IBM Support

Published Security Vulnerabilities for DB2 for Linux, UNIX, and Windows including Special Build information

Preventive Service Planning


Abstract

Published Security Vulnerabilities for DB2 for Linux, UNIX, and Windows, including links to Special Builds (where available).

Content

Latest Db2 Security Special Builds

The special builds listed below are the latest available security special builds for Db2 and fix all published security vulnerability APARs. For more information on a specific APAR, refer to the relevant security bulletin in the next section.

The latest JDK Bulletin applies to all supported Db2 releases and fixes all previously published JDK security bulletins. JDK upgrades are performed independently of the Db2 special build installation.

Most recent JDK Bulletin Publication Date
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Jan 2024 CPU) February 27, 2024
 
Db2 11.5.8 Db2 11.5.9 Publication Date
Special Build 38013 for V11.5.8 Special Build 38015 for V11.5.9 January 8, 2024
 
Db2 10.5 Db2 11.1 Db2 11.5.0 Publication Date
Special Build 41427 for V10.5 FP11:

AIX 64-bit
HP-UX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER™ big endian
Linux 64-bit, POWER™ little endian
Linux 64-bit, System z®, System z9® or zSeries®
Solaris 64-bit, SPARC
Solaris 64-bit, x86-64
Windows 32-bit, x86
Windows 64-bit, x86

Special Build 41428 for V11.1.4 FP7:

AIX 64-bit
Linux 32-bit, x86-32
Linux 64-bit, x86-64
Linux 64-bit, POWER™ little endian
Linux 64-bit, System z®, System z9® or zSeries®
Solaris 64-bit, SPARC
Windows 32-bit, x86
Windows 64-bit, x86

Special Build 41429 for V11.5.0:

AIX 64-bit (for AIX 7.1)

January 8, 2024



Published Security Vulnerabilities

Note: The topmost Security Bulletin contains links to the latest Special Build. Special Builds are cumulative so the latest Special Build contains the fixes for all current Security Vulnerability APARs.

For more information about a specific APAR, see the relevant Security Bulletin.

  • SB = Special Build
  • EoS = End of Support, refer to DB2 Distributed end of support (EOS) dates
  • N/A = The vulnerability described in the security bulletin does not apply to the version of Db2 specified in the column header 

According to PSIRT guidelines, we cannot comment on whether any specific security vulnerability affects DB2® until we publish a security bulletin with a fix.

Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin) DB2 10.5 DB2 11.1 DB2 11.5 Initial Publication Date
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Jan 2024 CPU) JDK Upgrade JDK Upgrade JDK Upgrade February 27, 2024
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Oct 2023 CPU) JDK Upgrade JDK Upgrade JDK Upgrade January 19, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47158) SB#41427 SB#41428 SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 8, 2024
Security Bulletin: IBM® Db2®  is vulnerable to a denial of service when using a specially crafted query (CVE-2023-47747) SB#41427 SB#41428 SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 8, 2024
Security Bulletin: IBM® Db2®  is vulnerable to remote code execution caused by installing like-named jar files across multiple databases. (CVE-2023-27859) SB#41427 SB#41428 SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 8, 2024
Security Bulletin: IBM® Db2®  is vulnerable to a denial of service when a specially crafted query is used (CVE-2023-47746) SB#41427 SB#41428 SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 8, 2024
Security Bulletin:  IBM® Db2® is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace  under exceptional conditions. (CVE-2023-47152) N/A N/A SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 8, 2024
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-47141) N/A N/A SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 8, 2024
Security Bulletin: IBM® Db2®  Federated is affected by  a vulnerability in the consumed open source presto-jdbc library that may lead to information disclosure N/A N/A SB#38015
(V11.5.9)

V11.5.8 N/A
January 8, 2024
Security Bulletin: IBM® Db2®  is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-45193) N/A N/A SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 8, 2024
Security Bulletin: IBM® Db2®  is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308) N/A N/A SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 8, 2024
Security Bulletin: IBM® Db2®  is vulnerable to a privilege escalation to SYSTEM user via MSI repair functionality on Windows (CVE-2023-47145) SB#41427 SB#41428 SB#38015
(V11.5.9)

SB#38013
(V11.5.8)
January 6, 2024
Security Bulletin:  Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. N/A SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 12, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003) SB#41422 SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727) SB#41422 SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687) SB#41422 SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service under extreme stress conditions. (CVE-2023-40692) SB#41422 SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  is affected by multiple vulnerabilities in the open source zlib library. SB#41422 SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020) SB#41422 SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. N/A SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. (CVE-2023-47701) SB#41422 SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  federated server is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-46167) N/A N/A V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178) N/A N/A V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258) N/A SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  is affected by multiple vulnerabilities in the consumed PCRE library. SB#41422 SB#41419 V11.5.9 GA

SB#37208
(V11.5.8)
December 1, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-32342) SB#41384 SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
November 3, 2023
Security Bulletin:  A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2023-30441) JDK Upgrade SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
November 3, 2023
Security Bulletin:  A vulnerability in libqb affects IBM® Db2® High-Availability deployments using Pacemaker (CVE-2023-39976) N/A N/A SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted query containing common table expressions (CVE-2023-40373) SB#41384 SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted SQL statement using External Tables. (CVE-2023-40372) N/A N/A SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service via a specially crafted query on certain databases. (CVE-2023-30987) SB#41384 SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  could allow a local user with special privileges to cause a denial of service during database deactivation on DPF (CVE-2023-38719) N/A N/A SB#35599
(V11.5.8)

N/A - V11.5.7
October 6, 2023
Security Bulletin:  A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2022-40609) JDK Upgrade SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.  (Apr 2023 CPU) JDK Upgrade SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to a denial of service with a specially crafted SQL statement (CVE-2023-38740) N/A N/A SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted query (CVE-2023-30991) N/A SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted ALTER TABLE statement (CVE-2023-38720) N/A SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850) SB#41384 SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted query statement. (CVE-2023-40374) N/A N/A SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2®  is vulnerable to denial of service with a specially crafted XML query statement (CVE-2023-38728) SB#41384 SB#41373 SB#35599
(V11.5.8)

SB#33926
(V11.5.7)
October 6, 2023
Security Bulletin:  IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012) SB#41328 SB#41327
SB#31203 (V11.5.8)
SB#31201
(V11.5.7)
July 10, 2023
Security Bulletin:  IBM® Db2®  on Windows is vulnerable to privilege escalation. (CVE-2023-27558) SB#41328 SB#41327
SB#31203 (V11.5.8)
SB#31201
(V11.5.7)
July 10, 2023
Security Bulletin: IBM® Db2® is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256) SB#41328 SB#41327
SB#31203 (V11.5.8)
SB#31201
(V11.5.7)
July 10, 2023
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442) SB#41328 SB#41327
SB#31203 (V11.5.8)
SB#31201
(V11.5.7)
July 10, 2023
Security Bulletin:  IBM® Db2® JDBC driver is vulnerable to remote code execution. (CVE-2023-27869, CVE-2023-27867, CVE-2023-27868) SB#41328 SB#41327
SB#31203 (V11.5.8)
SB#31201
(V11.5.7)
July 10, 2023
Security Bulletin:  IBM® Db2® db2set is vulnerable to arbitrary code execution. (CVE-2023-30431) SB#41328 SB#41327
SB#31203 (V11.5.8)
SB#31201
(V11.5.7)
July 10, 2023
Security Bulletin:  IBM® Db2®   is vulnerable to insufficient audit logging. (CVE-2023-23487) SB#41328 SB#41327
SB#31203 (V11.5.8)
SB#31201
(V11.5.7)
July 10, 2023
Security Bulletin: IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query SB#41328 SB#41327
SB#31203 (V11.5.8)
SB#31201
(V11.5.7)
July 10, 2023

Security Bulletin:  IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. (CVE-2023-27559)

SB#41270 SB#41268
SB# 29133
(V11.5.8)
SB# 29113
(v11.5.7)
April 24, 2023

Security Bulletin:  IBM® Db2®  is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. (CVE-2023-26022)

SB#41270 SB#41268
SB# 29133
(V11.5.8)
SB# 29113
(v11.5.7)
April 24, 2023
SB#41270 SB#41268
SB# 29133
(V11.5.8)
SB# 29113
(v11.5.7)
April 24, 2023
N/A SB#41268
SB# 29133
(V11.5.8)
SB# 29113
(v11.5.7)
April 24, 2023

Security Bulletin:  IBM® Db2® is vulnerable to a denial of service as the server may crash when attempting to use ACR client affinity for unfenced DRDA federation wrappers. (CVE-2023-27555)

N/A N/A
SB# 29133
(V11.5.8)
SB# 29113
(v11.5.7)
April 24, 2023

Security Bulletin:  IBM® Db2® is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. (CVE-2023-29255)

SB#41270 SB#41268
SB# 29133
(V11.5.8)
SB# 29113
(v11.5.7)
April 24, 2023

Security Bulletin:  IBM® Db2®  is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. (CVE-2023-29257)

SB#41270 SB#41268
SB# 29133
(V11.5.8)
SB# 29113
(v11.5.7)
April 24, 2023
N/A
SB#41246
(V11.1.4 FP7)
SB# 26513
(V11.5.8)
February 8, 2023
SB#41247
(V10.5 FP11)
SB#41246
(V11.1.4 FP7)
SB# 26513
(V11.5.8)
February 8, 2023
SB#41247
(V10.5 FP11)
SB#41246
(V11.1.4 FP7)
11.5.8 February 8, 2023
SB#41247
(V10.5 FP11)
SB#41246
(V11.1.4 FP7)
SB# 26513
(V11.5.8)
February 8, 2023
Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin) DB2 9.7 (EoS) DB2 10.1 (EoS) DB2 10.5 DB2 11.1 DB2 11.5
SB# 41220
(V9.7 FP11)
SB# 41219
(V10.1 FP6)
SB# 41221
(V10.5 FP11)
SB# 41222
(V11.1.4 FP7)
N/A
SB# 41141
(V9.7 FP11)
SB# 41146
(V10.1 FP6)
SB# 41140
(V10.5 FP11)
SB# 41145
(V11.1.4 FP7)
SB# 20944
(V11.5.7)
N/A N/A
SB# 41140
(V10.5 FP11)
SB# 41145
(V11.1.4 FP7)
SB# 20944
(V11.5.7)
Security Bulletin:  IBM® Db2®  is vulnerable to a denial of service (CVE-2022-22389)
SB# 41114
(V9.7 FP11)
SB# 41109
(V10.1 FP6)
SB# 41110
(V10.5 FP11)
SB# 41112
(V11.1.4 FP7)
SB# 18572
(V11.5.7)
Security Bulletin: IBM® Db2®  is vulnerable to an information disclosure caused by improper privilege management when table function is used.  (CVE-2022-22390)
SB# 41114
(V9.7 FP11)
SB# 41109
(V10.1 FP6)
SB# 41110
(V10.5 FP11
SB# 41112
(V11.1.4 FP7)
SB# 18572
(V11.5.7)
Security Bulletin: IBM® Db2®  is affected by multiple vulnerabilities due to the consumed Expat library
SB# 41114
(V9.7 FP11)
SB# 41109
(V10.1 FP6)
SB# 41110
(V10.5 FP11
SB# 41112
(V11.1.4 FP7)
N/A
JDK Upgrade JDK Upgrade JDK Upgrade JDK Upgrade JDK Upgrade or V11.5.8
SB# 41070
(V9.7 FP11)
SB# 41071
(V10.1 FP6)
SB# 41072
(V10.5 FP11)
V11.1.4 FP7 N/A

Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)

N/A N/A N/A N/A 11.5.6:
SB# 13806

11.5.7:
SB# 13804
Security Bulletin:  Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2®   (CVE-2021-45046, CVE-2021-45105) N/A N/A N/A N/A 11.5.6:
SB# 13478

11.5.7:
SB# 13495
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) N/A N/A
SB# 41021
(V10.5 FP11)
SB# 41025
(V11.1.4 FP6)
11.5.6:
SB# 13320

11.5.7:
SB# 13323
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228) N/A N/A N/A N/A 11.5.6:
SB# 13320

11.5.7:
SB# 13323
 
Security Bulletin: IBM® Db2® could allow a local user elevated privileges due to allowing modification of columns of existing tasks (CVE-2021-38926)
SB# 40985
(V9.7 FP11)
SB# 40986
(V10.1 FP6)
SB# 40988
(V10.5 FP11)
SB# 40997
(V11.1.4 FP6)
SB# 41025 for
Windows
11.5.7
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure as it uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. (CVE-2021-39002)
SB# 40985
(V9.7 FP11)
SB# 40986
(V10.1 FP6)
SB# 40988
(V10.5 FP11)
SB# 40997
(V11.1.4 FP6)
SB# 41025 for
Windows
11.5.7
Security Bulletin: IBM® Db2® may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. (CVE-2021-20373)
SB# 40985
(V9.7 FP11)
SB# 40986
(V10.1 FP6)
SB# 40988
(V10.5 FP11)
SB# 40997
(V11.1.4 FP6)
SB# 41025 for
Windows
11.5.7
Security Bulletin: IBM® Db2® is vulnerable to an Information Disclosure as a user with DBADM authority is able to access other databases and read or modify files (CVE-2021-29678)
SB# 40985
(V9.7 FP11)
SB# 40986
(V10.1 FP6)
SB# 40988
(V10.5 FP11)
SB# 40997
(V11.1.4 FP6)
SB# 41025 for
Windows
11.5.7
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. (CVE-2021-38931) N/A N/A N/A
SB# 40997
(V11.1.4 FP6)
SB# 41025 for
Windows
11.5.7
Security Bulletin:  IBM® Db2®  is vulnerable to an information disclosure, exposing remote storage credentials to privileged users under specific conditions.(CVE-2021-29752) N/A N/A N/A
SB# 40915
(V11.1.4 FP6)
SB# 10462
(V11.5.6)
Security Bulletin:  IBM® Db2®  under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. (CVE-2021-29763) N/A N/A N/A
SB# 40915
(V11.1.4 FP6)
SB# 10462
(V11.5.6)
Security Bulletin:  IBM® Db2®  could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP.  (CVE-2021-29825) N/A N/A N/A
SB# 40915
(V11.1.4 FP6)
SB# 10462
(V11.5.6)
Security Bulletin:  IBM® Db2®  could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976)
SB# 40913
(V9.7 FP11)
SB# 40912
(V10.1 FP6)
SB# 40911
(V10.5 FP11)
SB# 40915
(V11.1.4 FP6)
SB# 10462
(V11.5.6)
Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbitrary files due to improper group permissions. (CVE-2020-4945) N/A N/A N/A N/A V11.5.6
Security Bulletin: IBM® Db2® could allow a local user to access and change the configuration of DB2 due to a race condition via a symbolic link. (CVE-2020-4885) N/A N/A N/A N/A V11.5.6
Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. N/A N/A N/A
SB #40812
(V11.1.4 FP6)
V11.5.6
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. (CVE-2021-29703) N/A
SB # 40800
(v10.1 FP6)
SB #40802
(v10.5 FP11)
SB #40812
(V11.1.4 FP6)
V11.5.6
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure (CVE-2021-20579)
SB #40801
(v9.7 FP11)
SB # 40800
(v10.1 FP6)
SB #40802
(v10.5 FP11)
SB #40812
(V11.1.4 FP6)
V11.5.6
Security Bulletin: Under special circumstances, Db2 is vulnerable to a denial of service during drop table (CVE-2021-29777)
SB #40801
(v9.7 FP11)
SB # 40800
(v10.1 FP6)
SB #40802
(v10.5 FP11)
SB #40812
(V11.1.4 FP6)
V11.5.6
Security Bulletin:  IBM® Db2®  is vulnerable to a denial of service as the server terminates abnormally when executing a specifically crafted select statement. (CVE-2021-29702) N/A N/A N/A V11.1.4.6 V11.5.5.1
N/A N/A N/A JDK Upgrade JDK Upgrade
Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024)
SB #40690
(v9.7 FP11)
SB #40689
(v10.1 FP6)
SB #40688
(v10.5 FP11)
V11.1.4.6
SB #6195
(v11.5.5 FP0)
Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)
SB #40690
(v9.7 FP11)
SB #40689
(v10.1 FP6)
SB #40688
(v10.5 FP11)
V11.1.4.6
SB #6195
(v11.5.5 FP0)
Security Bulletin: IBM® Db2® is vulnerable to weak file permissions allowing access to specific files (CVE-2020-4976)
SB #40690
(v9.7 FP11)
SB #40689
(v10.1 FP6)
SB #40688
(v10.5 FP11)
V11.1.4.6
SB #6195
(v11.5.5 FP0)
Security Bulletin: IBM® Db2® is vulnerable to a Denial of Service on Windows (CVE-2020-4642)
SB #40586
(v9.7 FP11)
SB #40585
(v10.1 FP6)
SB #40584
(v10.5 FP11)
SB #40583
(v11.1.4 FP5)
SB #5040
(v11.5.5 FP0)
Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)
SB #40481
(v9.7 FP11)
SB #40480
(v10.1 FP6)
SB #40479
(v10.5 FP11)
SB #40478
(v11.1.4 FP5)
v11.5.5.0
Security Bulletin:   IBM® Db2® is vulnerable to a buffer overflow  (CVE-2020-4701) N/A N/A
SB #40479
(v10.5 FP11)
SB #40478
(v11.1.4 FP5)
v11.5.5.0
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime related to the Kerberos component affect IBM® Db2®. (CVE-2019-2949) N/A N/A N/A JDK Upgrade JDK Upgrade
Security Bulletin:IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4411) N/A N/A N/A Spectrum Scale efix Spectrum Scale efix
Security Bulletin: IBM® Db2® on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2020-4412) N/A N/A N/A Spectrum Scale efix Spectrum Scale efix
Security Bulletin:   IBM® Db2®  is vulnerable to an information disclosure. (CVE-2020-4387)
SB #40481
(Replaces SB 40162)
(v9.7 FP11)
SB #40161
(v10.1 FP6)
SB #40479
(Replaces SB 40160)
 (v10.5 FP11)
SB #40159
(v11.1.4 FP5)
v11.5.4.0
Security Bulletin:   IBM® Db2®  is vulnerable to an information disclosure. (CVE-2020-4386)
SB #40481
(Replaces SB 40162)
(v9.7 FP11)
SB #40161
(v10.1 FP6)
SB #40479
(Replaces SB 40160)
(v10.5 FP11)
SB #40159
(v11.1.4 FP5)
v11.5.4.0
Security Bulletin:   IBM® Db2®  may be vulnerable to a Denial of Service attack (CVE-2020-4355)
 SB #40481
(Replaces SB 40162)
(v9.7 FP11)
SB #40161
(v10.1 FP6)
SB #40479
 (Replaces SB 40160)
(v10.5 FP11)
SB #40159
(v11.1.4 FP5)
v11.5.4.0
Security Bulletin:   IBM® Db2® is vulnerable to buffer overflow leading to a privileged escalation (CVE-2020-4363)
SB #40481
(Replaces SB 40162)
(v9.7 FP11)
SB #40161
(v10.1 FP6)
SB #40479
 (Replaces SB 40160)
(v10.5 FP11)
SB #40159
(v11.1.4 FP5)
v11.5.4.0
Security Bulletin:   IBM® Db2® is vulnerable to an information disclosure and denial of service  (CVE-2020-4414)
SB #40481
(Replaces SB 40162)
(v9.7 FP11)
SB #40161
(v10.1 FP6)
SB #40479
 (Replaces SB 40160)
(v10.5 FP11)
SB #40159
(v11.1.4 FP5)
v11.5.4.0
Security Bulletin:   IBM® Db2® is vulnerable to a denial of service attack (CVE-2020-4420)
SB #40481
(Replaces SB 40162)
(v9.7 FP11)
SB #40161
(v10.1 FP6)
SB #40479
 (Replaces SB 40160)
(v10.5 FP11)
SB #40159
(v11.1.4 FP5)
v11.5.4.0
Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. N/A N/A N/A SB #39991 (v11.1.4  FP5) SB #39990 (v11.5)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (January 2020 CPU) EoS EoS JDK Upgrade JDK Upgrade JDK Upgrade
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4161) N/A N/A N/A N/A SB #39711 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2020-4230) N/A N/A N/A SB #39693 (v11.1.4 FP5) SB #39711 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4200)   N/A N/A SB #39688 (v10.5 FP10) SB #39693 (v11.1.4 FP5) SB #39711 (v11.5)
Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2020-4204) SB #39672 (v9.7 FP11) SB #39678 (v10.1 FP6) SB #39688 (v10.5 FP10) SB #39693 (v11.1.4 FP5) SB #39711 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135) SB #39672 (v9.7 FP11) SB #39678 (v10.1 FP6) SB #39688 (v10.5 FP10) SB #39693 (v11.1.4 FP5) SB #39711 (v11.5)
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2019-4558) EoS EoS N/A V11.1.4.5 V11.5
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1783) EoS EoS Spectrum Scale 4.1.1.17 eFix 9 V11.1.4.5 N/A
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation (CVE-2019-4587) N/A SB #39396 (v10.1 FP6) SB #39397 (v10.5 FP10) V11.1.4.5 SB #39395 (v11.5)
Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2019-4584) SB #39395 (v9.7 FP11) SB #39396 (v10.1 FP6) SB #39397 (v10.5 FP10) V11.1.4.5 SB #39395 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to information disclosure (CVE-2019-4524) SB #39395 (v9.7 FP11) SB #39396 (v10.1 FP6) SB #39397 (v10.5 FP10) V11.1.4.5 SB #39395 (v11.5)
Security Bulletin: IBM® Db2® is vulnerable to information disclosure (CVE-2019-4438) N/A N/A N/A V11.1.4.5 N/A
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (August 2019 CPU) EoS EoS JDK Upgrade JDK Upgrade JDK Upgrade
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.(April 2019 CPU) EoS EoS JDK Upgrade JDK Upgrade JDK Upgrade
Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin) DB2 9.7 (EoS) DB2 10.1 (EoS) DB2 10.5 DB2 11.1
Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2019-4322). SB #38744 (v9.7 FP11) SB #38745 (v10.1 FP6) SB #38746 (v10.5 FP10) SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2019-4386). N/A N/A N/A SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® is vulnerable to buffer overflow leading to potential arbitrary code execution as root (CVE-2019-4154). SB #38744 (v9.7 FP11) SB #38745 (v10.1 FP6) SB #38746 (v10.5 FP10) SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® does not explicitly forbid a weaker than expected 3DES cipher when configured to use SSL (CVE-2019-4102). SB #38744 (v9.7 FP11) SB #38745 (v10.1 FP6) SB #38746 (v10.5 FP10) SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: Under specialized conditions, IBM® Db2® is vulnerable to denial of service (CVE-2019-4101). N/A SB #38745 (v10.1 FP6) SB #38746 (v10.5 FP10) SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation to root via malicious use of fenced user (CVE-2019-4057) SB #38744 (v9.7 FP11) SB #38745 (v10.1 FP6) SB #38746 (v10.5 FP10) SB #38747 (v11.1.4.4 iFix001)
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2019-4014). SB #38501
(v9.7 FP11)
SB #38502
(v10.1 FP6)
SB #38478
(v10.5 FP10)
SB #38505
(v11.1.4.4 iFix 001)
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2018-1936). SB #38501
(v9.7 FP11)
SB #38502
(v10.1 FP6)
SB #38478
(v10.5 FP10)
SB #38505
(v11.1.4.4 iFix 001)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (January 2019 CPU) EoS EoS JDK Upgrade JDK Upgrade
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094). SB #38387 (v9.7 FP11) SB #38388 (v10.1 FP6) SB #38389 (v10.5 FP10) V11.1.4.4 iFix001
Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016). SB #38387 (v9.7 FP11) SB #38388 (v10.1 FP6) SB #38389 (v10.5 FP10) V11.1.4.4 iFix001
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2®. (October 2018 CPU) EoS EoS JDK Upgrade JDK Upgrade
Security Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977). N/A N/A N/A v11.1.4 FP4
Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723). N/A N/A Spectrum Scale 4.1.1.17 efix 8 v11.1.4 FP4
Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow leading to privilege escalation (CVE-2018-1897). SB #38043 (v9.7 FP11) SB #38065 (v10.1 FP6) SB #38042 (v10.5 FP10) v11.1.4 FP4
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (August 2018 CPU) EoS EoS JDK Upgrade v11.1.4 FP4
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2018-1802).

EoS

SB #37995 (v9.7 FP11)

EoS

SB #37994 (v10.1 FP6)

SB #37993 (v10.5 FP10)

v11.1.4.4

OR

SB #37992 (v11.1.3.3 iFix002)

Security Bulletin: IBM® Db2® is affected by multiple privilege escalation vulnerabilities (CVE-2018-1799, CVE-2018-1780, CVE-2018-1781, CVE-2018-1834).

EoS

SB #37995 (v9.7 FP11)

EoS

SB #37994 (v10.1 FP6)

SB #37993 (v10.5 FP10)

v11.1.4.4

OR

SB #37992 (v11.1.3.3 iFIx002)

Security Bulletin: IBM® Db2®'s RCAC rules are not being enforced by CTAS sub-select statements (CVE-2018-1857) EoS N/A N/A

v11.1.4.4

OR

SB #37992 (v11.1.3.3 iFix002)

Vulnerabilities in GSKit affect IBM Spectrum Scale used by DB2® pureScale™ (CVE-2018-1431, CVE-2018-1447, CVE-2017-3732, CVE-2016-0705). EoS EoS


Spectrum Scale Update

v11.1.4.4 and Spectrum Scale Update
 
Privilege escalation in IBM® DB2® tool db2cacpy (CVE-2018-1685).
EoS
IT25816 in SB #37945 (v9.7 FP11)

EoS

IT25815 in SB #37946 (v10.5 FP6)

IT25814 in SB #37836 (v10.5 FP10) IT25466 in SB #37835 (v11.1.3.3 iFix002)
Security Bulletin: Buffer overflow in IBM® DB2® tool db2licm (CVE-2018-1710). Not Vulnerable

EoS

IT25820 in
SB #37946 (v10.1 FP6)

IT25719 in SB #37836 (v10.5 FP10) IT25819 in SB #37835 (v11.1.3.3 iFix002)
Security Bulletin: Privilege escalation vulnerability affects IBM® DB2® Administrative Task Scheduler (CVE-2018-1711) EoS IT25824 in SB #37945 (v9.7 FP11)

EoS

IT25825 in SB #37946 (v10.1 FP 6)

IT25826 in SB #37836 (v10.5 FP10)

v11.1.4.4

OR

IT25813 in SB #37835 (v11.1.3.3 iFix002)

Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (CVE-2018-2783, CVE-2018-2794) EoS EoS  


JDK upgrade

v11.1.4 FP4

 

Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737) EoS EoS  


FCM upgrade

v11.1.4 FP4

OR

FCM upgrade

Privilege escalation in IBM DB2 via loading libraries from untrusted path (CVE-2018-1487)

EoS

IT24477 in SB #37642 (v9.7 FP11)

EoS
IT24476 in SB #37641 (v10.1 FP6)
IT24475 in SB #37640 (v10.5 FP9)

v11.1.3 FP3 iFix002

OR

IT24474 in SB #37639 (v11.1.3.3 iFix001)

Multiple untrusted search path vulnerabilities in the IBM DB2 DAS component on Windows (CVE-2018-1458)

EoS

IT24826 in SB #37642 (v9.7 FP11)

EoS
IT24825 in SB #37641 (v10.1 FP6)
v10.5 FP10
OR
SB #37640 (v10.5 FP9)

v11.1.3 FP3 iFix002

OR

IT24823 in SB #37639 (v11.1.3.3 iFix001)

Security Bulletin: Format string vulnerability in IBM DB2 tool db2support (CVE-2018-1566)

EoS IT24463 in SB #37642 (v9.7 FP11)

EoS
IT24462 in SB #37641(v10.1 FP6)
v10.5 FP10
OR
IT24461 in SB #37640 (v10.5 FP9)

v11.1.3 FP3 iFix002

OR

IT24283 in SB #37639 (v11.1.3.3 iFix001)

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® DB2®. (CVE-2018-2579, CVE-2018-2678, CVE-2018-2618, CVE-2018-2602)
EoS (Manually upgrade IBM JDK)
EoS
(Manually upgrade IBM JDK)
v10.5 FP10
V11.1.3 FP4
Security Bulletin: IBM® DB2® is vulnerable to buffer overflow (CVE-2018-1459)
IT24466 in Special Build #37477 (v9.7 FP11)
IT24465 in Special Build #37478 (v10.1 FP6)
v10.5 FP10
OR
IT24464 in Special Build #37479 (v10.5 FP9)
IT24311 in v11.1.3.3 iFix001
Security Bulletin: Multiple vulnerabilities affect db2exmig and db2exfmt tools shipped with IBM® Db2® (CVE-2018-1544, CVE-2018-1565)
IT24804 in Special Build #37477 (v9.7 FP11)
IT24803 in Special Build #37478 (v10.1 FP6)
v10.5 FP10
OR
SB #37479 (v10.5 FP9)
IT24799 in v11.1.3.3 iFix001
Security Bulletin: Buffer overflow in the db2convert tool shipped with IBM® DB2® (CVE-2018-1515)
Not vulnerable
Not vulnerable
IT24645 in Special Build #37479
IT24642 in v11.1.3.3 iFix001
Security Bulletin: Buffer overflow in IBM® DB2® tool db2licm (CVE-2018-1488)
Not vulnerable
Not vulnerable
IT24478 in Special Build #37479
IT24473 in v11.1.3.3 iFix001
Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452)
IT24217 Special Build #37477
IT24216 Special Build #37478
IT24215 Special Build #37479
IT24171 in v11.1.3.3 iFix001
Security Bulletin: IBM® Db2® is affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654)
EoS
EoS
V10.5 FP9
Spectrum Scale V4.1.1.11 efix9
V11.1.1 FP3
Spectrum Scale V4.1.1.17 efix3
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426, CVE-2018-1447) IT24060
Special Build #37314 (see Security Bulletin)
IT24061
Special Build #37313 (see Security Bulletin)
IT24058
Special Build #37311 (see Security Bulletin)
IT24059
in v11.1 M3 FP3
Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files (CVE-2018-1448) IT24214
Special Build #37314 (see Security Bulletin)
IT24213
Special Build #37313 (see Security Bulletin)
IT24212
Special Build #37311 (see Security Bulletin)
IT24170 in v11.1 M3 FP3
The Db2 JDBC driver deserializes an object unsafely potentially leading to arbitrary code execution (CVE-2017-1677) IT23799
Special Build #37314 (see Security Bulletin)
IT23798
Special Build #37313 (see Security Bulletin)
IT23797
Special Build #37311 (see Security Bulletin)
IT23794 in v11.1 M3 FP3
Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571) IT22411
Special Build #37314 (see Security Bulletin)
IT22413
Special Build #37313 (see Security Bulletin)
IT22414
Special Build #37311 (see Security Bulletin)
IT22415 in v11.1 M3 FP3
Security Bulletin: : Security vulnerabilities have been identified in Tivoli Storage FlashCopy Manager shipped with IBM Db2.
N/A
IT18997 (fixed in next release) IT20495 in V10.5 FP9 V11.1.3 FP3 Solution in PPA (see Security Bulletin)
Security Bulletin: Privilege escalation vulnerabilities affect IBM® Db2® (CVE-2017-1439, CVE-2017-1451) IT21396 Special Build #36826 (see Security Bulletin) IT21395 Special Build #36827 (see Security Bulletin) IT21394 in V10.5 FP9
or
FP8 Special Build #36828
IT21364
V11.1.3
or
v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: Privilege escalation vulnerabilities affect IBM® Db2® (CVE-2017-1438) IT21143 Special Build #36826 (see Security Bulletin) IT21163 Special Build #36827 (see Security Bulletin) IT21164 in V10.5 FP9
or
FP8 Special Build #36828
IT21140
v11.1.3
or
v11.1 FP2 Special Build #36792(see Security Bulletin)
Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files. (CVE-2017-1452) IT21465 Special Build #36826 (see Security Bulletin) IT21464 Special Build #36827 (see Security Bulletin) IT21463 in V10.5 FP9
or
FP8 Special Build #36828
IT21458
v11.1 FP3
or
v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® Db2® sensitive information exposure in the error log (CVE-2017-1434).
N/A
N/A
N/A
IT21347
v11.1 FP3
or
v11.1 FP2 Special Build #36792(see Security Bulletin)
Security Bulletin: IBM® Db2® is affected by denial of service vulnerability in the Db2 Connect Server (CVE-2017-1519)
N/A
N/A
IT21454 in V10.5 FP9
or
FP8 Special Build #36828
IT21455
v11.1 FP3
or
v11.1 FP2 Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® Db2® is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT (CVE-2017-1520) IT21974 Special Build #36826 (see Security Bulletin) IT21973 Special Build #36827 (see Security Bulletin) IT21462 in V10.5 FP9
or
FP8 Special Build #36828
IT21459

v11.1 FP3
or
v11.1 FP2
Special Build #36792 (see Security Bulletin)
Security Bulletin: IBM® DB2® LUW's Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297). IT20570
Special Build #36621 (see Security Bulletin)
IT20571
Special Build #36610 (see Security Bulletin)
IT20498
in V10.5 FP9
or FP8 Special Build #36605
IT20562 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by vulnerabilities in zlib (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843). IT9129
Special Build #36621(see Security Bulletin)
IT20564
Special Build #36610 (see Security Bulletin)
IT20565
in V10.5 FP9
or
FP8 Special Build #36605
IT20566 in V11.1 FP2
Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105) IT20567
Special Build (see Security Bulletin)
IT20568
Special Build (see Security Bulletin)
IT20461
in V10.5 FP9
IT20463 in V11.1 FP2
Security Bulletin: Privilege escalation vulnerability affects IBM® DB2® LUW (CVE-2017-1134)
N/A
IT20569 see Security Bulletin IT20460 in V10.5 FP9 IT20462 in V11.1 FP2
Security Bulletin: Information Disclosure vulnerability affects IBM® DB2® LUW (CVE-2017-1150)
N/A
IT15485 in V10.1 FP6 IT19399 in V10.5 FP9 IT19400 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW is vulnerable to Sweet32 Birthday Attack (CVE-2016-2183) IT17531 Have remediation (see Security Bulletin) IT17645 in V10.1 FP6 IT17646 in V10.5 FP9 Have remediation IT17467 in V11.1 FP2
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by a Vulnerability in GPFS (CVE-2016-2119) N/A
N/A
T17644 in V10.5 FP9 IT17530 in V11.1 FP1
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995) IT17010 Special Build (see Security Bulletin) IT17011 in V10.1 FP6 IT16921 in V10.5 FP8 IT17012 in V11.1 FP1
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985) IT17531 Special Build (see Security Bulletin) IT17645 in V10.1 FP6 IT17646 in V10.5 FP9 IT17647 in V11.1.1 FP1
Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463)
N/A
N/A
IT17644 in V10.5 FP9 IT17530 in V11.1.1 FP1
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995) IT17010 Special Build (see Security Bulletin) IT17011 in V10.1 FP6 IT16921 in V10.5 FP8 IT17012 in V11.1.1 FP1
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985)
N/A
IT16321 in V10.1 FP6 IT16323 in V10.5 FP8 IT16324 in V11.1.1 FP1
Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463) IT15576 Special Build (see Security Bulletin) IT15577 in V10.1 FP6 IT15578 in V10.5 FP8 IT15579 in V11.1.1 FP1
Vulnerabilities in Flexera InstallShield and InstallAnywhere affect IBM Data Server Driver packages (CVE-2016-2542, CVE-2016-4560) IT14993 in V9.7 FP11 (no Special Build) IT14999 in V10.1 FP6 IT15000 in V10.5 FP8 Fixed in GA
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS
N/A
IT16321 in V10.1 FP6 IT16323 in V10.5 FP8 IT16324
Security Bulletins newest to oldest (Special Build download links are included in the Security Bulletin) DB2 9.7 (EoS) DB2 9.8 (EoS) DB2 10.1 (EoS) DB2 10.5
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability using a SELECT statement with subquery containing the AVG OLAP function on Oracle compatible database (CVE-2016-0215) IT12673 IT13208 Special Build (see Security Bulletin) IT12669 in V10.1 FP6 IT12675 in V10.5 FP8
IBM® DB2® LUW contains a denial of service vulnerability in which a malformated DRDA message may cause the DB2 server to terminate abnormally (CVE-2016-0211) IT12462 Special Build (see Security Bulletin) IT13350 Special Build (see Security Bulletin) IT12487 in V10.1 FP6 IT12488 in V10.5 FP8
Security Bulletin: Vulnerabilities in the GSKit component of IBM® DB2® LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421) IT12647 Special Build (see Security Bulletin) IT12646 Special Build (see Security Bulletin) IT12645 Special in V10.1 FP6 IT12642 in V10.5 FP8
Vulnerabilities in GPFS affect IBM® DB2® LUW on AIX and Linux (CVE-2015-4974, CVE-2015-4981 & CVE-2015-7403)
N/A
IT11550 Special Build (see Security Bulletin) IT11549 in V10.1 FP6 IT11536 in V10.5 FP8
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-0204)
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM® DB2® LUW (CVE-2015-2808)
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® LUW (CVE-2015-1788)
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® DB2® LUW (CVE-2015-4000)
Note: these vulnerabilities also affect Java, and for that, customer need to download the new version of Java from DB2 Fix Central. Please refer to security bulletin for details.
N/A
N/A
IT07393 in V10.1 FP6 IT07394 in V10.5 FP7
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® LUW (CVE-2015-1947) IT08755 Special Build (see Security Bulletin) IT08754 Special Build (see Security Bulletin) IT08751 in V10.1 FP6 IT08753 in V10.5 FP7
Security Bulletin: Vulnerability in OpenSSL affects IBM® DB2® (CVE-2015-1788) IT09897 in V9.7 FP11 IT09901 Special Build (see Security Bulletin) IT09899
in V10.1 FP6
IT09900 in V10.5 FP7
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in scalar functions (CVE-2015-0157) IT07103 in V9.7 FP11 IT07107 Special Build (see Security Bulletin) IT07108 in V10.1 FP5 IT07109 in V10.5 FP7
Security Bulletin: IBM® DB2® contains a file disclosure vulnerability in the database automated maintenance feature (CVE-2015-1883) IT08086 in V9.7 FP11 IT08085 Special Build (see Security Bulletin) IT08080 in V10.1 FP5 IT08075 in V10.5 FP7
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM® DB2® LUW (CVE-2015-2808) IT08534 in V9.7 FP11 IT08535 Special Build (see Security Bulletin) IT08536 in V10.1 FP5 IT08537 in V10.5 FP7
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in scalar functions that may result in arbitrary code execution as the DB2 instance owner (CVE-2015-1935) IT08668 in V9.7 FP11 IT08667 Special Build (see Security Bulletin) IT08543 in V10.1 FP5 IT08656 in V10.5 FP6
Security Bulletin: Multiple vulnerabilities in GPFS affects IBM® DB2® LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)
N/A
1IT8112 Special Build (see Security Bulletin) IT08525 in V10.1 FP5 IT08113 in V10.5 FP6
Security Bulletin: IBM® DB2® LUW contains a bypass security vulnerability in its Data Movement feature (CVE-2015-1922) IT08523 in V9.7 FP11 IT08524 Special Build (see Security Bulletin) IT08525 in V10.1 FP5 IT08526 in V10.5 FP6
Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910) IT06356 in V9.7 FP11 IT06355 Special Build (see Security Bulletin) IT06354 in V10.1 FP5 IT06353 in V10.5 FP6
Security Bulletin: IBM® DB2® contains a sensitive information exposure vulnerability in the monitoring and audit feature (CVE-2014-0919) IT07547 in V9.7 FP11 IT07552 Special Build (see Security Bulletin) IT07553 in V10.1 FP5 IT07554 in V10.5 FP6
Security Bulletin: Vulnerabilities in GSKit affect IBM® DB2® (CVE-2015-0138, CVE-2015-0159 and CVE-2014-6221) IT07648 in V9.7 FP11 IT07647 Special Build (see Security Bulletin) IT07646 in V10.1 FP5 IT07635 in V10.5 FP6
Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730) IT06348 in V9.7 FP11 IT06349 Special Build (see Security Bulletin) IT06350 in V10.1 FP5 IT06351 in V10.5 FP6
Security Bulletin: IBM® DB2® XML Query Will Cause Excessive CPU Usage (CVE-2014-8901) IT05937 in V9.7 FP11 IT05938 Special Build (see Security Bulletin) IT05939 in V10.1 FP5 IT05933 in V10.5 FP5
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which multiple ALTER TABLE statements may cause the DB2 server to terminate abnormally. (CVE-2014-6210) IC96934 in V9.7 FP11 IT05651 Special Build (see Security Bulletin) IT05652 in V10.1 FP5 IT04138 in V10.5 FP5
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. (CVE-2014-6209) IT05645 in V9.7 FP11 IT056446 Special Build (see Security Bulletin) IT05647 in V10.1 FP5 IT04786 in V10.5 FP5
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally when AUTO_REVAL is set to IMMEDIATE. (CVE-2014-6159) IT05105 in V9.7 FP10 IT05132 Special Build (see Security Bulletin) IT05074 in V10.1 FP5 IT04730 in V10.5 FP4
Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement may cause the DB2 server to terminate abnormally. (CVE-2014-6097) IT03786 in V9.7 FP10 IT04034 Special Build (see Security Bulletin)
N/A
N/A
Security Bulletin: Unauthorized Access to user data vulnerability in DB2 during certain LOAD operations into Columnar Data Engine (CDE) tables (CVE-2014-4805)
N/A
N/A
N/A
IT03761 in V10.5 FP4
Security Bulletin: IBM® DB2® for LUW is affected by the OpenSSL vulnerability (CVE-2014-3470)
N/A
N/A
IT02960 in V10.1 FP5 IT02963 in V10.5 FP4
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability using a SELECT statement with a subquery containing a UNION (CVE-2014-3095) IT02645 in V9.7 FP10 IT02644 Special Build (see Security Bulletin) IT02646 in V10.1 FP5 IT02433 in V10.5 FP4
Security Bulletin: IBM® DB2® is affected by the JSON-C vulnerability (CVE-2013-6371}
N/A
N/A
N/A
IT02201 in V10.5 FP4
Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094) IT02592 in V9.7 FP10 IT02594 Special Build (see Security Bulletin) IT02593 in V10.1 FP5 IT02291 in V10.5 FP4
Security Bulletin: IBM® DB2® is impacted by multiple TLS/SSL security vulnerabilities (CVE-2013-6747, CVE-2014-0963) IC99474 in V9.7 FP9a IC99476 Special Build (see Security Bulletin) IC99475 in V10.1 FP3a & FP4 IC99477 in V10.5 FP3a
Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2014-0907) IT00684 in V9.7 FP9a IT00685 Special Build (see Security Bulletin) IT00686 in V10.1 FP3a & FP4 IT00687 in V10.5 FP3a
Security Bulletin: Escalation of Privilege Vulnerability in IBM® DB2® Stored Procedure Infrastructure on Windows (CVE-2013-6744) IC99478 in V9.7 FP9a
N/A
IC99480 in V10.1 FP3a & FP4 IC99481 in V10.5 FP3a
Security Bulletin: Denial of Service Vulnerability in DB2's XSLT Library. (CVE-2013-5466) IC97470 in V9.7 FP9 IC97763 Special Build (see Security Bulletin) IC97471 in V10.1 FP3a & FP4 IC97472 in V10.5 P3
Security Bulletin: Executing a query with an OLAP specification causes the DB2 server to terminate database connections. (CVE-2013-6717) IC95641 in V9.7 FP9 IC97762 Special Build (see Security Bulletin) IC97737 in V10.1 FP3a & FP4 IC97738 in V10.5 P3
Security Bulletin: Denial of Service Vulnerability in DB2 for Unix, Linux and Windows's Fast Communications Manager. (CVE-2013-4032)
N/A
N/A
IC94434 in V10.1 FP3 IC94939 in V10.5 P3
Security Bulletin: Unauthorized Access to Table Vulnerability in DB2 (CVE-2013-4033) IC94523 in V9.7 FP9 IC94756 Special Build (see Security Bulletin) IC94757 in V10.1 FP3 IC94758 in V10.5 FP1
Security Bulletin: Privilege escalation vulnerability in IBM DB2's Audit Facility (CVE-2013-3475) IC92495 in V9.7 FP9 IC92496 Special Build (see Security Bulletin) IC92498 in V10.1 FP3
10.5 GA
Security Bulletin: IBM DB2 is impacted by a vulnerability in the IBM GSKit library (CVE-2013-0169) IC90395 in V9.7 FP9 IC90396 Special Build (see Security Bulletin) IC90397 in V10.1 FP3a & FP4
10.5 GA
Security Bulletin: Multiple GSKit Vulnerabilities in IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203) IC90395 in V9.7 FP9 IC90396 Special Build (see Security Bulletin) IC90397 in V10.1 FP3a & FP4
10.5 GA
Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 SQL/PSM Stored Procedure Infrastructure (CVE-2012-4826) IC86781 in V9.7 FP7 IC86782 Special Build (see Security Bulletin) IC86783 in V10.1 FP1
N/A
Security Bulletin: IBM DB2 Security Vulnerability in the UTL_FILE module (CVE-2012-3324)
N/A
N/A
IC85513 in V10.1 FP1
N/A
Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 Java Stored Procedure Infrastructure (CVE-2012-2197) IC84753 in V9.7 FP7 IC84754 Special Build (see Security Bulletin) IC84755 in V10.1 FP1
N/A
Security Bulletin: IBM DB2 Security Vulnerability in SQLJ.DB2_INSTALL_JAR (CVE-2012-2194) IC84714 in V9.7 FP7 IC84715 Special Build (see Security Bulletin) IC84716 in V10.1 FP1
N/A
Security Bulletin: XML File Disclosure Vulnerability in IBM DB2 GET_WRAP_CFG_C and GET_WRAP_CFG_C2 (CVE-2012-2196) IC84748 in V9.7 FP7 IC84750 Special Build (see Security Bulletin) IC84751 in V10.1 FP1
N/A
Security Bulletin: DB2 Denial of Service Vulnerability in DRDA (CVE-2012-2180) IC82234 in V9.7 FP6 IC82367 in V9.8 FP5
10.1 GA
N/A
Security Bulletin: Unauthorized File Access Security Vulnerability in DB2 XML Feature (CVE-2012-0713) IC81462 in V9.7 FP6 IC81839 in V9.8 FP5
10.1 GA
N/A
Security Bulletin: Remote Escalation of Privilege Vulnerability in DB2 Administration Server (CVE-2012-0711) IC80729 in V9.7 FP6
N/A
10.1 GA
N/A
Security Bulletin: DB2 Denial of Service Vulnerability in DRDA (CVE-2012-0710) IC76901 in V9.7 FP5 IC76902 in V9.8 FP4
N/A
N/A
Security Bulletin: Unauthorized Access to Table Vulnerability in DB2 (CVE-2012-0709) IC81390 in V9.7 FP6 IC81836 in V9.8 FP5
N/A
N/A
Security Bulletin: Denial of Service Security Vulnerability in DB2’s XML Feature. (CVE-2012-0712) IC81380 in V9.7 FP6 IC81837 in V9.8 FP5
N/A
N/A
DB2 Escalation of Privilege Vulnerability (CVE-2011-4061) IC79274 in V9.7 FP6
N/A
N/A
N/A

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"Install\/Migrate\/Upgrade - Fixpak","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.8;9.7;10.1;10.5;11.1;11.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
27 February 2024

UID

swg21984819