|
Problem IT09900
|
Status: Closed |
SECURITY: GSKIT IS AFFECTED BY SECURITY VULNERABILITIES (CVE-2015-1788) |
| product: |
DB2 FOR LUW / DB2FORLUW / A50 - DB2 |
| Problem description: |
GSKit V8 is impacted by the OpenSSL security vulnerability
(CVE-2015-1788)
Customers that have Secure Sockets Layer (SSL) support enabled
in
their DB2 database system are affected. SSL support is not
enabled in DB2 by default.
No workaround is available. DB2 needs to pick up new version of
GSKit V8.0.50.47 to resolve this vulnerability. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 10.5 GA through to Version 10.5 Fix *
* Pack 6. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 10.5 Fix Pack 7. *
**************************************************************** |
| Local Fix: |
|
| Solution |
The complete fix for this problem first appears in DB2 Version
10.5 Fix Pack 7 and all the subsequent Fix Packs.
Please refer to security bulletin for details:
http://www-01.ibm.com/support/docview.wss?uid=swg21964766 |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 07.07.2015
30.12.2015
30.12.2015 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 10.5.0.7
|
 |
