Security Bulletin: IBM Data Server Driver for ODBC and CLI is affected by multiple vulnerabilities in the GSKit library

Summary IBM Data Server Driver for ODBC and CLI is affected by multiple vulnerabilities in the GSKit library. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploi...

Security Bulletin: GSKit security vulnerabilities have been identified in IBM HTTP Server and IBM DB2 shipped with IBM Tivoli Netcool Performance Manager

Summary IBM WebSphere Application Server and IBM DB2 Enterprise are shipped as components of IBM Tivoli Netcool Performance Manager. Information about a security vulnerability affecting WebSphere Application Server and IBM DB2 Enterprise has been published in a security bulletin. Vulnerability...

GNOME Evolution Evolution-Data-Server Buffer Overflow Vulnerability

GNOME Evolution is a set of mail client programs from the GNOME project for the Gnome desktop environment on Linux. The program provides Email, calendar, meeting scheduling, contact management, etc. Evolution-Data-Server is one of the data server components. A buffer overflow vulnerability exists...

CVE-2018-12422

DISPUTED addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had...

Security Bulletin: Information Disclosure Vulnerability in Tivoli Business Service Manager (CVE-2016-0286)

Summary Information about an information disclosure security vulnerability affecting Tivoli Business Service Manager TBSM is published in this security bulletin. Manipulation of communication between the TBSM Dashboard server and the TBSM Data Server could result in information disclosure...

Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105)

Summary IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. Vulnerability Details CVEID: CVE-2017-1105 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2...

Security Bulletin: Vulnerabilities in open source zlib library affect IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI

Summary Vulnerabilities have been addressed in the open source zlib library component of IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointe...

Security Bulletin: Security vulnerabilities have been identified in data server connection and product integration shipped with InfoSphere Optim Query Workload Tuner [for LUW, z/OS] (CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)

Summary Data server connection and product integration are shipped as a component of InfoSphere Optim Query Workload Tuner for LUW, z/OS. Information about security vulnerabilities affecting data server connection and product integration have been published in a security bulletin. Vulnerability...

Security Bulletin: Open Source Apache Xerces-C XML parser Vulnerabilities -- including XML4C (CVE-2016-0729)

Summary The vulnerabilities have been addressed in the Open Source Apache Xerces-C XML parser for IBM Data Server Driver packagesDB2 Connect Instance less clients. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caus...

Security Bulletin: Vulnerabilities in Flexera InstallShield and InstallAnywhere affect IBM Data Server Driver packages (CVE-2016-2542, CVE-2016-4560)

Summary Vulnerabilities have been addressed in the Flexera InstallShield and InstallAnywhere componenst of IBM Data Server Driver packages. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused ...

Security Bulletin: Vulnerabilities in GSKit affect IBM Data Server Client and Driver packages(CVE-2016-0201, CVE-2015-7420 and CVE-2015-7421)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Data Server Client and Driver packages Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit th...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect various Optim data server tools desktop products (CVE-2015-0488, CVE-2015-0478 and CVE-2015-1916)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition, Versions 7 Service Refresh 7 Fix Pack 1, 7R1 Service Refresh 1 Fix Pack 1, 6 Service Refresh 16 Fix Pack 1, and earlier releases that are used by various Optim data server tools desktop products. These issues were...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Data Server Manager (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Data Server Manager. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects various Optim data server tools desktop products (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects various Optim data server tools desktop products. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Vulnerabilities in GSKit affect IBM® DB2® (CVE-2015-0138, CVE-2015-0159 and CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM DB2. The GSKit that is shipped with IBM DB2 contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM DB2 has addressed the applicable CVEs. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect various Optim data server tools desktop products (CVE-2014-6593 and CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7R1 Service Refresh 2 and earlier releases, Version 7 Service Refresh 8 and earlier releases, Version 6 Service Refresh 16 Fix Pack 2 and earlier releases that are used by various Optim data server tools...

Security Bulletin: TLS padding vulnerability affects IBM Data Server Client packages (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM Data Server Client packages. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive informatio...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect various Optim data server tools desktop products (CVE-2014-6558, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition, Versions 7 Service Refresh 7 Fix Pack 1, 7R1 Service Refresh 1 Fix Pack 1, 6 Service Refresh 16 Fix Pack 1, and earlier releases that are used by various Optim data server tools desktop products. These issues were...

CVE-2018-12422

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the...

Heap overflow

DISPUTED addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had...