Release Notes
Abstract
This technical note provides guidance for installing IBM Security Guardium Data Protection patch 11.0p395, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
- Patch file name: SqlGuard-11.0p395_Bundle_May_03_2024.tgz.enc.sig
- MD5 checksum: 86c08255f02f1bf4cbb2809e496915b5
Finding the patch
Make the following selections to locate this patch for download on the IBM Fix Central website:
Make the following selections to locate this patch for download on the IBM Fix Central website:
- Product selector: IBM Security Guardium
- Installed version: 11.0
- Platform: All
- Click "Continue," select "Browse for fixes," and click "Continue" again.
- Select "Appliance patch (GPU and ad hoc)" and enter the patch information in the "Filter fix details" field to locate the patch.
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Prerequisites
- Guardium 11.0p300 (see the 11.0p300 release notes for more information)
- The latest health check patch 11.0p9997
Installation
Notes:
- This patch is an appliance bundle that includes all fixes for 11.3 except sniffer fixes.
- This patch restarts the Guardium system.
- Do not reboot the appliance while the patch install is in progress. Contact Guardium support if there is an issue with patch installation.
Overview:
- Download the patch and extract the compressed package outside the Guardium system.
- Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
- Apply the latest health check patch.
- Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
- Apply the latest quarterly DPS patch and rapid response DPS patch even if these patches were applied before the upgrade.
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
Attention
Guardium Data Protection 11.3 has reached end of service (EOS) as of April 30, 2024
For more information, see the IBM Support product lifecycle site.
Microsoft certificates expire on May 20, 2024
Microsoft certificates (microsoftca1-4) expire on May 20, 2024. The following Guardium patches provide updated certificates:
Microsoft certificates (microsoftca1-4) expire on May 20, 2024. The following Guardium patches provide updated certificates:
- 11.3 systems use patch 11.0p392 or later
- 11.4 systems use patch 11.0p485 or later
- 11.5 systems use patch 11.0p535 or later
- 12.0 systems use patch 12.0p5 or later
Install the correct patch for your Guardium systems to use the updated certificates. For more information, see https://www.ibm.com/support/pages/node/7080145
Enhancements
This patch includes the following enhancements:
| Issue key | Summary |
|---|---|
| GRD-80325 | Extra check so generic ad-hoc does nothing on appliance where fix already exists |
| GRD-76642 | Remediation for expiring self-signed Guardium Installation Manager (GIM) SHA1 Certificates. Resolves the following flash: https://www.ibm.com/support/pages/node/7115129 |
Resolved issues
This patch resolves the following issues:
| Patch | Issue key | Summary | APAR |
|---|---|---|---|
| 11.0p392 | Patch 11.0p395 on Fix Central | ||
| 11.0p395 | GRD-77581 | enabled auto_install_on_db_server_os_upgrade=1 S-TAP not running | DT276403 |
| GRD-76970 | TSM Vulnerability Mitigation | DT258503 | |
| GRD-76624 | V11.5 Clicking "Search Users" button in "Audit Process To-Do List" Page Always Returned Error | GA18482 | |
| GRD-74770 | Guardium Oracle (OCI) show network verify shows empty results | GA18464 | |
| GRD-74679 | Amazon S3 can not restore the back up as "ERROR: Error authenticating to Amazon S3" from CLI console with IAM Instance Profile | DT381572 | |
| GRD-74216 | Sniffer Crashing - Session inference query | DT259811 | |
| GRD-70966 | Aggregator Query Performance | DT276414 | |
| GRD-63129 | CLI command "store gui hsts_status on" - Parameter not defined err | GA18073 |
Known limitations
This patch contains the following known limitations:
| Issue key | Summary |
|---|---|
| GRD-81989 | User is unable to deploy STAP using Deploy Monitoring Agents on an IPV6 environment when DNS has an IPV4 and IPV6 address designated for the same hostname. Configure DNS to only have one IP address designated per hostname. |
| GRD-82406 | Universal Connector is disabled after applying patch p395 on top of p392. Enable Universal Connector after applying patch p395. |
Security fixes
This patch contains the following security fixes:
| Issue key | Summary | CVEs | |
|---|---|---|---|
| GRD-76178 | PSIRT: PVR0469527 - http2-hpack-9.4.44.v20210927.jar and jetty-http-9.4.10.v20180503.jar (Publicly disclosed vulnerability found by Mend) - Kafka | CVE-2023-36478 | |
| GRD-76398 | Upgrade of BigFix client needed for appliances | CVE-2022-22576, CVE-2022-27544, CVE-2022-27545, CVE-2022-27775, CVE-2022-27776 | |
| GRD-76560 | PSIRT: PVR0424448 - RHEL7 OS component upgrades needed - March Sec Patch | CVE-2020-22218 | |
| GRD-76918 | PSIRT: PVR0474272 - SE - Pen Testing On-prem - October, 2023 - Privilege escalation from tomcat to root (server_receiver.pl) | CVE-2023-47712 | |
| GRD-76927 | PSIRT: PVR0474271 - SE - Pen Testing On-prem - October, 2023 - GIM module upload functionality can be used to upload any file | CVE-2023-47711 | |
| GRD-77429 | PSIRT: PVR0476700, PVR0476723 - IBM Security Guardium is vulnerable to multiple vulnerabilities in open-vm-tools component | CVE-2023-34059, CVE-2023-34058 | |
| GRD-77917 | PSIRT: PVR0477215, PVR0476180 - reactor-netty-1.0.24.jar (Publicly disclosed vulnerability found by Mend) - datastreams | CVE-2023-34054, CVE-2023-34062 | |
| GRD-78092 | PSIRT: PVR0479010 - Apache Struts 2 CVE-2023-50164 vulnerability | CVE-2023-50164 | |
| GRD-78163 | Vulnerabilities in containerd rpm - CVE-2021-41103, CVE-2023-25173, CVE-2022-23648 | CVE-2021-41103, CVE-2023-25173, CVE-2022-23648 | |
| GRD-78200 | PSIRT: PVR0475474, PVR0475502, PVR0475446 - [All] PostgreSQL - CVE-2023-5869 (Publicly disclosed vulnerability) | CVE-2023-5869, CVE-2023-5870, CVE-2023-5868 | |
| GRD-78257 | PSIRT: PVR0475474 - [All] PostgreSQL - CVE-2023-5869 (Publicly disclosed vulnerability) | CVE-2023-5869 | |
| GRD-78874 | PSIRT: PVR0482970, PVR0470863, PVR0470250 - Multiple RPM updates needed for vulnerable components - 11.x and 12.0 | CVE-2023-6377 CVE-2023-5367 CVE-2023-6478 CVE-2022-3550 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVE-2023-0494 CVE-2023-1393 CVE-2023-46847 CVE-2020-22218 CVE-2023-34058 CVE-2023-34059 CVE-2023-3611 CVE-2023-3776 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 |
|
| GRD-79284 | PSIRT: PVR0466432 - [All] kernel - CVE-2023-42753 (Publicly disclosed vulnerability) | CVE-2023-42753 | |
| GRD-79822 | PSIRT: PVR0489259 - IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850 | CVE-2023-33850 | |
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
15 May 2024
UID
ibm17150338