CVE-2014-6159

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.7 before FP10 IBM DB2 versions 9.8 through FP5 IBM DB2 versions 10.1 through FT4 IBM DB2 versions 10.5 through FP4

Description The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash, by sending a crafted ALTER TABLE statement when immediate AUTO REVAL is enabled.

Recommendations For IBM DB2 version 9.7 before FP10, update to FP10 or later to resolve the issue. For IBM DB2 versions 9.8 through FP5, update to FP6 or later to resolve the issue. For IBM DB2 versions 10.1 through FT4, update to FT5 or later to resolve the issue. For IBM DB2 versions 10.5 through FP4, update to FP5 or later to resolve the issue. As a temporary workaround, consider disabling the immediate AUTO REVAL feature until a patch is available.