Big Blue Plugs DB2 Holes

IBM has released a pair of “FixPaks” to plug
security holes in its DB2 Universal Database product after researchers
discovered multiple code execution vulnerabilities.

Big Blue’s patches, available here
and here,
were issued after security research outfit NGS Software found
buffer overflows that could allow malicious hackers to execute arbitrary
code.

Affected products include the DB2 Universal Database versions 7.x and
8.x.

IBM’s DB2 is a family of relational database products that provides
an open database environment that runs on a range of computing
platforms. A DB2 database can grow from a small single-user
application to a large multi-user system.

According to an NGS advisory,
the vulnerabilities are “critical/high risk.” However, the company is withholding details of the vulnerabilities until
Dec. 1 to allow DB2 database administrators to test and apply the
FixPaks.

News Around the Web