In association with heise online

10 May 2007, 12:31

Updates for IBM's DB2 and WebSphere

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IBM has released an update for the DB2 database which closes a security hole in the DB2JDS service, through which attackers can execute malicious code on affected systems via the Net. IBM does not mention any details in their security report, however they disclose that an attacker is able to exploit the hole by sending crafted data. Those who are unable to install the update should limit access to the DB2JDS service to trustworthy computers only.

A vulnerability in the Java Message Service (JMS) in IBM's WebSphere application server might also be exploited to cause a denial-of-service attack or to execute injected program code. The vulnerability is attributed to a "double-free", where the software tries to deallocate a previously freed memory reference for the second time. The Fix Pack 19 ( closes this hole and fixes numerous additional problems. IBM doesn't disclose any specific details here either.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit