Sadly, officially there still is no "11.1.4.5 or V11.1.4.4 iFix002" , the latest is Db2 "
V11.1.4.4 iFix001"
A real
shame actually, because even the latest Db2 V11.1.4.4 iFix001 does
NOT include these important
Security APAR's !!!
- IT29115: SECURITY: DB2 AFFECTED BY BUFFER OVERFLOW VULNERABILITIES (CVE-2019-4322)
- IT29350: SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE (CVE-2019-4386)
- IT28440: SECURITY: DB2 IS VULNERABLE TO A BUFFER OVERFLOW (CVE-2019-4154)
- IT28267: SECURITY: DB2 DOES NOT EXPLICITLY FORBID A WEAKER THAN EXPECTED 3DES CIPHER WHEN CONFIGURED TO USE SSL (CVE-2019-4102)
- IT28255: SECURITY: DB2 IS VULNERABLE TO A DENIAL OF SERVICE (CVE-2019-4101)
- IT27203: SECURITY: PRIVILEGE ESCALATION DURING ROUTINE EXECUTION IN FENCED MODE (CVE-2019-4057)
- IT27328: SECURITY: DB2 IS VULNERABLE TO BUFFER OVERFLOW LEADING TO PRIVILEGE ESCALATION (CVE-2019-4014)
These APAR's (officially still have Status = OPEN) , and are only 'fixed' with a "
Special Build" ("on top of the latest official V11.1.4.4 iFix001").
But who really dares using Special Builds in a production environment (especially in a HADR/TSA environment) ..... ?
Is everything fully tested .... ?
My experience is, SB's don't always have the same QA control as regular official downloadable FixPack's / Mod's / iFix's. Anything can break / will break / unexpected things can happen ...
Risk Security versus Operational Stability , tough choice .... :-(
regards,
Erwin Hattingh
------------------------------
Erwin Hattingh
Systems Engineer / Db2 DBA
Triodos Bank
------------------------------
Original Message:
Sent: Wed November 27, 2019 07:57 PM
From: SangGyu Jeong
Subject: Where can I get Db2 fix pack version 11.1.4.5?
Hello, everyone.
The Knowledge Center displays Mod Pack 4 and Fix Pack 5, but not in fix central.
https://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.db2.luw.wn.doc/doc/c0061179.html
Isn't the fix pack uploaded to fix central yet?
------------------------------
SangGyu Jeong
Software Engineer
Infrasoft
Seoul Korea, Republic of
------------------------------
#Db2