bulletin) IT12487 in V10.1 FP6 IT12488 in V10.5 FP8  
Security Bulletin: Vulnerabilities in the GSKit component of IBM® DB2® LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421) IT12647 Special Build (see Security Bulletin) IT12646 Special Build (see Security Bulletin) IT12645 Special in V10.1 FP6 IT12642 in V10.5 FP8  
Vulnerabilities in GPFS affect IBM® DB2® LUW on AIX and Linux (CVE-2015-4974, CVE-2015-4981 & CVE-2015-7403)
N/A
IT11550 Special Build (see Security Bulletin) IT11549 in V10.1 FP6 IT11536 in V10.5 FP8  
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-0204)
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM® DB2® LUW (CVE-2015-2808)
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-1788)
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® DB2® LUW (CVE-2015-4000)
Note: these vulerabilities also affect Java, and for that, customer need to download the new version of Java from DB2 Fix Central. Please refer to security bulletin for details.
N/A
N/A
IT07393 in V10.1 FP6 IT07394 in V10.5 FP7  
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® LUW (CVE-2015-1947) IT08755 Special Build (see Security Bulletin) IT08754 Special Build (see Security Bulletin) IT08751 in V10.1 FP6 IT08753 in V10.5 FP7  
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® (CVE-2015-1788) IT09897 in V9.7 FP11 IT09901 Special Build (see Security Bulletin) IT09899
in V10.1 FP6
IT09900 in V10.5 FP7  
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in scalar functions (CVE-2015-0157) IT07103 in V9.7 FP11 IT07107 Special Build (see Security Bulletin) IT07108 in V10.1 FP5 IT07109 in V10.5 FP7  
Security Bulletin: IBM® DB2® contains a file disclosure vulnerability in the database automated maintenance feature (CVE-2015-1883) IT08086 in V9.7 FP11 IT08085 Special Build (see Security Bulletin) IT08080 in V10.1 FP5 IT08075 in V10.5 FP7  
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM® DB2® LUW (CVE-2015-2808) IT08534 in V9.7 FP11 IT08535 Special Build (see Security Bulletin) IT08536 in V10.1 FP5 IT08537 in V10.5 FP7  
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in scalar functions that may result in arbitrary code execution as the DB2 instance owner (CVE-2015-1935) IT08668 in V9.7 FP11 IT08667 Special Build (see Security Bulletin) IT08543 in V10.1 FP5 IT08656 in V10.5 FP6  
Security Bulletin: Multiple vulnerabilities in GPFS affects IBM® DB2® LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)
N/A
1IT8112 Special Build (see Security Bulletin) IT08525 in V10.1 FP5 IT08113 in V10.5 FP6  
Security Bulletin: IBM® DB2® LUW contains a bypass security vulnerability in its Data Movement feature (CVE-2015-1922) IT08523 in V9.7 FP11 IT08524 Special Build (see Security Bulletin) IT08525 in V10.1 FP5 IT08526 in V10.5 FP6  
Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910) IT06356 in V9.7 FP11 IT06355 Special Build (see Security Bulletin) IT06354 in V10.1 FP5 IT06353 in V10.5 FP6  
Security Bulletin: IBM® DB2® contains a sensitive information exposure vulnerability in the monitoring and audit feature (CVE-2014-0919) IT07547 in V9.7 FP11 IT07552 Special Build (see Security Bulletin) IT07553 in V10.1 FP5 IT07554 in V10.5 FP6  
Security Bulletin: Vulnerabilities in GSKit affect IBM® DB2® (CVE-2015-0138, CVE-2015-0159 and CVE-2014-6221) IT07648 in V9.7 FP11 IT07647 Special Build (see Security Bulletin) IT07646 in V10.1 FP5 IT07635 in V10.5 FP6  
Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730) IT06348 in V9.7 FP11 IT06349 Special Build (see Security Bulletin) IT06350 in V10.1 FP5 IT06351 in V10.5 FP6  
Security Bulletin: IBM® DB2® XML Query Will Cause Excessive CPU Usage (CVE-2014-8901) IT05937 in V9.7 FP11 IT05938 Special Build (see Security Bulletin) IT05939 in V10.1 FP5 IT05933 in V10.5 FP5  
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which multiple ALTER TABLE statements may cause the DB2 server to terminate abnormally. (CVE-2014-6210) IC96934 in V9.7 FP11 IT05651 Special Build (see Security Bulletin) IT05652 in V10.1 FP5 IT04138 in V10.5 FP5  
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. (CVE-2014-6209) IT05645 in V9.7 FP11 IT056446 Special Build (see Security Bulletin) IT05647 in V10.1 FP5 IT04786 in V10.5 FP5  
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE. (CVE-2014-6159) IT05105 in V9.7 FP10 IT05132 Special Build (see Security Bulletin) IT05074 in V10.1 FP5 IT04730 in V10.5 FP4  
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally. (CVE-2014-6097) IT03786 in V9.7 FP10 IT04034 Special Build (see Security Bulletin)
N/A
N/A
 
Security Bulletin: Unauthorized Access to user data vulnerability in DB2 during certain LOAD operations into Columnar Data Engine (CDE) tables (CVE-2014-4805)
N/A
N/A
N/A
IT03761 in V10.5 FP4  
Security Bulletin: IBM® DB2® for LUW is affected by the OpenSSL vulnerability (CVE-2014-3470)
N/A
N/A
IT02960 in V10.1 FP5 IT02963 in V10.5 FP4  
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability using a SELECT statement with a subquery containing a UNION (CVE-2014-3095) IT02645 in V9.7 FP10 IT02644 Special Build (see Security Bulletin) IT02646 in V10.1 FP5 IT02433 in V10.5 FP4  
Security Bulletin: IBM® DB2® is affected by the JSON-C vulnerability (CVE-2013-6371}
N/A
N/A
N/A
IT02201 in V10.5 FP4  
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094) IT02592 in V9.7 FP10 IT02594 Special Build (see Security Bulletin) IT02593 in V10.1 FP5 IT02291 in V10.5 FP4  
Security Bulletin: IBM® DB2® is impacted by multiple TLS/SSL security vulnerabilities (CVE-2013-6747, CVE-2014-0963) IC99474 in V9.7 FP9a IC99476 Special Build (see Security Bulletin) IC99475 in V10.1 FP3a & FP4 IC99477 in V10.5 FP3a  
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2014-0907) IT00684 in V9.7 FP9a IT00685 Special Build (see Security Bulletin) IT00686 in V10.1 FP3a & FP4 IT00687 in V10.5 FP3a  
Security Bulletin: Escalation of Privilege Vulnerability in IBM® DB2® Stored Procedure Infrastructure on Windows (CVE-2013-6744) IC99478 in V9.7 FP9a
N/A
IC99480 in V10.1 FP3a & FP4 IC99481 in V10.5 FP3a  
Security Bulletin: Denial of Service Vulnerability in DB2's XSLT Library. (CVE-2013-5466) IC97470 in V9.7 FP9 IC97763 Special Build (see Security Bulletin) IC97471 in V10.1 FP3a & FP4 IC97472 in V10.5 P3  
Security Bulletin: Executing a query with an OLAP specification causes the DB2 server to terminate database connections. (CVE-2013-6717) IC95641 in V9.7 FP9 IC97762 Special Build (see Security Bulletin) IC97737 in V10.1 FP3a & FP4 IC97738 in V10.5 P3  
Security Bulletin: Denial of Service Vulnerability in DB2 for Unix, Linux and Windows's Fast Communications Manager. (CVE-2013-4032)
N/A
N/A
IC94434 in V10.1 FP3 IC94939 in V10.5 P3  
Security Bulletin: Unauthorized Access to Table Vulnerability in DB2 (CVE-2013-4033) IC94523 in V9.7 FP9 IC94756 Special Build (see Security Bulletin) IC94757 in V10.1 FP3 IC94758 in V10.5 FP1  
Security Bulletin: Privilege escalation vulnerability in IBM DB2's Audit Facility (CVE-2013-3475) IC92495 in V9.7 FP9 IC92496 Special Build (see Security Bulletin) IC92498 in V10.1 FP3
10.5 GA
 
Security Bulletin: IBM DB2 is impacted by a vulnerability in the IBM GSKit library (CVE-2013-0169) IC90395 in V9.7 FP9 IC90396 Special Build (see Security Bulletin) IC90397 in V10.1 FP3a & FP4
10.5 GA
 
Security Bulletin: Multiple GSKit Vulnerabilities in IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203) IC90395 in V9.7 FP9 IC90396 Special Build (see Security Bulletin) IC90397 in V10.1 FP3a & FP4
10.5 GA
 
Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 SQL/PSM Stored Procedure Infrastructure (CVE-2012-4826) IC86781 in V9.7 FP7 IC86782 Special Build (see Security Bulletin) IC86783 in V10.1 FP1
N/A
 
Security Bulletin: IBM DB2 Security Vulnerability in the UTL_FILE module (CVE-2012-3324)
N/A
N/A
IC85513 in V10.1 FP1
N/A
 
Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 Java Stored Procedure Infrastructure (CVE-2012-2197) IC84753 in V9.7 FP7 IC84754 Special Build (see Security Bulletin) IC84755 in V10.1 FP1
N/A
 
Security Bulletin: IBM DB2 Security Vulnerability in SQLJ.DB2_INSTALL_JAR (CVE-2012-2194) IC84714 in V9.7 FP7 IC84715 Special Build (see Security Bulletin) IC84716 in V10.1 FP1
N/A
 
Security Bulletin: XML File Disclosure Vulnerability in IBM DB2 GET_WRAP_CFG_C and GET_WRAP_CFG_C2 (CVE-2012-2196) IC84748 in V9.7 FP7 IC84750 Special Build (see Security Bulletin) IC84751 in V10.1 FP1
N/A
 
Security Bulletin: DB2 Denial of Service Vulnerability in DRDA (CVE-2012-2180) IC82234 in V9.7 FP6 IC82367 in V9.8 FP5
10.1 GA
N/A
 
Security Bulletin: Unauthorized File Access Security Vulnerability in DB2 XML Feature (CVE-2012-0713) IC81462 in V9.7 FP6 IC81839 in V9.8 FP5
10.1 GA
N/A
 
Security Bulletin: Remote Escalation of Privilege Vulnerability in DB2 Administration Server (CVE-2012-0711) IC80729 in V9.7 FP6
N/A
10.1 GA
N/A
 
Security Bulletin: DB2 Denial of Service Vulnerability in DRDA (CVE-2012-0710) IC76901 in V9.7 FP5 IC76902 in V9.8 FP4
N/A
N/A
 
Security Bulletin: Unauthorized Access to Table Vulnerability in DB2 (CVE-2012-0709) IC81390 in V9.7 FP6 IC81836 in V9.8 FP5
N/A
N/A
 
Security Bulletin: Denial of Service Security Vulnerability in DB2’s XML Feature. (CVE-2012-0712) IC81380 in V9.7 FP6 IC81837 in V9.8 FP5
N/A
N/A
 
DB2 Escalation of Privilege Vulnerability (CVE-2011-4061) IC79274 in V9.7 FP6
N/A
N/A
N/A
 
           

Related information

Download DB2 Fix Packs by version for DB2 for LUW

Document information

More support for: DB2 for Linux, UNIX and Windows

Component: Install/Migrate/Upgrade - Fixpak

Software version: 9.7, 9.8, 10.1, 10.5, 11.1

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 1984819

Modified date: 19 November 2018