=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN325
_____________________________________________________________________

DATE                      : 30/08/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Linux, UNIX, Windows running IBM DB2
                                 versions 9.1, 9.5, 9.7.

======================================================================
http://www-01.ibm.com/support/docview.wss?uid=swg21426108
http://www-01.ibm.com/support/docview.wss?uid=swg21444772
______________________________________________________________________

Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and
Windows Version 9.1 Fix Pack 9
 Flash (Alert)

Abstract
Fix Pack 9 for DB2 V9.1 is now available which includes fixes for some security
vulnerabilities and HIPER APARs. These fixes, where applicable, are also
available in Fix Pack 6 for DB2 Version 9.5 and Fix Pack 2 for DB2 Version 9.7.

IBM recommends that you review the APAR descriptions and deploy one of the
above fix packs to correct them on your affected DB2 installations.

Content
A set of security vulnerabilities was discovered in some DB2 database products.
These vulnerabilities were analyzed by the DB2 development organization and a
set of corresponding fixes was created to address the reported issues.
The affected DB2 UDB for Linux, UNIX, and Windows products are:

    * DB2 Enterprise Server Edition
    * DB2 Workgroup Server (all Editions)
    * DB2 Express Server (all Editions)
    * DB2 Personal Edition
    * DB2 Connect Server (all Editions)


DB2 Client component and DB2 products or components other than those listed
above are not affected.

Due to the complexity of the fixes required to eliminate the reported service
issues, it is not feasible to retrofit the same fixes into earlier DB2 Version
9.1, DB2 Version 9.5 and DB2 Version 9.7 fix packs.

The specifics of the Security APARs incorporated into the above DB2 fix packs
can be found in the following table:


Security APARs



V9.1    V9.5    V9.7    ABSTRACT
FP9     FP6     FP2
	
IC65922			SECURITY: BUFFER OVERRUN IN REPEAT UDF.

IC67848			SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE
                        RENEGOTIATION WEAK SECURITY CVE-2009-3555

IZ46773	IZ46774	IC63548	SECURITY APAR: MODIFIED SQL DATA table function is not
                        dropped when definer loses required privileges to
                        maintain the objects.

IC65408	IC65703	IC65742	SECURITY: VULNERABILITY IN DB2STST.

IC65749 IC65756 IC65762	Security: DB2DART CAN OVERWRITE FILES OWNED BY THE
                        NSTANCE OWNER.

IC65922	IC65933	IC65935	SECURITY: BUFFER OVERRUN IN REPEAT UDF (CVE-2010-0462)

IC66099	IC66642	IC66643	Security: Special group and user enumeration on Windows
                        2008 could trap the server.

IC67848	IC68054	IC68055	SECURITY: TRANSPORT LAYER SECURITY (TLS) HANDSHAKE
                        RENEGOTIATION WEAK SECURITY CVE-2009-3555


In addition to the Security APARs, here is a list of HIPER APARs included in
these fix packs of which you should be aware.


HIPER APARs

V9.1    V9.5    V9.7    ABSTRACT
FP9     FP6     FP2

IZ62236	IC63414 IC63415 OUTER JOIN OPERATION MAY RETURN INCORRECT RESULTS WITH
(in FP5)	(in FP1)A PREDICATE WITH A SUBQUERY RETURNING NOT MORE THAN
                        ONE ROW
	
IZ55549	IZ55987 IC62219 DYNAMIC SQL STATEMENTS WITH HOST VARIABLES, USING A
(in FP5)	(in FP1)REOPT ALWAYS OPTIMIZER GUIDELINE, MAY RETURN WRONG
                        RESULTS
	
IZ70791			INCORRECT RESULTS ARE RETURNED WHEN SELECT DISTINCT
                        SUBQUERY IS ROUTED TO MATERIALIZED QUERY TABLES (MQT)

IC65432			LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF
                        ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET
                        TABLE LOB COLUMN

IZ70791	IZ70790	N/A	INCORRECT RESULTS ARE RETURNED WHEN SELECT DISTINCT
                        SUBQUERY IS ROUTED TO MATERIALIZED QUERY TABLES (MQT)

IC65432	IC65445	N/A	LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF
                        ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET
                        TABLE LOB COLUMN



DB2 fix packs for all supported versions can be downloaded at the following
site: http://www.ibm.com/support/docview.wss?rs=71&uid=swg27007053

The DB2 team will continue to have a strong focus on delivering timely fixes
for newly discovered issues along with information that helps our customers
to decide on an appropriate course of action. The DB2 team regrets the
inconvenience that these issues are causing to you, our customers. We believe
that our actions are the most prudent steps to address your concerns and
remain open to suggestions on how to further improve our processes.

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product
and service names might be trademarks of IBM or other companies. A current
list of IBM trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.

- -------------------------------------------------------------------------------

Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and
Windows Version 9.5 Fix Pack 6
 Flash (Alert)

Abstract
Fix Pack 6 for DB2 V9.5 is now available which includes fixes for some
security vulnerabilities and HIPER APARs. These fixes, where applicable, are
also available in Fix Pack 9 for DB2 Version 9.1 and Fix Pack 2 for DB2
Version 9.7

IBM recommends that you review the APAR descriptions and deploy one of the
above fix packs to correct them on your affected DB2 installations.


Content
A set of security vulnerabilities was discovered in some DB2 database products.
These vulnerabilities were analyzed by the DB2 development organization and a
set of corresponding fixes was created to address the reported issues. IBM is
not currently aware of any externally reported incidents where production DB2
installations have been compromised due to these issues.
The affected DB2 UDB for Linux, UNIX, and Windows products are:

    * DB2 Enterprise Server Edition
    * DB2 Workgroup Server (all Editions)
    * DB2 Express Server (all Editions)
    * DB2 Personal Edition
    * DB2 Connect Server (all Editions)


DB2 Client component and DB2 products or components other than those listed
above are not affected.

Due to the complexity of the fixes required to eliminate the reported service
issues, it is not feasible to retrofit the same fixes into earlier DB2 Version
9.1, DB2 Version 9.5 and DB2 Version 9.7 fix packs.

The specifics of the Security APARs incorporated into the above DB2 fix packs
can be found in the following table:


HIPER APARs

V9.1    V9.5    V9.7    ABSTRACT
FP9     FP6     FP2	

IZ70791	IZ70790		INCORRECT RESULTS ARE RETURNED WHEN SELECT DISTINCT
                        SUBQUERY IS ROUTED TO MATERIALIZED QUERY TABLES (MQT)

IC65432	IC65445		LOAD FROM CURSOR FROM A TABLE WITH LOB COLUMN IN DPF
                        ENVIRONMENT MIGHT LOAD WRONG RESULTS IN THE TARGET
                        TABLE LOB COLUMN

	IC62125	IC62126	Multi-threaded non-Java application either crashes or
                        has code page conversion issues such as truncation of
                        data

	IC62742	IC64092 THE ROUND SQL FUNCTION CAN RETURN THE WRONG RESULT ON
                        A DECFLOAT INPUT VALUES OF Infinity/-Infinity

	IZ70080		Tablespace corruption due to IN-MEMORY POOL CONTROL
                        BLOCK OUT OF SYNCH WITH POOL PAGE 0 IN REGARDS TO
                        LAST INITIALIZED SMP EXTENT



DB2 fix packs for all supported versions can be downloaded at the following
site: http://www.ibm.com/support/docview.wss?rs=71&uid=swg27007053

The DB2 team will continue to have a strong focus on delivering timely fixes
for newly discovered issues along with information that helps our customers to
decide on an appropriate course of action. The DB2 team regrets the
inconvenience that these issues are causing to you, our customers. We believe
that our actions are the most prudent steps to address your concerns and remain
open to suggestions on how to further improve our processes.

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list
of IBM trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.
======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================