IBM Support

Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for Linux, UNIX, and Windows Version 11.1

Flashes (Alerts)


Abstract

This document contains a list of fixes for Security and HIPER APARs in DB2 Version 11.1.

Content

A set of security vulnerabilities was discovered in some DB2 database products. These vulnerabilities were analyzed by the DB2 development organization and a set of corresponding fixes was created to address the reported issues. IBM is not currently aware of any externally reported incidents where production DB2 installations have been compromised due to these issues.

The affected DB2 UDB for Linux, UNIX, and Windows products are:

DB2 Connect Server (all Editions)
DB2 Developer Edition
DB2 Enterprise Server (all Editions)
DB2 Express Server (all Editions)
DB2 Workgroup Server (all Editions)

DB2 Client component and DB2 products or components other than those listed above are not affected.

Due to the complexity of the fixes required to eliminate the reported service issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 11.1 fix packs.

Select a Fix Pack: 1 2 m2ifx001 m2ifx002 3 m3ifx001 m3ifx002 4 m4ifx001 

-->

DB2 Version 11.1 Fix Pack m4ifx001
Security APARs
IT26857 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION
IT26878 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION
IT27364 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION
IT27321 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION
IT27415 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION
IT27148 SECURITY: MULTIPLE BUFFER OVERFLOW VULNERABILITIES LEADING TO PRIVILEGE ESCALATION
HIPER APARs
IT26455 WHEN USING REOPT OPTIMIZER GUIDELINE UPDATES, INSERTS AND DELETES RUNNING IN BATCHES MIGHT INSERT WRONG DATA
IT27712 MERGE STATEMENT INCORRECTLY UPDATES TARGET ROW MULTIPLE TIMES. THE STATEMENT SHOULD HAVE RETURNED ERROR -788
IT27744 IF COLUMNAR FUNCTIONALITY IS USED ON A SYSTEM WITH INTEL CPU THAT SUPPORTS AVX-512 THEN WRONG RESULTS ARE POSSIBLE
IT27748 POSSIBLE TO LOAD BAD ROWS INTO A TABLE WHICH HAS "NOT NULL" GENERATED COLUMNS WHEN COMPUTED GENERATED VALUES ARE NULL

-->

DB2 Version 11.1 Fix Pack 4
Security APARs
IT25813 SECURITY: ADMINISTRATIVE TASK SCHEDULER IS VULNERABLE TO A PRIVILEGE ESCALATION
IT25819 SECURITY: BUFFER OVERFLOW IN DB2 DB2LICM UTILITY
IT25466 SECURITY: PRIVILEGE ESCALATION VULNERABILITY IN DB2CACPY
IT26595 SECURITY: FGAC RULES NOT BEING ENFORCED BY CTAS SUB-SELECT STATEMENTS
IT26315 SECURITY: DB2 IS VULNERABLE TO PRIVILEGE ESCALATION
IT26132 SECURITY: PRIVILEGE ESCALATION IN ROOT SETUID EXECUTABLES
IT26131 SECURITY: DB2 VULNERABLE TO SYMBOLIC LINK ATTACK RESULTING IN PRIVILEGE ESCALATION
IT26130 SECURITY: DB2 DAS PRIVILEGE ESCALATION FROM DAS OWNER TO ROOT VIA SYMBOLIC LINK ATTACK
IT26129 SECURITY: DB2 IS VULNERABLE TO SYMBOLIC LINK ATTACK LEADING TO PRIVILEGE ESCALATION
IT26514 SECURITY: DB2 IS AFFECTED BY A VULNERABILITY IN IBM SPECTRUM SCALE
IT26713 SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION
IT24840 SECURITY: UPDATE IBM SDK, JAVA TECHNOLOGY EDITION QUARTERLY CPU - JAN 2018 AND APR 2018
IT25162 SECURITY: DENIAL OF SERVICE WHEN USING TRUNC SCALAR FUNCTION
HIPER APARs
IT20864 PLANS CONTAINING MULTI-KEY CHAR SORTS WITH GREATER THAN 500 ROWS ON IDENTITY_16 DATABASES MAY RETURN INCORRECT RESULTS
IT23521 SQL WITH OLAP SPECIFICATION EXECUTED AGAINST COLUMNAR ORGANIZED TABLES COULD PRODUCE INTERMITTENT WRONG RESULT
IT24193 INTERMITTENT WRONG RESULTS ARE POSSIBLE WITH A PLAN WHERE COLUMNAR EARLY OUT NLJN IS PRESENT
IT25187 UDF FUNCTIONS RUN AGAINST COLUMNAR (BLU) TABLES MIGHT RETURN INCORRECT RESULTS
IT25326 UNICODE DATA CONTAINING CJK Ext-B FAILS TO CONVERT TO 1392 CODEPAGE
IT25651 WRONG RESULT IS POSSIBLE WHEN SQL HAS SEVERAL INSTANCES OF SYSIBM.RAND(SEED)
IT25706 INCORRECT RESULTS COULD HAPPEN WITH OUTER JOINS AND EXPRESSIONS IN JOIN COLUMNS
IT25722 NOSQL UPDATE WITH "$SET" COULD UPDATE DATA WITH NULL VALUE AND CAUSE SUBSEQUENT ERRORS
IT26009 COLUMNAR ONLY: POSSIBLE WRONG RESULT IN EQUALITY JOIN WHEN COMPARING ZERO BINARY FLOATING POINT VALUE
IT26282 UPDATE ON FULL TABLE WHICH USES SUB_SELECT COULD INCORRECTLY SET VALUES TO NULL FOR COLUMN BEING UPDATED
IT26322 JOIN OF COLUMN-ORGANIZED TABLES MIGHT RETURN INCORRECT RESULTS
IT26479 POTENTIAL WRONG QUERY RESULT IF A FROM CLAUSE INCLUDES A MIXTURE OF LEFT OUTER AND LEFT OUTER TO ONE JOINS

-->

DB2 Version 11.1 Fix Pack m3ifx002
Security APARs
IT24283 SECURITY: PRIVILEGE ESCALATION VULNERABILITY IN THE DB2 DAS COMPONENT ON WINDOWS
IT24474 SECURITY: PRIVILEGE ESCALATION VIA UNTRUSTED LIBRARY PATH
IT24823 SECURITY: FORMAT STRING VULNERABILITIES EXISTS IN DB2SUPP
HIPER APARs
IT24687 QUERIES USING THE SAME UNNEST IN DIFFERENT PARTS OF THE PLAN COULD RETURN WRONG RESULTS FOR SOME COLUMNS
IT25322 db2ckupgrade fails with SQL10007N Message "5556" could not be re trieved. Reason code: "4" when upgrading from v10.5fp10 to v11.1

-->

DB2 Version 11.1 Fix Pack m3ifx001
Security APARs
IT24171 SECURITY: DB2 IS AFFECTED BY MULTIPLE ARBITRARY FILE OVERWRITE VULNERABILITIES
IT24311 SECURITY: RAH.EXE BUFFER OVERFLOW
IT24473 SECURITY: BUFFER OVERFLOW IN DB2LICM
IT24642 SECURITY: DB2CONVERT IS VULNERABLE TO BUFFER OVERFLOW
IT24799 SECURITY: MULTIPLE VULNERABILITIES IN DB2EXMIG AND DB2EXFMT
HIPER APARs
IT20634 INCORRECT RESSULT WHEN AT LEAST 3 COLUMNAR TABLES ARE JOINED THROUGH CDE NLJNS AND TOP NLJN IS EARLY OUT
IT24494 OVERLAPS FUNCTION EXECUTED AGAINST COLUMNAR ORGANIZED TABLE COULD RETURN WRONG RESULTS IF INPUT COLUMNS HAVE NULL VALUES
IT24665 SCAN OF COLUMNAR TABLE COULD PRODUCE DUPLICATE ROWS
IT24968 CRASH RECOVERY MIGHT FAIL OR INTRODUCE DATABASE CORRUPTION WHEN USING AN ENCRYPTED DATABASE


-->

DB2 Version 11.1 Fix Pack 3
Security APARs
IT22415 SECURITY: DB2 INSTALL USES WEAK PASSWORD ENCRYPTION (CVE-2017-1571)
IT23794 SECURITY: UNSAFE DESERIALIZATION IN DB2 JDBC DRIVER
IT24059 SECURITY: UPDATE GSKIT TO THE NEWEST FIPS CERTIFIED VERSION
IT24170 SECURITY: DB2GENP ARBITRARY FILE OVERWRITE VULNERABILITY
HIPER APARs
IT21085 AGAINST COLUMNAR TABLES, COMBINATION OF EXCLUSIVE TABLE LOCK AND UNCOMMITTED INSERT AND SELECT COULD RETURN INCORRECT RESULTS
IT22221 WRONG RESULTS OR SQL901N MAY OCCUR WHEN EXECUTING A SQL STATEMENT CONTAINING TWO OR MORE NOT IN OR NOT EXISTS PREDICATES
IT22783 INCORRECT RESULT WHEN USING THE XMLTABLE FUNCTION AND RFERENCING ELEMENTS THAT DON"T EXIST IN THE SOURCE DOCUMENT
IT23261 INCORRECT RESULTS WITH AGGREGATION ON OUTER JOINED TABLE WITH FOREIGN KEY ON NULL PRODUCING TABLE
IT23741 A QUERY OVER NICKNAMES OR COLUMN ORGANIZED TABLES CONTAINING FETCH FIRST N ROWS ONLY CLAUSE MAY RETURN INCORRECT RESULTS
IT23875 WRONG RESULTS ARE POSSIBLE WHEN EXECUTING A SQL STATEMENT ELIGIBLE FOR ZIGZAG JOIN ON A NON-PARTITIONED INDEX
IT23907 IN CDE, INCORRECT RESULTS MIGHT BE RETURNED FOR A QUERY THAT REFERENCES A CORRELATED SCALARY SUBQUERY IN A PREDICATE
IT24041 WRONG RESULTS OR SQL901N ERROR POSSIBLE WHEN EXECUTING SQL STATEMENT WITH SCALAR SUBQUERY ON COLUMN ORGANIZED TABLES


-->

DB2 Version 11.1 Fix Pack m2ifx002
HIPER APARs
IT21948 DB2 MAY RETURN WRONG RESULTS WITH ORACLE COMPATIBILITY AND SUBSTR
IT21985 DOING LIKE ON A CODEUNITES32 FIXED LENGTH COLUMN  IN THE COLUMNAR ORGANIZED TABLE  COULD RETURN AN INCORRECT RESULT
IT22013 WRONG RESULT IS POSSIBLE WHEN CODEUNITS 32 IS USED IN A ROW DATA TYPE ASSIGNMENT AND CAST IS USED
IT22345 WRONG RESULT WHEN EXPRESSION ON JOIN COLUMN
IT22386 DB2 : IF ANY COMMAND WITH RECLAIM EXTENTS OPTION IS RUN ON AN MDC TABLE DURING A BACKUP, A ROLLFORWARD ON IT COULD FAIL
IT22750 POSSIBLE WRONG RESULTS WITH VARCHAR_FORMAT WHEN USING 'DY DDD YYYY' FORMAT
IV97845 A QUERY AGAINST COLUMNAR ORGANIZED TABLE AND ARITHMETIC ON BOTH TIME AND DECIMAL DATATYPES MAY RETURN INCORRECT RESULT
IV99561 RARE TRAP DURING  CDE HASH JOIN WHEN DATA VOLUME ON THE INNER OF THE JOIN IS EXTREMELY LARGE
IT27860 PARALLEL IXSCANS FOR COLUMN-ORGANIZED TABLES MIGHT CAUSE AN ABEND/WRONG RESULTS IF UPDATE ACTIVITY OCCURS IN THE SAME CONNECTION


-->

DB2 Version 11.1 Fix Pack m2ifx001
Security APARs
IT21140 SECURITY: ESCALATION TO ROOT VULNERABILITY IN DB2.
IT21347 SECURITY: CONNECTION STRING DISPLAYED IN ERROR MESSAGE
IT21364 ESCALATION TO ROOT VULNERABILITY IN DB2.
IT21455 SECURITY: DB2CONNECT SERVER CAN CRASH UNDER SPECIFIC CONDITIONS.
IT21458 SECURITY: DB2 CAN BE USED TO OVERWRITE ARBITRARY FILES OWNED BY DB2 INSTANCE
IT21459 SECURITY: USER WITHOUT PROPER AUTHORITY CAN ACTIVATE DATABASE.
HIPER APARs
IT18136 INSERT QUERY THAT HAS A COLUMN VALUE GENERATED USING TRIGGER COULD PRODUCE WRONG RESULTS OR SQL0407N
IT19976 SQL QUERIES WITH IN OR NOT IN CLAUSE MAY PRODUCE INCORRECT RESULTS FOR A COLUMN-ORGANIZED TABLE
IT20438 INCORRECT RESULT OR SQL0811N ARE POSSIBLE WHEN SQL CONTAINS SCALAR NOT EXISTS SUBQUERY
IT20518 IN DPF, WHEN UNIQUE TQ IS PRESENT IN THE PLAN AND SPECIAL INTERN AL PERF OPT IS HAPPENING, POSSIBLE DUPLICATE VALUES RETURNED
IT20720 TRUNCATING CAST  TO (VAR)CHAR AGAINST A COLUMNAR ORGANIZED TABLE COULD RETURN DANGLING BYTE INSTEAD OF A BLANK CHARACTER.
IT20786 INCORRECT RESULT POSSIBLE WHEN CASE AND ANOTHER PREDICATE  HAVE THE SAME COMPARISON OPERATION
IT21100 UPDATE OF UNIQUE COLUMNS MIGHT RESULT IN DUPLICATES IN A TABLE WITH A UNIQUE INDEX


-->

DB2 Version 11.1 Fix Pack 2
Security APARs
IT17647 SECURITY: VULNERABILITY IN GSKIT AFFECTS IBM DB2 (CVE-2016-2183)
IT20462 SECURITY: TSAMP PRIVILEGE ESCALATION VULNERABILITY AFFECTS DB2 (CVE-2017-1134)
IT20562 SECURITY: DB2 CLP WILL TRAP IF IT IS PASSED A ROUTINE NAME GREATER THEN THE ALLOWED MAXIMUM LENGTH (CVE-2017-1297).
IT20563 SECURITY: BUFFER OVERFLOW THAT COULD ALLOW A LOCAL USER TO OVERWRITE DB2 FILES OR CAUSE A DENIAL OF SERVICE (CVE-2017-1105).
IT20566 SECURITY: DB2 IS AFFECTED BY VULNERABILITIES IN COMPRESSION ROUTINES.
HIPER APARs
IT17787 SQL STATEMENT WITH AN EXISTS PREDICATE AND A JOIN INVOLVING NON-DETERMINISTIC CORRELATED SUBQUERY MAY RETURN MORE ROWS
IT17894 PREDICATE COMPARING SUBSTR ON CODEUNITES32 COLUMN  IN THE COLUMN AR ORGANIZED TABLE TO HOST VAR COULD RETURN AN INCORRECT RESULT
IT18021 INCORRECTLY GENERATED DERIVED PREDICATES MIGHT CAUSE INCORRECTQUERY RESULTS DUE TO TRAILING BLANKS
IT18083 WRONG RESULTS AGAINST COLUMN ORGANIZED TABLE ARE POSSIBLE WITH EXPANDING JOIN PLAN
IT18101 AN SQL STATEMENT IN A PARTITIONED DATABASE ENV CONTAINING THE ROW_NUMBER() OVER() OPERATION MIGHT PRODUCE INCONSISTENT RESULTS
IT18170 WRONG RESULT IS POSSIBLE IF GENERATED ALWAYS EXPRESSION REFERENCES A BUILT-IN FUNCTION WITH MORE THEN ONE STRING INPUT
IT18204 WRONG RESULT IS POSSIBLE IN ORACLE COMPATIBILITY MODE UNICODE DB WHEN COMPARING A CHAR COLUMN WITH A GRAPHIC CONSTANT
IT18381 DB2 MAY RETURN INCORRECT RESULTS IF USING A CASE STATEMENT TO COMPARE FIXED CHAR/GRAPHIC STRINGS IN VARCHAR2 COMPATIBILITY MODE
IT18502 DB2 MAY RETURN SQLCODE:-901 OR RETURN WRONG RESULTS ON QUERIES WITH PLANS THAT INVOVLE SORT ON AN ENCRYPTED DATABASE
IT18506 DB2 CAN RETURN WRONG RESULTS WHEN USING THE SPECIAL REGISTER 'CURRENT DECFLOAT ROUNDING MODE' IN A QUERY IN AN MPP ENVIRONMENT
IT18742 TRUNC ON MINIMUM  INTEGER VALUE MIGHT RETURN 0 WHEN (VALUE, -X) IS DONE
IT18797 PURESCALE: QUERY MIGHT RETURNS WRONG RESULT WHEN INPLACE (ONLINE) TABLE REORGANIZATION IS RUNNING
IT19197 DB2 MIGHT PRODUCE INCORRECT RESULT WHEN EXECUTING XQUERY WITH MULTIPLE OR SUBTERMS
IT19608 DB2 MAY CONVERT VIEW COLUMN TYPES INCORRECTLY OR RETURN SQL0418N UPON REVALIDATION OF A VIEW WITH UNTYPED EXPRESSIONS
IT19796 COMPILED COMPOUND SQL OR A PL/SQL ANONYMOUS BLOCK CAN DELETE ALL ROWS OF A ON COMMIT DELETE ROWS TEMPORARY TABLE
IT20463 INCORRECT RESULTS ARE POSSIBLE WHEN CONCURRENT QUERIES ACCESS COLUMNAR ORGANIZED TABLES AND USE  CS ISOLATION
IT20661 WRONG RESULTS MIGHT OCCUR WHEN SCALAR SUB-QUERY IS ON THE LEFT HAND SIDE OF A NOT IN PREDICATE
IV91752 THE FIRST UPDATE STATEMENT FOR A COLUMN-ORGANIZED TABLE MAY IN RARE CASES CAUSE FUTURE QUERIES TO MISS SOME MATCHING RESULTS
IV93080 WRONG RESULT IS POSSIBLE WHEN COLUMNAR TABLES ARE INVOLVED IN A PLAN WITH A UNION AND CSE IS PUSHED DOWN ON TO CDE


-->

DB2 Version 11.1 Fix Pack 1
Security APARs
IT15579 SECURITY: DB2 IS AFFECTED BY OPEN SOURCE APACHE XERCES-C XML PARSER VULNERABILITIES (CVE-2016-0729)
IT16324 SECURITY: DB2 PURESCALE AFFECTED BY MULTIPLE VULNERABILITIES IN GPFS
IT17012 SECURITY: ELEVATED PRIVILEGES WITH DB2 EXECUTABLES (CVE-2016-5995)
IT17530 SECURITY: DB2 PURESCALE AFFECTED BY A VULNERABILITY IN GPFS (CVE-2016-2119)
HIPER APARs
IT16112 A CORRELATED SCALAR SUBQUERY IN AN UPDATE STATEMENT MAY NOT CORRECTLY RETURN SQL0811N
IT16385 DB2 DATA SERVER CLIENT SILENT INSTALL FAILS WITH ERROR: PRODUCT: IBM DATA SERVER CLIENT - DB2COPY1 -- ERROR 1314
IT16656 SQL0801 AND WRONG RESULTS FROM STDDEV_SAMP, VARIANCE_SAMP, COVARIANCE_SAMP WHEN USED IN AN OLAP SPECIFICATION
IT16703 DB2 MAY RETURN INCORRECT RESULTS WHEN USING STRING EQUALITY PREDICATES CONTAINING DIFFERING CODE UNITS
IT16869 SELECT ROW CHANGE TOKEN WILL RETURN WRONG RESULT WHEN USINGRIDSCAN (ROW IDENTIFIER SCAN)
IT16893 ONLINE BACKUP WITH COMPRESSION AND ENCRYPTION MAY CREATE A CORRUPTED BACKUP FILE
IT17179 IF ARRAY USED IN AN OPEN CURSOR IS MODIFIED THEN WRONG RESULT OR A TRAP ARE POSSIBLE
IT17452 WRONG RESULT IN STORED PROCEDURE QUERY WHEN ADD/DROP CHECK CONSTRAINT
IT17458 IN DB2 DPF, POSSIBLE WRONG RESULT WHEN OUTER JOIN PREDICATE COL1=COL2 AND BOTH COLUMNS ARE FROM THE OUTER TABLE
IT17489 SELECT AGAINST AN MDC TABLE WITH A RANGE PREDICATE IN SMP MIGHT RETURN A WRONG RESULT
IT17556 INCORRECT RESULTS ARE POSSIBLE WHEN JOIN AGAINST CDE TABLES IS DONE  AND AN UNDOCUMENTED JOIN SUPPORT REGISTRY VARIABLE SET
IT17941 POSSIBLE WRONG RESULTS WHEN THE INPUT PARAMETERS OF AN INLINED SQL SCALAR UDF CONTAINS AN OLAP SPECIFICATION
IV90269 QUERIES WITH MULTIPLE OLAP CLAUSES AND DISTINCT AGAINST COLUMN ORGANIZED TABLES COULD RETURN WRONG RESULTS
IV90750 INCORRECT RESULTS ARE POSSIBLE WHEN MULTIPLE ROW_NUMBER() , INLINED SQL SCALAR UDF AND COLUMN ORGANIZED TABLES ARE PRESENT





DB2 fix packs for all supported versions can be downloaded at the following site: http://www.ibm.com/support/docview.wss?uid=swg27007053

The DB2 team will continue to have a strong focus on delivering timely fixes for newly discovered issues along with information that helps our customers to decide on an appropriate course of action. The DB2 team regrets the inconvenience that these issues are causing to you, our customers. We believe that our actions are the most prudent steps to address your concerns and remain open to suggestions on how to further improve our processes.


My Notifications
Sign-up to receive e-mail notification of changes to this document.
1. Sign in to My Notifications
2. select Subscribe tab
3. select "Information Management" from the Software column
4. select the check box for "DB2 for Linux, UNIX and Windows"
click the Continue button.
5. select the check box for "Flashes" and all other document types
click the Submit button.

For more information about My Notifications please click on
the Benefits and features or
take a guided tour of My Notifications.


2


Cross reference information
Product Component Platform Version Edition
DB2 Connect

Document information

More support for: DB2 for Linux, UNIX and Windows

Component: OTHER - Uncategorised

Software version: 11.1

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 1994955

Modified date: 07 March 2019