Scribd Logo
Upload

Welcome to Scribd!

  • Guardium v11 0 p270 Patch Release Notes

    Uploaded by

    Christian José Castillo Valarezo
    10 views4 pages

    Original Title

    Guardium_v11_0_p270_patch_release_notes

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views4 pages

    Guardium v11 0 p270 Patch Release Notes

    Uploaded by

    Christian José Castillo Valarezo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    IBM Security Guardium Patch Release Notes

    Product: IBM Security Guardium


    Release/ Version Guardium patch 11.0p270
    Name of file: SqlGuard-11.0p270_Bundle_Feb_24_2022.tgz.enc.sig
    MD5SUM 57ffe76477883b2749af50271b6f12c3
    Release 4 March 2022

    Patch description:
    11.0p270 is an appliance bundle that includes a fix for Log4j 2.17.1 in the UI components of the
    Guardium system. To resolve Log4j 2.17.1 in the IBM Spectrum Protect (TSM) client, you must also
    download and install patch 11.0p1013 by using the following link: patch 11.0p1013

    Prerequisites:
    • Guardium 11.0p200. See release notes for patch v11.0p200.
    • The latest health check patch 11.0p9997
    Notes:
    • This patch restarts the Guardium system.
    • Install this patch on all appliances in a top-down manner, starting with the Central Manager, then
    Aggregators, and then the Collectors.
    • Install this patch during the "quiet" time on the appliance.
    • If the downloaded package is in .ZIP format, customers are required to extract it outside
    Guardium appliance before uploading/ installing it.

    Finding the Patch


    This document is intended to provide a reference to the contents of this patch. If applicable, the detailed
    description of each fix and instructions for applying this patch are contained within the download package
    available at the IBM Fix Central website at http://www.ibm.com/support/fixcentral/.
    Make the following selections on Fix Central:
    • Product selector: IBM Security Guardium
    • Installed Version: 11.0
    • Platform: UNIX/Linux/Windows
    • Click "Continue", then select "Browse for fixes" and click "Continue" again.
    • Select "Appliance Patch (GPU and ad hoc)"

    For information on Guardium patch types and naming convention, see:


    https://www.ibm.com/support/pages/node/6195371

    1
    Bug Fixes

    Patch Issue key Summary APAR


    11.0p264 Link to patch 11.0p264 on IBM Fix Central
    11.0p265 Link to patch 11.0p265 on IBM Fix Central (Resolves CVE-2021-
    45046 and CVE-2021-45105 for Log4j 2.17 in the Guardium
    system. To resolve Log4j 2.17 in the IBM Spectrum Protect (TSM)
    client, you must also download and install patch 11.0p1013 by using
    the following link: patch 11.0p1013)
    11.0p270 GRD-58872 Cloud collector caches data source IP address, connection times out GA17870
    GRD-57443 Errors during TSM config file import GA17872
    GRD-57314 Collectors are filling /opt/IBM/Guardium/tomcat/dump/directory GA17873
    disabling appliance.
    GRD-57136 Adhoc Patch SqlGuard-11.0p261.tgz.enc.sig || Deployment Health GA17853
    Topology feature not working after patching
    GRD-56572 SFTP mode not preserved after system reboot GA17804
    GRD-56339 Flatten Hierarchical Groups not working GA17802
    GRD-55963 Vulnerability detected, TLS v1.0 allowed in port16019 GA17863
    GRD-55501 Error while resetting MU CLI password on central manager GA17782
    GRD-54641 Qualys Scan Vulnerability || Port 8447 and Port 16019 || After Patch GA17768
    315 and 320
    GRD-51707 Intermittent false negatives with CM Deployment Health Table S- GA17771
    TAPs Connectivity Status
    GRD-49718 Improvement on ELB's effort to remove leftover STAP. GA17669
    GRD-49546 CrowdStrike and BlueFringe setup on Guardium Cloud Appliance GA17664
    GRD-49265 Compliance Monitoring Dashboard errors after changing smart GA17548
    policies
    GRD-46628 Alerter keeps sending emails for the same alert event every minute GA17553

    Known Limitation

    Issue key Description


    GRD-59181 First generation data marts (version 2 and earlier) are not supported.
    Workaround: Upgrade to Guardium Data Protection 11.3 or later.

    2
    Security Fixes

    Issue key Summary CVEs


    GRD-59223 PSIRT: PVR0312402 - log4j1 vulnerability CVE-2021-4104
    (CVE-2021-4104) - Kafka
    GRD-58914 PSIRT: PVR0312402 - log4j1 vulnerability CVE-2021-4104
    (CVE-2021-4104) - Solr
    GRD-58676 PSIRT: PVR0312402 - log4j1 vulnerability CVE-2021-4104
    (CVE-2021-4104) - Outliers
    GRD-57797 log4j upgrade to version 2.17.1 needed for IBM CVE-2021-45105
    Spectrum Protect Client (TSM)
    CVE-2021-45046
    GRD-57736 PSIRT: PVR0316546 - PEN-TEST: Using CVE-2016-5397, CVE-2018-11798,
    components with known vulnerabilities in IBM CVE-2018-1320, CVE-2019-0205,
    Security Guardium - libfb303 CVE-2019-0210, CVE-2020-13949
    GRD-56308 PSIRT: PVR0299905 - [All] Oracle MySQL CVE-2021-35608, CVE-2021-35637,
    (Publicly disclosed vulnerability) - Oct 2021 CPU CVE-2021-35594, CVE-2021-35591,
    CVE-2021-35593, CVE-2021-35638,
    CVE-2021-35584, CVE-2021-35648,
    CVE-2021-35640, CVE-2021-35624,
    CVE-2021-2481, CVE-2021-35642,
    CVE-2021-35645, CVE-2021-35639,
    CVE-2021-35597, CVE-2021-35613,
    CVE-2021-35631, CVE-2021-2479,
    CVE-2021-35546, CVE-2021-35625,
    CVE-2021-35635, CVE-2021-35636,
    CVE-2021-35627, CVE-2021-35628,
    CVE-2021-2471, CVE-2021-35626,
    CVE-2021-35592, CVE-2021-35629,
    CVE-2021-35583, CVE-2021-35598,
    CVE-2021-35575, CVE-2021-35596,
    CVE-2021-35646, CVE-2021-35630,
    CVE-2021-35618, CVE-2021-2478,
    CVE-2021-35647, CVE-2021-35634,
    CVE-2021-35602, CVE-2021-35643,
    CVE-2021-35644, CVE-2021-35610,
    CVE-2021-35623, CVE-2021-35621,
    CVE-2021-35537, CVE-2021-35633,
    CVE-2021-35604, CVE-2021-35612,
    CVE-2021-35590, CVE-2021-35577,
    CVE-2021-35607
    GRD-56067 PSIRT: PVR0259518 - [All] OpenSSL (Publicly CVE-2021-23840
    disclosed vulnerability)
    CVE-2021-23841

    3
    GRD-55658 PSIRT: PVR0295278 - Kafka - CVE-2021-38153 CVE-2021-38153
    (Publicly disclosed vulnerability)
    GRD-54707 PSIRT: PVR0308399 - IBM SDK, Java CVE-2021-2388
    Technology Edition Quarterly CPU - Oct 2021 -
    Includes Oracle Oct 2021 CPU CVE-2021-2369
    CVE-2021-2432
    CVE-2021-2341
    CVE-2021-35560
    CVE-2021-35586
    CVE-2021-35578
    CVE-2021-35564
    CVE-2021-35559
    CVE-2021-35556
    CVE-2021-35565
    CVE-2021-35588
    CVE-2021-41035
    GRD-48544 PSIRT: 254743 - SE - Pen Test 2020 - CVE-2021-20377
    Application Error in IBM Security Guardium

    IBM Guardium Version 11.0 Licensed Materials - Property of IBM. © Copyright IBM Corp. 2002, 2022. US Government Users
    Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

    IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of International Business Machines Corp., registered in
    many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of
    IBM trademarks are available on the web at “Copyright and trademark information” (www.ibm.com/legal/copytrade.shtml)

    You might also like