|
Problem IC99475
|
Status: Closed |
Security: IBM DB2 is impacted by multiple TLS/SSL security vulnerabilities (CVE-2013-6747, CVE-2014-0963) |
| product: |
DB2 FOR LUW / DB2FORLUW / A10 - DB2 |
| Problem description: |
IBM DB2 is affected by multiple problems related to the SSL
implementation. which, under very specific conditions, can cause
DB2 server to become unresponsive, hang or crash.
By default, DB2 does not use TLS/SSL for client-server
communication and therefore, potential exposure only exists if
you are using TLS/SSL.
See security bulletin for details:
http://www.ibm.com/support/docview.wss?uid=swg21671732 |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels from Version 10.1 GA through to Version 10.1 *
* Fix Pack 3. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See security bulletin: *
* http://www.ibm.com/support/docview.wss?uid=swg21671732 *
****************************************************************
* RECOMMENDATION: *
* See security bulletin: *
* http://www.ibm.com/support/docview.wss?uid=swg21671732 *
**************************************************************** |
| Local Fix: |
|
| available fix packs: |
DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows
|
| Solution |
See security bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21671732 |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 19.02.2014
23.05.2014
06.06.2014 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 10.1.0.4
|
 |
