|
Problem IT29425
|
Status: Closed |
SECURITY: CERTAIN DB2 COMMANDS MAY LEAD TO INFORMATION DISCLOSURE WHEN AUTO_REVAL IS SET TO DEFERRED_FORCE (CVE-2019-4438)
|
| product: |
DB2 FOR LUW / DB2FORLUW / B10 - DB2 |
| Problem description: |
Certain Db2 commands may lead to information disclosure
when AUTO_REVAL database configuration parameter is set to
DEFERRED_FORCE.
See security bulletin for details:
https://www.ibm.com/support/pages/node/1117203 |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 11.1 GA through to Version 11.1 Fix *
* Pack 4 iFix001. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 11.1.4.5. See Security Bulletin for *
* details. *
**************************************************************** |
| Local Fix: |
Unset AUTO_REVAL in order to mitigate this vulnerability. |
| Solution |
|
| Workaround |
not known / see Local fix |
| BUG-Tracking |
forerunner : IT29412
follow-up : IT30744 |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 12.06.2019
28.11.2019
28.11.2019 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
