This document contains a list of fixes for Security and HIPER APARs in DB2 Version 11.1.
A set of security vulnerabilities was discovered in some DB2 database products. These vulnerabilities were analyzed by the DB2 development organization and a set of corresponding fixes was created to address the reported issues. IBM is not currently aware of any externally reported incidents where production DB2 installations have been compromised due to these issues.
The affected DB2 UDB for Linux, UNIX, and Windows products are:
DB2 Connect Server (all Editions)
DB2 Developer Edition
DB2 Enterprise Server (all Editions)
DB2 Express Server (all Editions)
DB2 Workgroup Server (all Editions)
DB2 Client component and DB2 products or components other than those listed above are not affected.
Due to the complexity of the fixes required to eliminate the reported service issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 11.1 fix packs.
Select a Fix Pack: 1 2 m2ifx001 m2ifx002 3 m3ifx001 m3ifx002 4 m4ifx001 m4fp5 m4fp6 m4fp7
-->
| DB2 Version 11.1 Mod 4 Fix Pack 7 |
| Security APARs |
| IT38460 |
SECURITY: ADMINISTRATIVE TASK SCHEDULER IS VULNERABLE TO A PRIVILEGE ESCALATION (CVE-2021-38926) |
| IT38816 |
SECURITY: CLIENT ENCRYPTION SETTINGS ARE NOT PRESERVED ON A FAIL OVER/RECONNECT RESULTING IN A DATA EXPOSURE. (CVE-2021-39002) |
| IT37658 |
SECURITY: IBM DB2 MAY BE VULNERABLE TO AN INFORMATION DISCLOSUR E UNDER CERTAIN CIRCUMSTANCES WITH LOAD UTILITY (CVE-2021-20373) |
| IT36400 |
SECURITY: LOCAL PRIVILEGE ESCALATION IN IBM DB2 WINDOWS CLIENT (CVE-2020-4739) |
| IT31638 |
SECURITY: DB2 IS VULNERABLE TO MULTIPLE BUFFER OVERFLOWS (CVE-2020-4204) |
| IT36870 |
SECURITY: IBM DB2 IS VULNERABLE TO A DENIAL OF SERVICE UNDER SPECIFIC CONDITIONS (CVE-2021-29763) |
| IT36938 |
SECURITY: IBM DB2 IS VULNERABLE TO A DOS WHEN A TABLE IS DROPPED WHILE BEING ACCESSED IN ANOTHER SESSION (CVE-2021-29777) |
| IT36931 |
SECURITY: IBM DB2 IS VULNERABLE TO AN INFORMATION DISCLOSURE (CVE-2021-29752) |
| IT37177 |
SECURITY: DB2 EXPOSES SENSITIVE INFORMATION WHEN USING ADMIN_CMD WITH LOAD OR BACKUP (CVE-2021-29825) |
| IT38558 |
SECURITY: INDIRECT READ ACCESS TO A TABLE THAT THE USER IS NOT AUTHORIZED TO SELECT FROM (CVE-2021-38931) |
| IT36599 |
SECURITY: IBM DB2 SERVER TERMINATES ABNORMALLY WHEN SELECT FROM INVALID VIEWS (CVE-2021-29703) |
| IT37717 |
SECURITY: IBM DB2 MAY BE VULNERABLE TO AN INFORMATION DISCLOSURE (CVE-2021-29678) |
| IT36717 |
SECURITY: IBM DB2 MAY BE VULNERABLE TO AN INFO. DISC. IN SOME CASES WHEN A USER CREATES AN INLINE SQL FUNC. (CVE-2021-20579) |
| IT36869 |
SECURITY: IBM DB2 IS VULNERABLE TO WEAK FILE PERMISSIONS ALLOWING ACCESS TO SPECIFIC FILES (CVE-2020-4976) |
| IT39918 |
SECURITY: VERSION OF LIBEXPAT USED BY DB2 MAY ALLOW A REMOTE ATT ACKER TO EXECUTE ARBITRARY CODE (CVE-2022-23852,CVE-2022-23990) |
| HIPER APARs |
| IT28568 |
AN OUTER JOIN QUERY MIGHT BE WRONGFULLY RE-WRITTEN TO AN INNER JOIN QUERY WHEN MQT MATCHING IS ENFORCED FOR SHADOW TABLES. |
| IT35400 |
WRONG RESULT IN A VERY SPECIFIC PLAN/SPECIFIC DATA FLOW WITH NLJN AND DATAPART TABLE ON THE INNER AND NULL KEYS. |
| IT35689 |
QUERY WITH 'ORDER BY' AND REFERENCING A COMMON SUBEXPRESSION OVER COLUMN-ORGANIZED TABLES MAY RETURN ROWS IN THE WRONG ORDER |
| IT36690 |
QUERY WITH INDEX SCAN ON A COLUMNAR TABLE WHICH IS UNDER A UNION MAY GET INCORRECT RESULT |
| IT36928 |
IF ROW BEING SORTED IS VERY WIDE MEMORY OVERWRITES OR WRONG RESULTS ARE POSSIBLE. |
| IT37353 |
COUNT DISTINCT QUERIES AGAINST COLUMNAR ORGANIZED TABLES COULD RETURN INCORRECT RESULTS |
| IT37840 |
INNER JOIN OF AT LEAST 4 COLUMN-ORGANIZED TABLES MIGHT RETURN WRONG RESULTS UNDER SPECIFIC CONDITIONS |
| IT38174 |
INCORRECT RESULT WHEN DB2 QUERY HAS EXISTS SUB QUERY WITH IS NULL PREDICATE |
| IT38870 |
RARE WRONG RESULT IN CDE INDEX CASE WHEN WITH UR IS USED |
| IT38955 |
WRONG RESULTS FROM SELECT COUNT QUERY ON "ORGANIZE BY COLUMN" TABLE |
| IT38969 |
WRONG STRING COMPARISON FOR THAI NLSCHAR DATABASE COULD HAPPEN |
Back to top
-->
| DB2 Version 11.1 Mod 4 Fix Pack 6 |
| Security APARs |
| IT30039 |
SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE ATTACK(CVE-2020-4200) |
| IT32356 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2020-4363) |
| IT35290 |
SECURITY: IBM DB2 CLIENT MAY HANG IN THE EXECUTION OF THE TERMINATE COMMAND (CVE-2020-5024) |
| IT32777 |
SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE ATTACK (CVE-2020-4355) |
| IT34314 |
SECURITY: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642) |
| IT35446 |
SECURITY: DB2 CREATES SOME FILES WITH INSECURE PERMISSIONS (CVE-2020-4976) |
| IT32122 |
SECURITY: MULTIPLE VULNERABILITIES IN DEPENDENT LIBRARIES AFFECT DB2 (CVE-2019-9512) |
| IT34238 |
SECURITY: LOCAL PRIVILEGE ESCALATION IN IBM DB2 WINDOWS CLIENT (CVE-2020-4739) |
| IT31604 |
SECURITY: DB2 IS VULNERABLE TO A PRIVILEGE ESCALATION ATTACK (CVE-2020-4230) |
| IT32741 |
SECURITY: IBM® DB2® IS VULNERABLE TO AN INFORMATION DISCLOSURE AND DENIAL OF SERVICE (CVE-2020-4414) |
| IT32690 |
SECURITY: IBM DB2 IS VULNERABLE TO AN INFORMATION DISCLOSURE (CVE-2020-4387) |
| IT32737 |
SECURITY: IBM® DB2® IS VULNERABLE TO AN INFORMATION DISCLOSURE (CVE-2020-4386) |
| IT31521 |
SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE ATTACK (CVE-2020-4135) |
| IT34472 |
SECURITY: SEVERAL BUFFER OVERFLOW VULNERABILITIES AFFECT DB2 (CVE-2020-4701) |
| IT32287 |
SECURITY: A DB2 CLIENT MAY HANG IN THE EXECUTION OF THE TERMINATE COMMAND. (CVE-2020-4420) |
| IT35305 |
SECURITY: IBM DB2 DB2FM IS VULNERABLE TO A BUFFER OVERFLOW (CVE-2020-5025) |
| IT34755 |
SECURITY: IBM DB2 IS VULNERABLE TO A DENIAL OF SERVICE WHEN EXECUTING A SPECIFICALLY CRAFTED SELECT STATEMENT.(CVE-2021-29702) |
| HIPER APARs |
| IT29941 |
10 CHAR VALUE CAN BE INSERTED INTO VARGRAPHIC(5 CODEUNITS32). THIS SHOULD FAIL WITH SQL0433N ERROR. |
| IT31151 |
WRONG RESULTS ARE POSSIBLE WITH COMPLEX SQL WHICH USES UDFS AND CONSTANTS AND ENCOUNTER A COMPLEX PLAN. |
| IT31208 |
INCORRECT RESULT WHEN USING TWICE JOIN WITH THE SAME TABLE WITH GROUP BY |
| IT31525 |
WRONG RESULT IN UPDATE STATEMENT HAVING CORRELATION. |
| IT31714 |
ON RARE OCCASION, DATA CORRUPTION MIGHT BE INDUCED BY FAILURE TO PANIC THE DATABASE ON ENCRYPTION ERROR. |
| IT33004 |
WRONG RESULT, WHEN OPTIMIZATION LEVEL IS LESS THAN 5 AND NULL EQUALS NULL PREDICATE. |
| IT33805 |
WRONG RESULT/901 WHEN IN USED ON SELECT. |
| IT34774 |
FOR SPECIAL QUERIES DISTINCT IS PULLED UP ABOVE THE UNION LEVEL IN THE OPTIMIZED STATEMENT, WHAT MAY CAUSE WRONG RESULTS |
| IT34063 |
BOOLEAN PREDICATES RETURN WRONG RESULT WITH NULL INPUT |
| IT28641 |
SUBSTR IN COLUMN ORGANIZED COLUMN COMPARISON RETURN WRONG RESULTS |
| IT35118 |
POSSIBLE WRONG RESULT WITH ALWAYS-FALSE PRED OR EXISTS PRED |
| IT29574 |
WRONG RESULT MIGHT OUTPUT FROM QUERIES WITH INNER JOINS AND CORRELATED EXISTS SUB-QUERIES CONTAINING OUTER JOINS |
Back to top
-->
| DB2 Version 11.1 Mod 4 Fix Pack 5 |
| Security APARs |
| IT27152 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2018-1936) |
| IT27203 |
SECURITY: PRIVILEGE ESCALATION DURING ROUTINE EXECUTION IN FENCED MODE (CVE-2019-4057) |
| IT27328 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2019-4014) |
| IT27037 |
SECURITY: IBM JAVA THAT DB2 BUNDLES IS AFFECTED BY MULTIPLE VULNERABILITIES (JAVA CPU JULY 2019) |
| IT28255 |
SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE (CVE-2019-4101) |
| IT28267 |
SECURITY: DB2 DOES NOT EXPLICITLY FORBID A WEAKER THAN EXPECTED 3DES CIPHER WHEN CONFIGURED TO USE SSL (CVE-2019-4102) |
| IT28440 |
SECURITY: DB2 IS VULNERABLE TO A BUFFER OVERFLOW (CVE-2019-4154) |
| IT29115 |
SECURITY: DB2 AFFECTED BY BUFFER OVERFLOW VULNERABILITIES (CVE-2019-4322) |
| IT29350 |
SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE (CVE-2019-4386) |
| IT29425 |
SECURITY: CERTAIN DB2 COMMANDS MAY LEAD TO INFORMATION DISCLOSURE WHEN AUTO_REVAL IS SET TO DEFERRED_FORCE (CVE-2019-4438) |
| IT30142 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION |
| IT30156 |
SECURITY: DB2 EXPOSES SENSITIVE INFORMATION WHEN USING ADMIN_CMD WITH LOAD OR UPDATE ALERT CFG (CVE-2019-4524) |
| IT30431 |
SECURITY: DB2 IS VULNERABLE TO PRIVILEGE ESCALATION (CVE-2019-4587) |
| HIPER APARs |
| IT26298 |
SQL SCALAR FUNCTION DECLARED WITH BEGIN ATOMIC AND CONSISTING OF A SINGLE RETURN STATEMENT MAY PRODUCE WRONG RESULTS |
| IT27748 |
POSSIBLE TO LOAD BAD ROWS INTO A TABLE WHICH HAS "NOT NULL" GENERATED COLUMNS WHEN COMPUTED GENERATED VALUES ARE NULL |
| IT27829 |
HIGH NUMBER OF SQL VARIATIONS & ANCHOR_COMMON LATCH WAITS CAUSING CPU SPIKE |
| IT28014 |
WRONG RESULT IS POSSIBLE IF QUERY OPTIMIZATION IS SET TO 0 AND QUERY HAS "ALL" |
| IT28596 |
QUERY WITH INDEX SCAN ON A COLUMNAR TABLE WHICH IS UNDER A UNION MAY GET INCORRECT RESULT |
| IT28638 |
DB2 MAY PRODUCE INCORRECT RESULTS FOR HSJN WITH PREDICATE THAT HAS CASE(COALESCE) AND NLJN OR ZZJOIN ON THE OUTER |
| IT28739 |
WRONG RESULTS MIGHT BE OBSERVED WHEN RUNNING QUERIES WITH OUTER JOINS AND GROUP BY OPERATIONS |
| IT28784 |
RESTORING A LOADCOPY WHEN THERE IS A MODIFICATION STATE INDEX ON A COLUMN ORGANIZED TABLE MAY CORRUPT THE INDEX |
| IT29099 |
DB2 MAY RETURN INCORRECT RESULT WHEN EXECUTING QUERY WITH UNION VIEW INCLUDE MULTIPLE TABLES |
| IT29242 |
PERFORMANCE MAY BE AFFECTED BY DYNAMIC SQL CACHE NON REUSE |
| IT29415 |
SCALAR FUNCTION HASH8 MAY RETURN DIFFERENT RESULTS FOR THE SAME INPUT ON POWER(TM) LITTLE ENDIAN SYSTEMS |
| IT29981 |
DB2 MAY RETURN INCORRECT RESULTS WHEN EXECUTING IUD STATEMENTS CONTAINING A SUBQUERY WITH CORRELATION AND AGGREGATION |
| IT30249 |
WRONG RESULTS ARE POSSIBLE FOR FEDERATED OR COLUMNAR QUERY WITH AGGREGATION OVER DISTINCT OUTER JOIN |
| IT30466 |
DB2 MAY PRODUCE INCORRECT RESULTS WHEN EXECUTING QUERIES CONTAINING JOINS WITH DIFFERING FLOATING-POINT PRECISIONS |
| IT30978 |
MULTIPLE CLP FRONTENDS ISSUED FROM DIFFERENT SHELL SCRIPTS USES THE SAME BACKEND AGENT, CAUSING UNEXPECTED RESULTS OR ERRORS. |
Back to top
-->
| DB2 Version 11.1 Fix Pack m4ifx001 |
| Security APARs |
| IT26857 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION |
| IT26878 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION |
| IT27364 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION |
| IT27321 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION |
| IT27415 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION |
| IT27148 |
SECURITY: MULTIPLE BUFFER OVERFLOW VULNERABILITIES LEADING TO PRIVILEGE ESCALATION |
| HIPER APARs |
| IT26455 |
WHEN USING REOPT OPTIMIZER GUIDELINE UPDATES, INSERTS AND DELETES RUNNING IN BATCHES MIGHT INSERT WRONG DATA |
| IT27712 |
MERGE STATEMENT INCORRECTLY UPDATES TARGET ROW MULTIPLE TIMES. THE STATEMENT SHOULD HAVE RETURNED ERROR -788 |
| IT27744 |
IF COLUMNAR FUNCTIONALITY IS USED ON A SYSTEM WITH INTEL CPU THAT SUPPORTS AVX-512 THEN WRONG RESULTS ARE POSSIBLE |
| IT27748 |
POSSIBLE TO LOAD BAD ROWS INTO A TABLE WHICH HAS "NOT NULL" GENERATED COLUMNS WHEN COMPUTED GENERATED VALUES ARE NULL |
Back to top
-->
| DB2 Version 11.1 Fix Pack 4 |
| Security APARs |
| IT25813 |
SECURITY: ADMINISTRATIVE TASK SCHEDULER IS VULNERABLE TO A PRIVILEGE ESCALATION |
| IT25819 |
SECURITY: BUFFER OVERFLOW IN DB2 DB2LICM UTILITY |
| IT25466 |
SECURITY: PRIVILEGE ESCALATION VULNERABILITY IN DB2CACPY |
| IT26595 |
SECURITY: FGAC RULES NOT BEING ENFORCED BY CTAS SUB-SELECT STATEMENTS |
| IT26315 |
SECURITY: DB2 IS VULNERABLE TO PRIVILEGE ESCALATION |
| IT26132 |
SECURITY: PRIVILEGE ESCALATION IN ROOT SETUID EXECUTABLES |
| IT26131 |
SECURITY: DB2 VULNERABLE TO SYMBOLIC LINK ATTACK RESULTING IN PRIVILEGE ESCALATION |
| IT26130 |
SECURITY: DB2 DAS PRIVILEGE ESCALATION FROM DAS OWNER TO ROOT VIA SYMBOLIC LINK ATTACK |
| IT26129 |
SECURITY: DB2 IS VULNERABLE TO SYMBOLIC LINK ATTACK LEADING TO PRIVILEGE ESCALATION |
| IT26514 |
SECURITY: DB2 IS AFFECTED BY A VULNERABILITY IN IBM SPECTRUM SCALE |
| IT26713 |
SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION |
| IT24840 |
SECURITY: UPDATE IBM SDK, JAVA TECHNOLOGY EDITION QUARTERLY CPU - JAN 2018 AND APR 2018 |
| IT25162 |
SECURITY: DENIAL OF SERVICE WHEN USING TRUNC SCALAR FUNCTION |
| HIPER APARs |
| IT20864 |
PLANS CONTAINING MULTI-KEY CHAR SORTS WITH GREATER THAN 500 ROWS ON IDENTITY_16 DATABASES MAY RETURN INCORRECT RESULTS |
| IT23521 |
SQL WITH OLAP SPECIFICATION EXECUTED AGAINST COLUMNAR ORGANIZED TABLES COULD PRODUCE INTERMITTENT WRONG RESULT |
| IT24193 |
INTERMITTENT WRONG RESULTS ARE POSSIBLE WITH A PLAN WHERE COLUMNAR EARLY OUT NLJN IS PRESENT |
| IT25187 |
UDF FUNCTIONS RUN AGAINST COLUMNAR (BLU) TABLES MIGHT RETURN INCORRECT RESULTS |
| IT25326 |
UNICODE DATA CONTAINING CJK Ext-B FAILS TO CONVERT TO 1392 CODEPAGE |
| IT25651 |
WRONG RESULT IS POSSIBLE WHEN SQL HAS SEVERAL INSTANCES OF SYSIBM.RAND(SEED) |
| IT25706 |
INCORRECT RESULTS COULD HAPPEN WITH OUTER JOINS AND EXPRESSIONS IN JOIN COLUMNS |
| IT25722 |
NOSQL UPDATE WITH "$SET" COULD UPDATE DATA WITH NULL VALUE AND CAUSE SUBSEQUENT ERRORS |
| IT26009 |
COLUMNAR ONLY: POSSIBLE WRONG RESULT IN EQUALITY JOIN WHEN COMPARING ZERO BINARY FLOATING POINT VALUE |
| IT26282 |
UPDATE ON FULL TABLE WHICH USES SUB_SELECT COULD INCORRECTLY SET VALUES TO NULL FOR COLUMN BEING UPDATED |
| IT26322 |
JOIN OF COLUMN-ORGANIZED TABLES MIGHT RETURN INCORRECT RESULTS |
| IT26479 |
POTENTIAL WRONG QUERY RESULT IF A FROM CLAUSE INCLUDES A MIXTURE OF LEFT OUTER AND LEFT OUTER TO ONE JOINS |
Back to top
-->
| DB2 Version 11.1 Fix Pack m3ifx002 |
| Security APARs |
| IT24283 |
SECURITY: PRIVILEGE ESCALATION VULNERABILITY IN THE DB2 DAS COMPONENT ON WINDOWS |
| IT24474 |
SECURITY: PRIVILEGE ESCALATION VIA UNTRUSTED LIBRARY PATH |
| IT24823 |
SECURITY: FORMAT STRING VULNERABILITIES EXISTS IN DB2SUPP |
| HIPER APARs |
| IT24687 |
QUERIES USING THE SAME UNNEST IN DIFFERENT PARTS OF THE PLAN COULD RETURN WRONG RESULTS FOR SOME COLUMNS |
| IT25322 |
db2ckupgrade fails with SQL10007N Message "5556" could not be re trieved. Reason code: "4" when upgrading from v10.5fp10 to v11.1 |
Back to top
-->
| DB2 Version 11.1 Fix Pack m3ifx001 |
| Security APARs |
| IT24171 |
SECURITY: DB2 IS AFFECTED BY MULTIPLE ARBITRARY FILE OVERWRITE VULNERABILITIES |
| IT24311 |
SECURITY: RAH.EXE BUFFER OVERFLOW |
| IT24473 |
SECURITY: BUFFER OVERFLOW IN DB2LICM |
| IT24642 |
SECURITY: DB2CONVERT IS VULNERABLE TO BUFFER OVERFLOW |
| IT24799 |
SECURITY: MULTIPLE VULNERABILITIES IN DB2EXMIG AND DB2EXFMT |
| HIPER APARs |
| IT20634 |
INCORRECT RESSULT WHEN AT LEAST 3 COLUMNAR TABLES ARE JOINED THROUGH CDE NLJNS AND TOP NLJN IS EARLY OUT |
| IT24494 |
OVERLAPS FUNCTION EXECUTED AGAINST COLUMNAR ORGANIZED TABLE COULD RETURN WRONG RESULTS IF INPUT COLUMNS HAVE NULL VALUES |
| IT24665 |
SCAN OF COLUMNAR TABLE COULD PRODUCE DUPLICATE ROWS |
| IT24968 |
CRASH RECOVERY MIGHT FAIL OR INTRODUCE DATABASE CORRUPTION WHEN USING AN ENCRYPTED DATABASE |
Back to top
-->
| DB2 Version 11.1 Fix Pack 3 |
| Security APARs |
| IT22415 |
SECURITY: DB2 INSTALL USES WEAK PASSWORD ENCRYPTION (CVE-2017-1571) |
| IT23794 |
SECURITY: UNSAFE DESERIALIZATION IN DB2 JDBC DRIVER |
| IT24059 |
SECURITY: UPDATE GSKIT TO THE NEWEST FIPS CERTIFIED VERSION |
| IT24170 |
SECURITY: DB2GENP ARBITRARY FILE OVERWRITE VULNERABILITY |
| HIPER APARs |
| IT21085 |
AGAINST COLUMNAR TABLES, COMBINATION OF EXCLUSIVE TABLE LOCK AND UNCOMMITTED INSERT AND SELECT COULD RETURN INCORRECT RESULTS |
| IT22221 |
WRONG RESULTS OR SQL901N MAY OCCUR WHEN EXECUTING A SQL STATEMENT CONTAINING TWO OR MORE NOT IN OR NOT EXISTS PREDICATES |
| IT22783 |
INCORRECT RESULT WHEN USING THE XMLTABLE FUNCTION AND RFERENCING ELEMENTS THAT DON"T EXIST IN THE SOURCE DOCUMENT |
| IT23261 |
INCORRECT RESULTS WITH AGGREGATION ON OUTER JOINED TABLE WITH FOREIGN KEY ON NULL PRODUCING TABLE |
| IT23741 |
A QUERY OVER NICKNAMES OR COLUMN ORGANIZED TABLES CONTAINING FETCH FIRST N ROWS ONLY CLAUSE MAY RETURN INCORRECT RESULTS |
| IT23875 |
WRONG RESULTS ARE POSSIBLE WHEN EXECUTING A SQL STATEMENT ELIGIBLE FOR ZIGZAG JOIN ON A NON-PARTITIONED INDEX |
| IT23907 |
IN CDE, INCORRECT RESULTS MIGHT BE RETURNED FOR A QUERY THAT REFERENCES A CORRELATED SCALARY SUBQUERY IN A PREDICATE |
| IT24041 |
WRONG RESULTS OR SQL901N ERROR POSSIBLE WHEN EXECUTING SQL STATEMENT WITH SCALAR SUBQUERY ON COLUMN ORGANIZED TABLES |
Back to top
-->
| DB2 Version 11.1 Fix Pack m2ifx002 |
| HIPER APARs |
| IT21948 |
DB2 MAY RETURN WRONG RESULTS WITH ORACLE COMPATIBILITY AND SUBSTR |
| IT21985 |
DOING LIKE ON A CODEUNITES32 FIXED LENGTH COLUMN IN THE COLUMNAR ORGANIZED TABLE COULD RETURN AN INCORRECT RESULT |
| IT22013 |
WRONG RESULT IS POSSIBLE WHEN CODEUNITS 32 IS USED IN A ROW DATA TYPE ASSIGNMENT AND CAST IS USED |
| IT22345 |
WRONG RESULT WHEN EXPRESSION ON JOIN COLUMN |
| IT22386 |
DB2 : IF ANY COMMAND WITH RECLAIM EXTENTS OPTION IS RUN ON AN MDC TABLE DURING A BACKUP, A ROLLFORWARD ON IT COULD FAIL |
| IT22750 |
POSSIBLE WRONG RESULTS WITH VARCHAR_FORMAT WHEN USING 'DY DDD YYYY' FORMAT |
| IV97845 |
A QUERY AGAINST COLUMNAR ORGANIZED TABLE AND ARITHMETIC ON BOTH TIME AND DECIMAL DATATYPES MAY RETURN INCORRECT RESULT |
| IV99561 |
RARE TRAP DURING CDE HASH JOIN WHEN DATA VOLUME ON THE INNER OF THE JOIN IS EXTREMELY LARGE |
| IT27860 |
PARALLEL IXSCANS FOR COLUMN-ORGANIZED TABLES MIGHT CAUSE AN ABEND/WRONG RESULTS IF UPDATE ACTIVITY OCCURS IN THE SAME CONNECTION |
Back to top
-->
| DB2 Version 11.1 Fix Pack m2ifx001 |
| Security APARs |
| IT21140 |
SECURITY: ESCALATION TO ROOT VULNERABILITY IN DB2. |
| IT21347 |
SECURITY: CONNECTION STRING DISPLAYED IN ERROR MESSAGE |
| IT21364 |
ESCALATION TO ROOT VULNERABILITY IN DB2. |
| IT21455 |
SECURITY: DB2CONNECT SERVER CAN CRASH UNDER SPECIFIC CONDITIONS. |
| IT21458 |
SECURITY: DB2 CAN BE USED TO OVERWRITE ARBITRARY FILES OWNED BY DB2 INSTANCE |
| IT21459 |
SECURITY: USER WITHOUT PROPER AUTHORITY CAN ACTIVATE DATABASE. |
| HIPER APARs |
| IT18136 |
INSERT QUERY THAT HAS A COLUMN VALUE GENERATED USING TRIGGER COULD PRODUCE WRONG RESULTS OR SQL0407N |
| IT19976 |
SQL QUERIES WITH IN OR NOT IN CLAUSE MAY PRODUCE INCORRECT RESULTS FOR A COLUMN-ORGANIZED TABLE |
| IT20438 |
INCORRECT RESULT OR SQL0811N ARE POSSIBLE WHEN SQL CONTAINS SCALAR NOT EXISTS SUBQUERY |
| IT20518 |
IN DPF, WHEN UNIQUE TQ IS PRESENT IN THE PLAN AND SPECIAL INTERN AL PERF OPT IS HAPPENING, POSSIBLE DUPLICATE VALUES RETURNED |
| IT20720 |
TRUNCATING CAST TO (VAR)CHAR AGAINST A COLUMNAR ORGANIZED TABLE COULD RETURN DANGLING BYTE INSTEAD OF A BLANK CHARACTER. |
| IT20786 |
INCORRECT RESULT POSSIBLE WHEN CASE AND ANOTHER PREDICATE HAVE THE SAME COMPARISON OPERATION |
| IT21100 |
UPDATE OF UNIQUE COLUMNS MIGHT RESULT IN DUPLICATES IN A TABLE WITH A UNIQUE INDEX |
Back to top
-->
| DB2 Version 11.1 Fix Pack 2 |
| Security APARs |
| IT17647 |
SECURITY: VULNERABILITY IN GSKIT AFFECTS IBM DB2 (CVE-2016-2183) |
| IT20462 |
SECURITY: TSAMP PRIVILEGE ESCALATION VULNERABILITY AFFECTS DB2 (CVE-2017-1134) |
| IT20562 |
SECURITY: DB2 CLP WILL TRAP IF IT IS PASSED A ROUTINE NAME GREATER THEN THE ALLOWED MAXIMUM LENGTH (CVE-2017-1297). |
| IT20563 |
SECURITY: BUFFER OVERFLOW THAT COULD ALLOW A LOCAL USER TO OVERWRITE DB2 FILES OR CAUSE A DENIAL OF SERVICE (CVE-2017-1105). |
| IT20566 |
SECURITY: DB2 IS AFFECTED BY VULNERABILITIES IN COMPRESSION ROUTINES. |
| HIPER APARs |
| IT17787 |
SQL STATEMENT WITH AN EXISTS PREDICATE AND A JOIN INVOLVING NON-DETERMINISTIC CORRELATED SUBQUERY MAY RETURN MORE ROWS |
| IT17894 |
PREDICATE COMPARING SUBSTR ON CODEUNITES32 COLUMN IN THE COLUMN AR ORGANIZED TABLE TO HOST VAR COULD RETURN AN INCORRECT RESULT |
| IT18021 |
INCORRECTLY GENERATED DERIVED PREDICATES MIGHT CAUSE INCORRECTQUERY RESULTS DUE TO TRAILING BLANKS |
| IT18083 |
WRONG RESULTS AGAINST COLUMN ORGANIZED TABLE ARE POSSIBLE WITH EXPANDING JOIN PLAN |
| IT18101 |
AN SQL STATEMENT IN A PARTITIONED DATABASE ENV CONTAINING THE ROW_NUMBER() OVER() OPERATION MIGHT PRODUCE INCONSISTENT RESULTS |
| IT18170 |
WRONG RESULT IS POSSIBLE IF GENERATED ALWAYS EXPRESSION REFERENCES A BUILT-IN FUNCTION WITH MORE THEN ONE STRING INPUT |
| IT18204 |
WRONG RESULT IS POSSIBLE IN ORACLE COMPATIBILITY MODE UNICODE DB WHEN COMPARING A CHAR COLUMN WITH A GRAPHIC CONSTANT |
| IT18381 |
DB2 MAY RETURN INCORRECT RESULTS IF USING A CASE STATEMENT TO COMPARE FIXED CHAR/GRAPHIC STRINGS IN VARCHAR2 COMPATIBILITY MODE |
| IT18502 |
DB2 MAY RETURN SQLCODE:-901 OR RETURN WRONG RESULTS ON QUERIES WITH PLANS THAT INVOVLE SORT ON AN ENCRYPTED DATABASE |
| IT18506 |
DB2 CAN RETURN WRONG RESULTS WHEN USING THE SPECIAL REGISTER 'CURRENT DECFLOAT ROUNDING MODE' IN A QUERY IN AN MPP ENVIRONMENT |
| IT18742 |
TRUNC ON MINIMUM INTEGER VALUE MIGHT RETURN 0 WHEN (VALUE, -X) IS DONE |
| IT18797 |
PURESCALE: QUERY MIGHT RETURNS WRONG RESULT WHEN INPLACE (ONLINE) TABLE REORGANIZATION IS RUNNING |
| IT19197 |
DB2 MIGHT PRODUCE INCORRECT RESULT WHEN EXECUTING XQUERY WITH MULTIPLE OR SUBTERMS |
| IT19608 |
DB2 MAY CONVERT VIEW COLUMN TYPES INCORRECTLY OR RETURN SQL0418N UPON REVALIDATION OF A VIEW WITH UNTYPED EXPRESSIONS |
| IT19796 |
COMPILED COMPOUND SQL OR A PL/SQL ANONYMOUS BLOCK CAN DELETE ALL ROWS OF A ON COMMIT DELETE ROWS TEMPORARY TABLE |
| IT20463 |
INCORRECT RESULTS ARE POSSIBLE WHEN CONCURRENT QUERIES ACCESS COLUMNAR ORGANIZED TABLES AND USE CS ISOLATION |
| IT20661 |
WRONG RESULTS MIGHT OCCUR WHEN SCALAR SUB-QUERY IS ON THE LEFT HAND SIDE OF A NOT IN PREDICATE |
| IV91752 |
THE FIRST UPDATE STATEMENT FOR A COLUMN-ORGANIZED TABLE MAY IN RARE CASES CAUSE FUTURE QUERIES TO MISS SOME MATCHING RESULTS |
| IV93080 |
WRONG RESULT IS POSSIBLE WHEN COLUMNAR TABLES ARE INVOLVED IN A PLAN WITH A UNION AND CSE IS PUSHED DOWN ON TO CDE |
Back to top
-->
| DB2 Version 11.1 Fix Pack 1 |
| Security APARs |
| IT15579 |
SECURITY: DB2 IS AFFECTED BY OPEN SOURCE APACHE XERCES-C XML PARSER VULNERABILITIES (CVE-2016-0729) |
| IT16324 |
SECURITY: DB2 PURESCALE AFFECTED BY MULTIPLE VULNERABILITIES IN GPFS |
| IT17012 |
SECURITY: ELEVATED PRIVILEGES WITH DB2 EXECUTABLES (CVE-2016-5995) |
| IT17530 |
SECURITY: DB2 PURESCALE AFFECTED BY A VULNERABILITY IN GPFS (CVE-2016-2119) |
| HIPER APARs |
| IT16112 |
A CORRELATED SCALAR SUBQUERY IN AN UPDATE STATEMENT MAY NOT CORRECTLY RETURN SQL0811N |
| IT16385 |
DB2 DATA SERVER CLIENT SILENT INSTALL FAILS WITH ERROR: PRODUCT: IBM DATA SERVER CLIENT - DB2COPY1 -- ERROR 1314 |
| IT16656 |
SQL0801 AND WRONG RESULTS FROM STDDEV_SAMP, VARIANCE_SAMP, COVARIANCE_SAMP WHEN USED IN AN OLAP SPECIFICATION |
| IT16703 |
DB2 MAY RETURN INCORRECT RESULTS WHEN USING STRING EQUALITY PREDICATES CONTAINING DIFFERING CODE UNITS |
| IT16869 |
SELECT ROW CHANGE TOKEN WILL RETURN WRONG RESULT WHEN USINGRIDSCAN (ROW IDENTIFIER SCAN) |
| IT16893 |
ONLINE BACKUP WITH COMPRESSION AND ENCRYPTION MAY CREATE A CORRUPTED BACKUP FILE |
| IT17179 |
IF ARRAY USED IN AN OPEN CURSOR IS MODIFIED THEN WRONG RESULT OR A TRAP ARE POSSIBLE |
| IT17452 |
WRONG RESULT IN STORED PROCEDURE QUERY WHEN ADD/DROP CHECK CONSTRAINT |
| IT17458 |
IN DB2 DPF, POSSIBLE WRONG RESULT WHEN OUTER JOIN PREDICATE COL1=COL2 AND BOTH COLUMNS ARE FROM THE OUTER TABLE |
| IT17489 |
SELECT AGAINST AN MDC TABLE WITH A RANGE PREDICATE IN SMP MIGHT RETURN A WRONG RESULT |
| IT17556 |
INCORRECT RESULTS ARE POSSIBLE WHEN JOIN AGAINST CDE TABLES IS DONE AND AN UNDOCUMENTED JOIN SUPPORT REGISTRY VARIABLE SET |
| IT17941 |
POSSIBLE WRONG RESULTS WHEN THE INPUT PARAMETERS OF AN INLINED SQL SCALAR UDF CONTAINS AN OLAP SPECIFICATION |
| IV90269 |
QUERIES WITH MULTIPLE OLAP CLAUSES AND DISTINCT AGAINST COLUMN ORGANIZED TABLES COULD RETURN WRONG RESULTS |
| IV90750 |
INCORRECT RESULTS ARE POSSIBLE WHEN MULTIPLE ROW_NUMBER() , INLINED SQL SCALAR UDF AND COLUMN ORGANIZED TABLES ARE PRESENT |
Back to top
DB2 fix packs for all supported versions can be downloaded at the following site: http://www.ibm.com/support/docview.wss?uid=swg27007053
The DB2 team will continue to have a strong focus on delivering timely fixes for newly discovered issues along with information that helps our customers to decide on an appropriate course of action. The DB2 team regrets the inconvenience that these issues are causing to you, our customers. We believe that our actions are the most prudent steps to address your concerns and remain open to suggestions on how to further improve our processes.
My Notifications
Sign-up to receive e-mail notification of changes to this document.
1. Sign in to My Notifications
2. select Subscribe tab
3. select "Information Management" from the Software column
4. select the check box for "DB2 for Linux, UNIX and Windows"
click the Continue button.
5. select the check box for "Flashes" and all other document types
click the Submit button.
For more information about My Notifications please click on
the Benefits and features or
take a guided tour of My Notifications.
2
[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"OTHER - Uncategorised","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"11.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSEPDU","label":"Db2 Connect"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]