-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.2996
 Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2
                 for Linux, UNIX, and Windows Version 11.1
                             16 December 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM DB2
Publisher:         IBM
Operating System:  AIX
                   HP-UX
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Increased Privileges            -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Provide Misleading Information  -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-5995 CVE-2016-2119 CVE-2016-0729

Reference:         ESB-2016.2802
                   ESB-2016.2421
                   ESB-2016.2361

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg21994955

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for 
Linux, UNIX, and Windows Version 11.1

Flash (Alert)

Document information

More support for: DB2 for Linux, UNIX and Windows OTHER - Uncategorised

Software version: 11.1

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 1994955

Modified date: 15 December 2016

Abstract

This document contains a list of fixes for Security and HIPER APARs in DB2 
Version 11.1. Content

A set of security vulnerabilities was discovered in some DB2 database 
products. These vulnerabilities were analyzed by the DB2 development 
organization and a set of corresponding fixes was created to address the 
reported issues. IBM is not currently aware of any externally reported 
incidents where production DB2 installations have been compromised due to 
these issues.

The affected DB2 UDB for Linux, UNIX, and Windows products are:

DB2 Connect Server (all Editions)

DB2 Developer Edition

DB2 Enterprise Server (all Editions)

DB2 Express Server (all Editions)

DB2 Workgroup Server (all Editions)

DB2 Client component and DB2 products or components other than those listed 
above are not affected.

Due to the complexity of the fixes required to eliminate the reported service
issues, it is not feasible to retrofit the same fixes into earlier DB2 Version
11.1 fix packs.

Select a Fix Pack: 1

DB2 Version 11.1 Fix Pack 1

Security APARs

IT15579 SECURITY: DB2 IS AFFECTED BY OPEN SOURCE APACHE XERCES-C XML PARSER 
VULNERABILITIES (CVE-2016-0729)

IT16324 SECURITY: DB2 PURESCALE AFFECTED BY MULTIPLE VULNERABILITIES IN GPFS

IT17012 SECURITY: ELEVATED PRIVILEGES WITH DB2 EXECUTABLES (CVE-2016-5995)

IT17530 SECURITY: DB2 PURESCALE AFFECTED BY A VULNERABILITY IN GPFS 
(CVE-2016-2119)

HIPER APARs

IT16112 A CORRELATED SCALAR SUBQUERY IN AN UPDATE STATEMENT MAY NOT CORRECTLY
RETURN SQL0811N

IT16385 DB2 DATA SERVER CLIENT SILENT INSTALL FAILS WITH ERROR: PRODUCT: IBM 
DATA SERVER CLIENT - DB2COPY1 -- ERROR 1314

IT16656 SQL0801 AND WRONG RESULTS FROM STDDEV_SAMP, VARIANCE_SAMP, 
COVARIANCE_SAMP WHEN USED IN AN OLAP SPECIFICATION

IT16703 DB2 MAY RETURN INCORRECT RESULTS WHEN USING STRING EQUALITY PREDICATES
CONTAINING DIFFERING CODE UNITS

IT16869 SELECT ROW CHANGE TOKEN WILL RETURN WRONG RESULT WHEN USINGRIDSCAN 
(ROW IDENTIFIER SCAN)

IT16893 ONLINE BACKUP WITH COMPRESSION AND ENCRYPTION MAY CREATE A CORRUPTED 
BACKUP FILE

IT17179 IF ARRAY USED IN AN OPEN CURSOR IS MODIFIED THEN WRONG RESULT OR A 
TRAP ARE POSSIBLE

IT17452 WRONG RESULT IN STORED PROCEDURE QUERY WHEN ADD/DROP CHECK CONSTRAINT

IT17458 IN DB2 DPF, POSSIBLE WRONG RESULT WHEN OUTER JOIN PREDICATE COL1=COL2
AND BOTH COLUMNS ARE FROM THE OUTER TABLE

IT17489 SELECT AGAINST AN MDC TABLE WITH A RANGE PREDICATE IN SMP MIGHT RETURN
A WRONG RESULT

IT17556 INCORRECT RESULTS ARE POSSIBLE WHEN JOIN AGAINST CDE TABLES IS DONE 
AND AN UNDOCUMENTED JOIN SUPPORT REGISTRY VARIABLE SET

IT17941 POSSIBLE WRONG RESULTS WHEN THE INPUT PARAMETERS OF AN INLINED SQL 
SCALAR UDF CONTAINS AN OLAP SPECIFICATION

IV90269 QUERIES WITH MULTIPLE OLAP CLAUSES AND DISTINCT AGAINST COLUMN 
ORGANIZED TABLES COULD RETURN WRONG RESULTS

IV90750 INCORRECT RESULTS ARE POSSIBLE WHEN MULTIPLE ROW_NUMBER() , INLINED 
SQL SCALAR UDF AND COLUMN ORGANIZED TABLES ARE PRESENT

DB2 fix packs for all supported versions can be downloaded at the following 
site: http://www.ibm.com/support/docview.wss?uid=swg27007053

The DB2 team will continue to have a strong focus on delivering timely fixes 
for newly discovered issues along with information that helps our customers to
decide on an appropriate course of action. The DB2 team regrets the 
inconvenience that these issues are causing to you, our customers. We believe
that our actions are the most prudent steps to address your concerns and 
remain open to suggestions on how to further improve our processes.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWFN20Yx+lLeg9Ub1AQiF1Q//VRii3Kv5U9Nnpv3vieZdeQy4LmnPapPH
MOzAW+nVQwz5r++x/eNVJifRT+qJoM+WJEiy/cMIJAtso+YMHzumxaEmfRAZL9RM
E2TpRYtMTJwucEAaGORjXCg1D63TbVFzuKJqBbGPMfkB1MTgHZ5hxOFkGZF7bK7t
VLLvE+cYhMjsqFlJKAsDxRPc53SCh5bmHoK+Ywj75Ecs9ufT/ICetOJuW9XxpEwM
e7PhCU5VrFpBXGgXCbYs2Y9o+hetsYyYS7lHwkRNhCFfy2I2mVD6hNP0LqHShOum
L5r7HdjbimAlrObASSqJypJH3qQ80BZZIhghGD/0OUD6QPQWrKdMb1fvtOjXbvEm
YY49iPf8e7rwE5C00a6LrKi3zeha8eZgg7kegL5KDQJM4YpgDHyEpLoJWOKgcevl
qIUfLFCsSDWf42EfOrD4HiVjm55OX1D2BumgVJYywvneFtRYWB5Kc4hVc0asVGjr
tEZeNvS0olVMAFrWuhKg0hFpjeuU5sdIDwJxAu/THu7dpgs6RQi3Y4ynebeRb/2G
0kXMglYvBHGHxEyEgU0AEUMGOn5dkCJCojywPayLSC8X2w71BJyz3l8rrFF8lZUH
yLjkGx0iz+peMuharIUYp8xCPVshoW/7Vm8mIeOAC6frodOLUpQCvu5qzr3Z7zl9
mU2SpyPBclQ=
=lhx/
-----END PGP SIGNATURE-----