DBA Place is pleased to announce that syndication is now available. Now you can stay up to date on the latest DBA News and more by adding DBA Place news directly on your favorite homepage! DBA Place syndication is available at the bottom left of all news pages, simply click the service you use as your homepage from the list and get updates on DBA News right on your homepage. Our syndication works with Google, Yahoo, Technorati, Bloglines, Newsgator, Pluck, Windows Live, MSN and AOL.

Error description
This APAR completes APAR IY86917.

A malicious CONNECT data stream sent to a DB2 server from V7 client may cause instance crash, resulting in a denial of service.

The vulnerability is caused due to a NULL pointer dereference error within “sqle_db2ra_as_recvrequest” and can be exploited to crash the DB2 instance via a specially crafted SQLJRA packet.

Local fix
Disable or restrict remote access to the database server. Disable the DB2 TCP/IP listener if not required (set SVCENAME to NULL in the database manager configuration), or use a firewall to restrict connections to the DB2 TCP/IP listener port.

[More information]