-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.1355
 Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2
                 for Linux, UNIX, and Windows Version 10.1
                             30 September 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM DB2
Publisher:         IBM
Operating System:  AIX
                   HP-UX
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Increased Privileges            -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Unauthorised Access             -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-4033 CVE-2013-4032 CVE-2013-3475
                   CVE-2012-4826 CVE-2012-3324 CVE-2012-2197
                   CVE-2012-2196 CVE-2012-2194 

Reference:         ESB-2013.1284
                   ESB-2013.1150
                   ESB-2013.0778
                   ESB-2013.0767
                   ESB-2012.1008
                   ESB-2012.1005
                   ESB-2012.0884
                   ESB-2012.0678

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21610582

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for 
Linux, UNIX, and Windows Version 10.1

Flash (Alert)

Document information
DB2 for Linux, UNIX and Windows

Software version:
10.1

Operating system(s):
AIX, HP-UX, Linux, Solaris, Windows

Reference #:
1610582

Modified date:
2013-09-28

Abstract

This document contains a list of fixes for Security and HIPER APARs in DB2 
Version 10.1.

IBM recommends that you review the APAR descriptions and deploy one of the 
above fix packs to correct them on your affected DB2 installations.

Content

A set of security vulnerabilities was discovered in some DB2 database products. 
These vulnerabilities were analyzed by the DB2 development organization and a 
set of corresponding fixes was created to address the reported issues. IBM is 
not currently aware of any externally reported incidents where production DB2 
installations have been compromised due to these issues.

The affected DB2 UDB for Linux, UNIX, and Windows products are:
DB2 Enterprise Server Edition
DB2 Workgroup Server (all Editions)
DB2 Express Server (all Editions)
DB2 Personal Edition
DB2 Connect Server (all Editions)

DB2 Client component and DB2 products or components other than those listed 
above are not affected.

Due to the complexity of the fixes required to eliminate the reported service 
issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 
10.1 fix packs.

Select a Fix Pack: 3 | 2 | 1


DB2 Version 10.1 Fix Pack 3

Security APARs

IC92498 SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN DB2AUD AND DB2FLACC 
	(CVE-2013-3475).
IC94434	SECURITY: DENIAL OF SERVICE VULNERABILITY IN DB2's FAST COMMUNICATIONS 
	MANAGER. (CVE-2013-4032)
IC94757	SECURITY: UNAUTHORIZED ACCESS TO TABLE VULNERABILITY IN DB2 
	(CVE-2013-4033)

HIPER APARs

IC89288	INDEX CORRUPTION MIGHT BE INTRODUCED DURING A DATABASE UPGRADE TO DB2 
	VERSION 10.1
IC89415	READ STABILITY ISOLATION IS NOT ENFORCED UNDER CERTAIN SQL ACCESS PLANS
IC89818	INCORRECT RESULTS ON RANGE PARTITIONED TABLE WITH XML COLUMN
IC90798	INCORRECT RESULTS MIGHT BE RETURNED FOR THE SELECT QUERY INVOLVING THE 
	AGGREGATION FUNCTION WITH THE OLAP WINDOW FUNCTION
IC90906	A QUERY INVOLVING AT LEAST TWO COUNT(DISTINCT ...) AGGREGATE FUNCTIONS 
	MIGHT RETURN WRONG RESULTS
IC91418	USER-DEFINED FUNCTION WITH INDEX EXTENSION EXPLOITATION MIGHT RETURN 
	INCORRECT RESULTS IF INDEX IS NOT PRESENT
IC92052	EXCESSIVELY LARGE MEMORY ALLOCATION ATTEMPTS FROM FAST INTEGER SORT DUE 
	TO WRONG MEMORY SIZE CALCULATION
IC92832	FAILED BACKUP, TABLESPACES ARE MARKED AS UNMODIFIED, DATA MIGHT NOT BE 
	INCLUDED IN SUBSEQUENT INCREMENTAL BACKUPS IMAGES
IC92990	INDEX / DATA MISMATCH MIGHT OCCUR IN AN MDC TABLE AFTER A DEFERRED 
	ROLLOUT
IC93059	RANGE PARTITIONED TABLES DEFINED WITH A NULLS FIRST PARTITIONING COLUMN 
	MIGHT RETURN INCORRECT RESULTS
IC93092	UPDATE OF UNIQUE COLUMNS MIGHT RESULT IN DUPLICATES IN A TABLE WITH A 
	UNIQUE INDEX
IC94252	TCP CONNECTIONS FROM NON-HADR DATABASE SOFTWARE TO THE STANDBY MIGHT 
	ALTER THE HADR STATE AND STALL LOG SHIPPING ON THE PRIMARY
IC94465	BITWISE SCALAR FUNCTIONS MIGHT RETURN INCORRECT RESULTS WHEN USED WITH 
	DECFLOAT DATATYPE ON AIX POWER7
IC94634	THERE MIGHT BE A DOUBLE FREE OR LIST CORRUPTION IN THE 
	SQLRLC_CSM_DEFUNCT() FUNCTION
IC95010	THE LOAD COMMAND WITH THE REMOTE FETCH OR SOURCEUSEREXIT OPTIONS MIGHT 
	FAIL TO INSERT SOME ROWS INTO A TABLE
IC95053	THE QUERY STATEMENT WITH A SUBQUERY PREDICATE MIGHT NOT RETURN ROWS 
	AFTER ENABLING DB2_COMPATIBILITY_VECTOR=ORA


DB2 Version 10.1 Fix Pack 2

Security APARs

IC86783	SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN SQL/PERSISTENT STORED 
	MODULES DEBUGGING INFRASTRUCTURE (CVE-2012-4826).

HIPER APARs

IC85608	XQUERY MIGHT RETURN INCORRECT RESULTS WHEN BOTH 'AND' AND 'OR' 
	PREDICATES EXIST AND ALL PREDICATES CAN BE APPLIED TO XML INDEXES
IC87500	ROWS MIGHT BE INSERTED INTO WRONG MDC TABLE CELL AFTER PREVIOUS INSERTS 
	IN SAME TRANSACTION ENCOUNTER TABLESPACE FULL

Special Attention APARs

IC85425	QUERY WITH A UNION AND TWO CORRELATED BRANCHES MIGHT RETURN INCORRECT 
	RESULTS IN PARTITIONED DATABASE ENVIRONMENTS
IC85841	BATCH INSERTS CAUSING DUPLICATE ROWS WHEN USING NULLIDRA (REOPT=ALWAYS) 
	VS. NULLIDR1 (REOPT=ONCE)
IC86029	CREATING A UNIQUE GLOBAL INDEX ON A TABLE WITH DETACHED PARTITION AND 
	DEPENDANT MQT MIGHT LEAD TO INCORRECT RESULT AFTER REFRESH


DB2 Version 10.1 Fix Pack 1

Security APARs

IC84716	SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY 
	(CVE-2012-2194).
IC84751	SECURITY: GET_WRAP_CFG_C AND GET_WRAP_CFG_C2 ALLOWS UNAUTHORIZED ACCESS 
	XML FILES (CVE-2012-2196).
IC84755	SECURITY: STACK BUFFER OVERFLOW VULNERABILITY IN JAVA STORED PROCEDURE 
	INFRASTRUCTURE (CVE-2012-2197).
IC85513	SECURITY: UTL_FILE could allow unauthorized access to files 
	(CVE-2012-3324).

HIPER APARs

IC83823	WITH REOPT ENABLED, STATEMENTS CONTAINING ARRAY OR ROW VARIABLES MIGHT 
	PRODUCE INCORRECT OUTPUT
IC84320	COALESCE EXPRESSION IN THE OUTER JOIN OPERATOR (+) MAY RETURN INCORRECT 
	RESULTS

Special Attention APARs

IC83469	INCORRECT RESULTS AFTER LOAD INTO TABLE WITH CONSTRAINTS FOLLOWED BY 
	ATTACH OR DETACH
IC84856	INDEX CORRUPTION MAY BE INTRODUCED DURING A DATABASE UPGRADE FROM DB2 
	VERSION 9.5 TO DB2 VERSION 10.1
IC84899	DATABASE OPERATIONS MIGHT FAIL WITH "KEY DATA MISMATCH" ERRORS, OR ROWS 
	THAT EXIST IN THE DATABASE CANNOT BE FOUND
IC85221	SQL WITH NESTED MATH OPERATIONS ON COLUMNS THAT ARE DEFINED WITH NOT 
	NULL AND USING FUNCTIONS MAY RETURNED DIFFERENT RESULTS.


DB2 fix packs for all supported versions can be downloaded at the following 
site: http://www.ibm.com/support/docview.wss?uid=swg27007053 

The DB2 team will continue to have a strong focus on delivering timely fixes 
for newly discovered issues along with information that helps our customers to 
decide on an appropriate course of action. The DB2 team regrets the 
inconvenience that these issues are causing to you, our customers. We believe 
that our actions are the most prudent steps to address your concerns and 
remain open to suggestions on how to further improve our processes. 

My Notifications 
Sign-up to receive e-mail notification of changes to this document.
1. Sign in to My Notifications 
2. select Subscribe tab 
3. select " Information Management" from the Software column 
4. select the check box for " DB2 for Linux, UNIX and Windows" 
  click the Continue button. 
5. select the check box for " Flashes" and all other document types 
  click the Submit button.

Cross reference information

Segment		Product		Component	Platform	Version	Edition
Information 	DB2 Connect			10.1
Management

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUkjp7hLndAQH1ShLAQIleQ//Wiv2SYpO4O40rQ9EehmK3PtoRMZp1ChP
U3hMrUX45g7ebb5flfIL5fiOJf+4jvnch2wJ+ND8PGT2dBnkuOeMpFtuO3h6tsDM
KssjnxfNdMfK/IUB4ntozB55PCecVLMVyvhcBoIMzCP/GxWEjSikyUq+JBUB0SXC
9EHPaVAdc645lMap8tNiGdPxNHRtwplmW3SMvqI3GAltX8lwysm3KIBuvMTptJyh
qLIP80J1hsohdYdEhTIioKRCgNlGQxbWOXqTJr1B31tGdEJa28VaNl+wHIHCHSNy
fDZSYtHnmC6TwvmOAl9oNY7BKXY5tP2WdsgDWM4N88uLdfHpVKxw/FnmsjUTyKyI
QduYORFk23npNa729uaI6ieHc64TUVaxOC6HmvDBhVCZwsSBF53HiZfWYk3dJEjt
nH5uqz2AIHZ+iNTjQpe5CyK4z8bOUFEe4nDUmhJmrZu+wsA1w+S2Jiz1cdEslpye
EcBXPA2mWEB8TxdGy0c8mQa2FpLsUol8gtTrjzifGWBWRyueHB7bYivgf8F41E6N
AKQT5EanqRKEBImXORhXJihnuJD3a29fotfHFEQwN0srk7Ijqsl9K4Rcwmhrw0UN
MDcUDNYipbL26VfcwUsF0srqt9xUijWeyfKK2o2jDGSmA0l3Rl+c37Ehu5sS1qhc
3eU6RjrtSP4=
=tZOw
-----END PGP SIGNATURE-----