Db2 - Infos zu Sicherheitslücken vom 29.06.2021

Hallo John,

ab dem 23. Juni 2021 wurden verschiedene aktuelle Sicherheitslücken für IBM Db2 veröffentlicht.

Db2 Administratoren sollten ihre Systeme auf Handlungsbedarf prüfen. Detaillierte Beschreibungen und Hinweise auf special-builds / interim-fixes sind über die unten angegebenen Links auf den IBM Supportseiten verfügbar.

Herzliche Grüße aus Gießen,
Ihre CURSOR Service Distribution

Hello John,

several recent security vulnerabilities for IBM Db2 were published starting on June 23. 2021.

Db2 administrators should check their systems for need of action. Detailed descriptions and references to special-builds / interim-fixes are available via the links below on the IBM support pages.

Best regards
Your CURSOR Service Distribution

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 server editions on all platforms are affected.

(CVE-2021-29703 / 23.06.2021)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of service. All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms are affected.

(CVE-2021-29777 / 23.06.2021)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link. All fix pack levels of IBM Db2 V11.5 edition on Linux and Unix platforms are affected. Windows is not impacted.

(CVE-2020-4885 / 28.06.2021)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms are affected.

(CVE-2021-20579 / 23.06.2021)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. All fix pack levels of IBM Db2 V11.5 edition on Linux and Unix platforms are affected. Windows is not impacted.

(CVE-2020-4945 / 28.06.2021)

CURSOR Service Distribution
IBM Db2 Release Newsletter - 29.06.2021
Hallo John, ab dem 23. Juni 2021 wurden verschiedene aktuelle Sicherheitslücken für IBM Db2 veröffentlicht. Db2 Administratoren sollten ihre Systeme auf Handlungsbedarf prüfen. Detaillierte Beschreibungen und Hinweise auf special-builds / interim-fixes sind über die unten angegebenen Links auf den IBM Supportseiten verfügbar. Herzliche Grüße aus Gießen, Ihre CURSOR Service Distribution Hello John, several recent security vulnerabilities for IBM Db2 were published starting on June 23. 2021. Db2 administrators should check their systems for need of action. Detailed descriptions and references to special-builds / interim-fixes are available via the links below on the IBM support pages. Best regards Your CURSOR Service Distribution Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 server editions on all platforms are affected. (CVE-2021-29703 / 23.06.2021) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of service. All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms are affected. (CVE-2021-29777 / 23.06.2021) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link. All fix pack levels of IBM Db2 V11.5 edition on Linux and Unix platforms are affected. Windows is not impacted. (CVE-2020-4885 / 28.06.2021) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms are affected. (CVE-2021-20579 / 23.06.2021) IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. All fix pack levels of IBM Db2 V11.5 edition on Linux and Unix platforms are affected. Windows is not impacted. (CVE-2020-4945 / 28.06.2021)
	CURSOR Service Distribution

	IBM Software for ESA Partners

	Services for IBM Databases

	Enhanced Informix Support

	Admin-Scout Tools for Administrators

	Newsletter unsubscribe Newsletter abmelden

	CURSOR Service Distribution view our Db2 download page

Diese E-Mail einschließlich der in ihr enthaltenen Informationen ist vertraulich und unterliegt dem Fernmeldegeheimnis sowie ggfs. weiteren Beschränkungen. Sie ist ausschließlich für den oder die Adressaten bestimmt; jeglicher Zugriff durch andere Personen ist untersagt. Sollte diese E-Mail nach ihrem Inhalt oder den Umständen nicht für Sie bestimmt sein, so entschuldigen wir uns für die Unannehmlichkeiten und versichern, dass wir keinerlei werbliche Zwecke verfolgen. Bitte senden Sie diese E-Mail zurück, damit wir entsprechende Maßnahmen ergreifen können. Im Übrigen ist Ihnen bei irrtümlicher Zusendung jede Veröffentlichung, Vervielfältigung, Weitergabe oder Aufbewahrung wie auch das Ergreifen oder Unterlassen von Maßnahmen im Hinblick auf die erlangten Informationen untersagt. This e-mail, including the information contained therein, is confidential and subject to telecommunications secrecy and any other restrictions. It is intended exclusively for the addressee or addressees; any access by other persons is prohibited. If the content or circumstances of this e-mail are not intended for you, we apologize for the inconvenience and assure you that we do not pursue any advertising purposes. Please send this e-mail back so that we can take appropriate measures. In all other respects, any publication, duplication, passing on or storage as well as the taking or omission of measures with regard to the obtained information is forbidden to you with erroneous forwarding.	CURSOR Software AG Vorstand: Thomas Rühl (Vorsitzender), Jürgen Heidak, Andreas Lange Aufsichtsrat: Prof. Dr. Axel Schwickert (Vorsitzender) Sitz: Gießen AG, Gießen, HRB 3396

CURSOR Service Distribution

IBM Db2 Release Newsletter - 29.06.2021

Hallo John,

Hello John,

CURSOR Software AGVorstand: Thomas Rühl (Vorsitzender), Jürgen Heidak, Andreas Lange Aufsichtsrat: Prof. Dr. Axel Schwickert (Vorsitzender)Sitz: Gießen AG, Gießen, HRB 3396

CURSOR Software AG

Vorstand: Thomas Rühl (Vorsitzender),
Jürgen Heidak, Andreas Lange

Aufsichtsrat: Prof. Dr. Axel Schwickert (Vorsitzender)

Sitz: Gießen AG, Gießen, HRB 3396