security holes that have been found.

The security patches are in fp6a and fp7a. Fp7 is 8.2, so if you are 8.2
and you are still on fp7 or installed 8.2 without any fixpacks, you need
to install fp7a.

Larry Edelstein

mairhtin o'feannag wrote:

Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented" at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,00.html
My question is ... has anyone had any experience with these "flaws" ???

We are using 8.2, so the article implies that we are safe, as it does not
mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5, say,
is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag

The security patches are in fp6a and fp7a. Fp7 is 8.2, so if you are 8.2
and you are still on fp7 or installed 8.2 without any fixpacks, you need
to install fp7a.

Larry Edelstein

mairhtin o'feannag wrote:

Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented" at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,00.html
My question is ... has anyone had any experience with these "flaws" ???

We are using 8.2, so the article implies that we are safe, as it does not
mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5, say,
is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag

OK,

I want to be VERY VERY CERTAIN of this. No kidding, it's not clear at
ALL.

I have 8.2 installed, no fixpacks. All of the documentation on the 7a
fixpack states that it applies to 8.l, and makes no mention of 8.2 .

Also, the Linux version of the fixpack is less than half the size of the
other fixpacks, and uses the designation of MI00086 rather than the
usual U or WR designations. Why would the fixpack be so small when I
understand that it is a full product refresh?

Getting this wrong is not an option. The folks here are extraordinarily
wary, due to a recent break-in.

Thanks in advance,

Mairhtin


"mairhtin o'feannag" <ir**********@rocketmaildot.com> wrote in
news:Xn**********************************@64.164.9 8.29:

Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented" at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,00.html
My question is ... has anyone had any experience with these "flaws"
???

We are using 8.2, so the article implies that we are safe, as it does
not mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5,
say, is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag

I strongly recommend contacting IBM support for an answer to your
question. You state that you've installed 8.2 with no fixpacks. 8.2 can
be "in use" by installing 8.1 and FP7. FP7 was retired an replaced with
FP7a, which fixes an number of issues. I believe that 8.2 was released
equivalent to 8.1 + FP7 but don't really know if it was FP7 or FP7a.

IBM's support site for LUW makes no mention of UDB 8.2. Since you've
installed it directly; I believe the only place you should get the
definitive answer you seek is directly from IBM support. You'll need the
output from the command:
db2level
when you contact support. A new install at 8.2 implies that you've
obtained a new product and should, therefore, have new product support.

Phil Sherman
mairhtin o'feannag wrote:

OK,

I want to be VERY VERY CERTAIN of this. No kidding, it's not clear at
ALL.

I have 8.2 installed, no fixpacks. All of the documentation on the 7a
fixpack states that it applies to 8.l, and makes no mention of 8.2 .

Also, the Linux version of the fixpack is less than half the size of the
other fixpacks, and uses the designation of MI00086 rather than the
usual U or WR designations. Why would the fixpack be so small when I
understand that it is a full product refresh?

Getting this wrong is not an option. The folks here are extraordinarily
wary, due to a recent break-in.

Thanks in advance,

Mairhtin


"mairhtin o'feannag" <ir**********@rocketmaildot.com> wrote in
news:Xn**********************************@64.164.9 8.29:

Hello,

I was given a heads-up about some security flaws in DB2, which are
"documented" at :

http://searchdatabase.techtarget.com...0,289142,sid13
_gci1013055,00.html
My question is ... has anyone had any experience with these "flaws"
???

We are using 8.2, so the article implies that we are safe, as it does
not mention 8.2 in its brief.

The "patch" for this is supposedly at :

http://www-306.ibm.com/software/data...ownloadv8.html

But that's just a fixpack page for the whole product.
This article was generated on 7 October, so I would think that FP 5,
say, is not compliant with the "fix" ???

TIA

Mairhtin O'Feannag