Release of Guardium Data Protection DPS update for versions 12.x, 11.x, and 10.x (May 2024, Q2)

Release Notes

Abstract

This document provides a listing of the updates that have been done and are available for IBM Guardium Database Protection Service (DPS). DPS is a subscription service that provides periodic updates to vulnerability tests as well as other predefined content (reports, groups, policies).

Content

Target audience

This document is intended for IBM Security Guardium Data Protection version 12.x, 11.x, and 10.x customers.

Known issues

DB2 z/OS Security APAR SIA-DB2-2019.10-1: When executing this test on DB2 v11.1 and 12.1, you may get a test score error message like "Modules listed for PTF not present in DB2 MEPL". The modules impacted on this security APAR are not found in the DB2 MEPL, which is a rare occurrence, as these are DB2 early code modules which are loaded at IPL time. Please manually verify the impacted modules in SMPE after your database is patched.

Requirements

Version	Requirements
12.x	There are no specific requirements for loading the quarterly DPS release on Guardium version 12.x.
11.x	There are no specific requirements for loading the quarterly DPS release on Guardium version 11.x.
10.x	The minimum release requirement for loading the quarterly DPS release on Guardium version 10.x is 10.0p200, but we strongly recommend Guardium v10.0p600 or later.

Notes

Version	Notes
12.x	None.
11.x	For customers who use VA to scan for DB2 LUW CVE: It is important that you upgrade to v11p208. The new DB2 LUW CVE from Q3 2020 DPS and going forward will use new CVE metadata that support the recognition of DB2 LUW special build along with the support for DB2 11.5 modpack and fixpack patches. For these new CVE tests to work properly against your DB2 LUW database, it is very important that your Guardium appliance be upgraded to the specific patch to handle these enhancements. You can apply the Guardium patch before or after the Q3 2020 DPS upload. However, to have the new DB2 LUW CVE tests working properly, both the Q3 2020 DPS and the Guardium patch requirement must be met. For DB2 LUW CVE, once you've applied the 2020 Q3 DPS and your Guardium appliance is properly patched, then all you need to run in your assessments are these new CVEs (CVE-2020-4355, CVE-2020-4363, CVE-2020-4386, CVE-2020-4387, CVE-2020-4414, CVE-2020-4420) Doing so, will ensure your DB2 is patched to the latest fixpack and special build for all DB2 supported releases. DB2 9.7 - 11.5. Going forward for DB2 LUW CVE tests scan, you will only need to scan for Test ID of >= 8929. Do not execute older DB2 LUW CVE tests as they don't support detection of DB2 special build.
10.x	For customers who use VA to scan for DB2 LUW CVE: It is important that you upgrade to v10p653. The new DB2 LUW CVE from Q3 2020 DPS and going forward will use new CVE metadata that support the recognition of DB2 LUW special build along with the support for DB2 11.5 modpack and fixpack patches. For these new CVE tests to work properly against your DB2 LUW database, it is very important that your Guardium appliance be upgraded to the specific patch to handle these enhancements. You can apply the Guardium patch before or after the Q3 2020 DPS upload. However, to have the new DB2 LUW CVE tests working properly, both the Q3 2020 DPS and the Guardium patch requirement must be met. For DB2 LUW CVE, once you've applied the Q3 2020 DPS and your Guardium appliance is properly patched, then all you need to run in your assessments are these new CVEs (CVE-2020-4355, CVE-2020-4363, CVE-2020-4386, CVE-2020-4387, CVE-2020-4414, CVE-2020-4420) Doing so, will ensure your DB2 is patched to the latest fixpack and special build for all DB2 supported releases. DB2 9.7 - 11.5. Going forward for DB2 LUW CVE tests scan, you will only need to scan for Test ID of >= 8929. Do not execute older DB2 LUW CVE tests as they don't support detection of DB2 special build.

DPS files

Version	Filename and MD5SUM
12.x	Filename: Guardium_V12_Quarterly_DPS_2024_Q2_20240515.enc MD5SUM: 1751900965fd79d40916aa04794ad955
11.x	Filename: Guardium_V11_Quarterly_DPS_2024_Q2_20240515.enc MD5SUM: b4036ea24258bf738a2834e05030e439
10.x	Filename: Guardium_V10_Quarterly_DPS_2024_Q2_20240515.enc MD5SUM: 74a1d0c4bc1e50fb619d1ff552813b70

Updated database vendor version + patches

Version 12.x	Version 11.x	Version 10.x
MS Sql Server Database 16.0+4120 15.0+4365 MySql Database 8.4+0* 8.0+37* Oracle Database 21+RU 21.14.0.0.240416 19+RU 19.23.0.0.240416 Teradata PDE 17.20.03+25 Teradata TDBMS 17.20.03+25 Teradata TDGSS 17.20.03+25 Teradata TGTW 17.20.03+25 Postgres 12.18+0* 13.14+0* 14.11+0* 15.6+0* 16.2+0* SybaseIQ Database 16.1+sp05.12 MongoDB Database 4.4+29 5.0+26 6.0+15 7.0+8 SAP Hana Database 2.00+77 Cloudera Hadoop 7.1+9.p7 DataStax Cassandra DSE 5.1+43 6.8+46 Couchbase 7.6+1 7.2+4 Neo4j 4.4+32 5.17+0 5.18+1 5.19+0 MariaDB 11.4+1 11.3+2 11.2+3 11.1+4 11.0+5 10.11+7 10.6+17 Percona MySQL 8.0+36 Apache Cassandra 4.1+4 3.11+17 EDB Postgres 14.11+0* 15.6+0* 16.2+0*	MS Sql Server Database 16.0+4120 15.0+4365 MySql Database 8.4+0* 8.0+37* Oracle Database 21+RU 21.14.0.0.240416 19+RU 19.23.0.0.240416 Teradata PDE 17.20.03+25 Teradata TDBMS 17.20.03+25 Teradata TDGSS 17.20.03+25 Teradata TGTW 17.20.03+25 Postgres 12.18+0* 13.14+0* 14.11+0* 15.6+0* 16.2+0* SybaseIQ Database 16.1+sp05.12 MongoDB Database 4.4+29 5.0+26 6.0+15 7.0+8 SAP Hana Database 2.00+77 Cloudera Hadoop 7.1+9.p7 DataStax Cassandra DSE 5.1+43 6.8+46 Couchbase 7.6+1 7.2+4 Neo4j 4.4+32 5.17+0 5.18+1 5.19+0 MariaDB 11.4+1 11.3+2 11.2+3 11.1+4 11.0+5 10.11+7 10.6+17 Percona MySQL 8.0+36 Apache Cassandra 4.1+4 3.11+17	MS Sql Server Database 16.0+4120 15.0+4365 MySql Database 8.4+0* 8.0+37* Teradata PDE 17.20.03+25 Teradata TDBMS 17.20.03+25 Teradata TDGSS 17.20.03+25 Teradata TGTW 17.20.03+25 Postgres 12.18+0* 13.14+0* 14.11+0* 15.6+0* 16.2+0* SybaseIQ Database 16.1+sp05.12 MongoDB Database 4.4+29 5.0+26 6.0+15 7.0+8 SAP Hana Database 2.00+77 Cloudera Hadoop 7.1+9.p7

VA test enhancements

Versions	Test ID	Description	Database type	What changed?
12.x, 11.x, 10.x	2163	z/OS Restrict system privilege - STOSPACEAUTH	Db2 z/OS	changed short_desc and severity

New VA tests

Versions	Test ID	Description	Database type
12.x, 11.x, 10.x	4209	Ensure MUST_CHANGE Option is set to ON for All SQL Authenticated Logins	MS SQL SERVER

Updated groups

Versions	ID	Name type	New or updated items	What changed?
12.x, 11.x, 10.x	--	--	--	--

Common vulnerabilities and exposures

Versions	Test name	Database type
12.x, 11.x, 10.x	CVE-2024-20972	MYSQL
12.x, 11.x, 10.x	CVE-2024-20974	MYSQL
12.x, 11.x, 10.x	CVE-2024-20976	MYSQL
12.x, 11.x, 10.x	CVE-2024-20978	MYSQL
12.x, 11.x, 10.x	SIA-MVS-2024.04-22	IBM DB2 Z/OS
12.x, 11.x, 10.x	SIA-MVS-2024.02-25	IBM DB2 Z/OS
12.x, 11.x, 10.x	SIA-MVS-2024.02-21	IBM DB2 Z/OS
12.x, 11.x, 10.x	SE81036	IBM iSeries
12.x, 11.x, 10.x	SE80803	IBM iSeries
12.x, 11.x, 10.x	SE81033	IBM iSeries
12.x, 11.x, 10.x	SE81071	IBM iSeries
12.x, 11.x, 10.x	SE81133	IBM iSeries
12.x, 11.x, 10.x	SE81092	IBM iSeries
12.x, 11.x, 10.x	SE81094	IBM iSeries
12.x, 11.x, 10.x	SE81099	IBM iSeries
12.x, 11.x, 10.x	SE81100	IBM iSeries
12.x, 11.x, 10.x	SE81101	IBM iSeries
12.x, 11.x, 10.x	SE81102	IBM iSeries
12.x, 11.x, 10.x	SE81103	IBM iSeries
12.x, 11.x, 10.x	SE81108	IBM iSeries
12.x, 11.x, 10.x	SE81109	IBM iSeries
12.x, 11.x, 10.x	SE81077	IBM iSeries
12.x, 11.x, 10.x	SE81081	IBM iSeries
12.x, 11.x, 10.x	SE81105	IBM iSeries
12.x, 11.x, 10.x	SE81106	IBM iSeries
12.x, 11.x, 10.x	SE81229	IBM iSeries

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

Release of Guardium Data Protection DPS update for versions 12.x, 11.x, and 10.x (May 2024, Q2)

Release Notes

Abstract

Content

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?