RealTime IT News

Big Blue Plugs DB2 Holes

IBM has released a pair of "FixPaks" to plug security holes in its DB2 Universal Database product after researchers discovered multiple code execution vulnerabilities.

Big Blue's patches, available here and here, were issued after security research outfit NGS Software found buffer overflows that could allow malicious hackers to execute arbitrary code.

Affected products include the DB2 Universal Database versions 7.x and 8.x.

IBM's DB2 is a family of relational database products that provides an open database environment that runs on a range of computing platforms. A DB2 database can grow from a small single-user application to a large multi-user system.

According to an NGS advisory, the vulnerabilities are "critical/high risk." However, the company is withholding details of the vulnerabilities until Dec. 1 to allow DB2 database administrators to test and apply the FixPaks.