A fix is available
APAR status
Closed as program error.
Error description
Possible execution of arbitrary code caused by integer overflow in decompression function (Docker image only). (CVE-2014-4607)
Local fix
Problem summary
A possible overflow in a decompression function could allow for the execution of arbitrary code or cause a denial of service as reported in CVE-2014-4607. This is limited to DataPower running within a Docker container.
Problem conclusion
Fix is available in 7.5.2.1 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Temporary fix
Comments
APAR Information
APAR number
IT17299
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
752
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-09-30
Closed date
2016-11-08
Last modified date
2016-11-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R752 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"752","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 February 2022