|
Problem IC97470
|
Status: Geschlossen |
SECURITY: NULL POINTER DEREFERENCE IN DB2'S XSLT PARSING ENGINE (CVE-2013-5466). |
| Produkt: |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 |
| Problembeschreibung: |
The DB2xslt4 module contains a NULL pointer dereference in the
XSLT parsing engine which a malicious user could exploit and
cause the DB2 server to trap and terminate. |
| Problem-Zusammenfassung: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 9.7 GA through to Version 9.7 Fix *
* Pack 8 *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 9.7 Fix Pack 9. *
**************************************************************** |
| Local-Fix: |
|
| verfügbare FixPacks: |
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
|
| Lösung |
See Security Bulletin: Denial of Service Vulnerability in DB2's
XSLT Library. (CVE-2013-5466)
http://www-01.ibm.com/support/docview.wss?uid=swg21660046 |
| Workaround |
keiner bekannt / siehe Local-Fix |
| Weitere Daten |
Datum - Problem gemeldet :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
| 06.11.2013
16.12.2013
16.12.2013 |
| Problem behoben ab folgender Versionen (IBM BugInfos) |
9.7.FP9
|
| Problem behoben lt. FixList in der Version |
| 9.7.0.9
|
 |
| 9.7.0.9
|
|
