473,549 Members | 3,088 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

security holes that have been found.

Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented " at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,00. html
My question is ... has anyone had any experience with these "flaws" ???

We are using 8.2, so the article implies that we are safe, as it does not
mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5, say,
is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag

Nov 12 '05 #1
4 1286
LE
The security patches are in fp6a and fp7a. Fp7 is 8.2, so if you are 8.2
and you are still on fp7 or installed 8.2 without any fixpacks, you need
to install fp7a.

Larry Edelstein

mairhtin o'feannag wrote:
Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented " at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,00. html
My question is ... has anyone had any experience with these "flaws" ???

We are using 8.2, so the article implies that we are safe, as it does not
mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5, say,
is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag


Nov 12 '05 #2
The security patches are in fp6a and fp7a. Fp7 is 8.2, so if you are 8.2
and you are still on fp7 or installed 8.2 without any fixpacks, you need
to install fp7a.

Larry Edelstein

mairhtin o'feannag wrote:
Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented " at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,00. html
My question is ... has anyone had any experience with these "flaws" ???

We are using 8.2, so the article implies that we are safe, as it does not
mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5, say,
is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag


Nov 12 '05 #3
OK,

I want to be VERY VERY CERTAIN of this. No kidding, it's not clear at
ALL.

I have 8.2 installed, no fixpacks. All of the documentation on the 7a
fixpack states that it applies to 8.l, and makes no mention of 8.2 .

Also, the Linux version of the fixpack is less than half the size of the
other fixpacks, and uses the designation of MI00086 rather than the
usual U or WR designations. Why would the fixpack be so small when I
understand that it is a full product refresh?

Getting this wrong is not an option. The folks here are extraordinarily
wary, due to a recent break-in.

Thanks in advance,

Mairhtin


"mairhtin o'feannag" <ir**********@r ocketmaildot.co m> wrote in
news:Xn******** *************** ***********@64. 164.98.29:
Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented " at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,00. html
My question is ... has anyone had any experience with these "flaws"
???

We are using 8.2, so the article implies that we are safe, as it does
not mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5,
say, is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag


Nov 12 '05 #4
I strongly recommend contacting IBM support for an answer to your
question. You state that you've installed 8.2 with no fixpacks. 8.2 can
be "in use" by installing 8.1 and FP7. FP7 was retired an replaced with
FP7a, which fixes an number of issues. I believe that 8.2 was released
equivalent to 8.1 + FP7 but don't really know if it was FP7 or FP7a.

IBM's support site for LUW makes no mention of UDB 8.2. Since you've
installed it directly; I believe the only place you should get the
definitive answer you seek is directly from IBM support. You'll need the
output from the command:
db2level
when you contact support. A new install at 8.2 implies that you've
obtained a new product and should, therefore, have new product support.

Phil Sherman
mairhtin o'feannag wrote:
OK,

I want to be VERY VERY CERTAIN of this. No kidding, it's not clear at
ALL.

I have 8.2 installed, no fixpacks. All of the documentation on the 7a
fixpack states that it applies to 8.l, and makes no mention of 8.2 .

Also, the Linux version of the fixpack is less than half the size of the
other fixpacks, and uses the designation of MI00086 rather than the
usual U or WR designations. Why would the fixpack be so small when I
understand that it is a full product refresh?

Getting this wrong is not an option. The folks here are extraordinarily
wary, due to a recent break-in.

Thanks in advance,

Mairhtin


"mairhtin o'feannag" <ir**********@r ocketmaildot.co m> wrote in
news:Xn******** *************** ***********@64. 164.98.29:

Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented " at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,0 0.html
My question is ... has anyone had any experience with these "flaws"
???

We are using 8.2, so the article implies that we are safe, as it does
not mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5,
say, is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag



Nov 12 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
3213
by: Dom Leonard | last post by:
Hi all, I occasionally use the javascript protocol in window.open to retrieve a window property of the opener for use as HTML source: window.htmlSrc="<html>...blah ....<\/html>"; window.open("javascript:opener.htmlSrc", testWindow); The technique was absolutely needed in NS4.xx to overcome reentrancy problems with document.writing to...
12
2558
by: A.M. | last post by:
Hi at all, how can I do to insert into a HTML page a file .txt stored in the same directory of the server where is the html file that must display the text file.txt? Thank you very much P.Pietro
116
7422
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'. So now I've developed an app without any...
13
1457
by: Peter L Reader | last post by:
I have to say, from a practical standpoint I'm not all that impressed with the security built into Office 2K3. I'm a small-scale developer building Access apps for a few non-profits locally; I find that in order for me to build and deliver an app that will run without a bunch of scary nag screens, I have to buy a digital certificate from...
3
1545
by: nicholas | last post by:
I use asp.NET dll components on my website. These are managed components, not like asp components that are un-managed. Those who sell these components say that having an asp.Net component in the /bin forlder of your website on a windows2003 server can cause no security holes at all. My hoster says the opposite... So, what is the...
4
2008
by: tony | last post by:
I'm designing a survey form page that will be fairly complex and am becoming confident enough with PHP now to tackle most things. (Thanks to everyone here who has helped) Before I go too far with this I was wondering if anyone could perhaps offer advice or point me to any documents/web pages that could help with ensuring the security of the...
8
1914
by: Matt Kruse | last post by:
http://news.zdnet.com/2100-1009_22-6121608.html Hackers claim zero-day flaw in Firefox 09 / 30 / 06 | By Joris Evers SAN DIEGO--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting...
1
1231
by: =?iso-8859-1?B?QW5kcuk=?= | last post by:
A security hole has been uncovered in Crunchy (version 0.9.1.1 and earlier). Anyone using Crunchy to browse web tutorials should only visit sites that are trustworthy. We are working hard at fixing the hole; a new release addressing the problems that have been found should be forthcoming shortly.
4
2704
by: Bjorn Sagbakken | last post by:
Hi. This might not be the right forum for my question, but still I throw it out: I have just succeeded in publishing my ASP.NET web application on my own PC, opening port 80 in/out in my firewall, so now it is accessable from internet. It is running on IIS own WinXP. So far I haven't exeperienced any problem, but are there actions I...
1
975
by: Keith G Hicks | last post by:
Does anyone know of any good software out there that can be used for testing websites for security holes such (but not only) as sql injection? I know MS has a tool for asp that can find sql injection problems but I could not get it to work on my asp.net project. And I'm looking for something a bit more complete. Thanks, Keith
0
7526
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7723
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
7962
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
0
7814
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
5092
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3504
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
1949
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1063
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
769
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.