|
Problem IC97472
|
Status: Geschlossen |
SECURITY: NULL POINTER DEREFERENCE IN DB2'S XSLT PARSING ENGINE (CVE-2013-5466). |
| Produkt: |
DB2 FOR LUW / DB2FORLUW / A50 - DB2 |
| Problembeschreibung: |
The DB2xslt4 module contains a NULL pointer dereference in the
XSLT parsing engine which a malicious user could exploit and
cause the DB2 server to trap and terminate. |
| Problem-Zusammenfassung: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 10.1 GA through to Version 10.1 Fix *
* Pack 2. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* . *
**************************************************************** |
| Local-Fix: |
|
| verfügbare FixPacks: |
DB2 Version 10.5 Fix Pack 3 for Linux, UNIX, and Windows
DB2 Version 10.5 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Cancun Release 10.5.0.4 (also known as Fix Pack 4) for Linux, UNIX, and Windows
DB2 Version 10.5 Fix Pack 9 for Linux, UNIX, and Windows
|
| Lösung |
See Security Bulletin: Denial of Service Vulnerability in DB2's
XSLT Library. (CVE-2013-5466)
http://www-01.ibm.com/support/docview.wss?uid=swg21660046 |
| Workaround |
keiner bekannt / siehe Local-Fix |
| Weitere Daten |
Datum - Problem gemeldet :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
| 06.11.2013
19.02.2014
19.02.2014 |
| Problem behoben ab folgender Versionen (IBM BugInfos) |
|
| Problem behoben lt. FixList in der Version |
| 10.5.0.3
|
 |
| 10.5.0.3
|
|
