Release Notes ================ IBM Security Guardium. Version Guardium GPU v9.5 (v9.0 patch 700) Fix Completion Date:

Release Notes ================ Product: IBM Security Guardium Release: v9.0/9.5 Version Guardium GPU v9.5 (v9.0 patch 700) Fix Completion Date: ...
Author: Antony Goodman
7 downloads 1 Views 825KB Size
Release Notes ================ Product:

IBM Security Guardium

Release:

v9.0/9.5

Version

Guardium GPU v9.5 (v9.0 patch 700)

Fix Completion Date:

2016-09-08

Description:

Guardium GPU v9.5 (v9.0 patch 700)

Finding the Fix/Patch ============================= This document is intended to provide a reference to the contents of this fix/patch. If applicable, the detailed description of each fix and instructions for applying this fix/patch are contained within the download package. The actual package is available for downloading from the IBM Fix Central web site at http://www.ibm.com/support/fixcentral/

Make the following selections on Fix Central: Product Group:

Security Systems

Product:

Guardium

Installed Version:

9.0/9.5

Platform:

Linux

Heading:

Appliance Patch (GPU and Ad-hoc)

Click "Continue", then select "Browse for fixes" and click "Continue" again.

=============================

1 Guardium v9.0/9.5 patch 700 release notes

Version 9.5 (GPU v9.0 patch 700) Release Notes Installation choices/upgrade/new installation To upload this patch, use the CLI command, fileserver In a slow network scenario, Guardium recommends the use of another CLI command, store system patch install scp. However, be mindful that using the CLI command, store system patch install scp, requires staging the patch on an FTP server. Note: The language pack is separate from GPU patch 700.

V9.0 patch 700 (August 2016) supersedes V9.0 patch 600 (October 2015). Notes: 1. V9.0 patch 700 is available as a 32-bit and 64-bit patch from Fix Central. 2. The GPU installer will automatically perform a reboot after successful installation of the patch.

Upgrade existing Guardium systems to version 9.0, patch 700 from any V9 release. Upgrade IBM Guardium appliances in following required top-down order: 1. Central Manager 2. Aggregator 3. Collector 4. GIM agent 5. S-TAP agent Please make sure that each step in the sequence above successfully completed before proceeding to the next step. The upgrade process usually cannot be done simultaneously on all appliances (Central Manager, Aggregator, Collector and Managed Units) and all S-TAPs at the same time. During the upgrade transition, the customer will have a hybrid version of different v9.x Guardium systems. While this "hybrid mode" is supported by Guardium, many functions are limited until all components are at the same version (See the Known Limitations section in this document). Therefore, it is strongly recommended to complete the upgrade in a timely manner and have all Guardium components at the same version and the same patch level.

2 Guardium v9.0/9.5 patch 700 release notes

Choose the correct upgrade scenario: 

Upgrade an existing 32-bit Guardium system: download the 32-bit GPU p700 patch from Fix Central and apply it. Refer to the Upgrading section of the Guardium 9.5 Knowledge Center at http://www01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.nex.igsec.doc/g95_welcome .html



Upgrade an existing 32-bit Guardium system to a 64-bit Guardium system: (1) run system backup; (2) rebuild using the latest v9.5 64-bit .ISO image; (3) apply the GPU p700 64-bit patch; and, (4) restore backup. Refer to the Upgrading section of the Guardium 9.5 Knowledge Center at http://www01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.nex.igsec.doc/g95_welcome .html



Install a new 32-bit Guardium system: download the 32-bit image from Passport Advantage. The file includes the 32-bit V9.0 image and patch 700. Install the image on the 32-bit hardware and then apply patch 700. Refer to the Installing and Upgrading section of the Guardium 9.0 Knowledge Center at http://www01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.nex.igsec.doc/g95_welcome .html



Install a new 64-bit Guardium system: download the latest v9.5 64-bit image from Passport Advantage, the latest GPU p700 patch from FixCentral, and apply GPU p700 patch. . The image contains the 64-bit V9.5 product. Install the .iso image on the 64-bit hardware. Refer to the Installing section of the Guardium 9.0 Knowledge Center at http://www01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.nex.igsec.doc/g95_welcome .html

Health check patch dependency Health check patch 9997 must be installed before installing the v9.0 patch 700 (32-bit or 64bit). The upgrade patch will not install without FIRST installing the Health Check patch. The name of this file is SqlGuard-9.0p9997.tgz.enc. Use the latest version of health check patch at least August 11, 2016 or newer. Note: Health check patch 9997 installed for a earlier GPU (for example, v9.0/9.5 GPU patch 500) needs to be installed again for v9.0/9.5 GPU patch 700 (make sure to download and 3 Guardium v9.0/9.5 patch 700 release notes

install the latest version of Health check patch 9997 prior to running GPU patch). Use the latest version of health check patch - at least August 11, 2016 or newer. For further information on health check patch 9997, refer to http://www-01.ibm.com/support/docview.wss?uid=swg21650612

Central Manager and SSLv3 behavior with v9.5 (patch 700) Guardium and SSLv3 protocol vulnerability POODLE ("Padding Oracle On Downgraded Legacy Encryption") is a SSLv3 protocol vulnerability. It allows attackers to downgrade SSL/TLS protocol to version SSLv3, and then break the cryptographic security (for example, decrypt the traffic, hijack sessions, etc.) The vulnerability is detailed in Java Advisory 2311 and Oct 2014 CPU for Java including CVE2014-3566, SSLv3 POODLE Attack. Vulnerable Guardium products: GPU versions prior to 9.0p500, 32-bit and 64-bit (for example, GPU p300, 32-bit and 64-bit or without p9501/p9502.) Vulnerable components: RedHat OpenSSL library, Java 6, Tomcat Server configuration

If conditions Upgrade GPU Upgrade managed units (MU)

SSLv3 disabled

Upgrade Central Manager (CM)

If SSLv3 enabled, keep enabled If SSLv3 disabled, keep disabled

.ISO installation, with the unit type of Manager Managed units

SSLv3 disabled

Central Manager

SSLv3 enabled

Backup Central Manager

If SSLv3 enabled, keep enabled If SSLv3 disabled, keep disabled

Notes: 1. Guardium recommends that SSLv3 be disabled.

4 Guardium v9.0/9.5 patch 700 release notes

2. However, in dealing with older versions that do not have patch 700 installed, if SSLv3 is disabled, the Central Management functionality will be impaired between the Central Manager and the managed units. 3. To ensure connectivity and limited downtime, the actions listed above will enable SSLv3. Recommendation - After all systems are patched to v9.0 patch 700, then run the CLI command, store sslv3 off 4. To see if SSLv3 is enabled, run the CLI command, show sslv3. 5. When switching from backup Central Manager to primary Central Manager, SSLv3 will be enabled from the source.

The following screenshot displays a system message on SSLv3 enabled or disabled.

5 Guardium v9.0/9.5 patch 700 release notes

Security updates since v9.0/9.5 GPU p600 (October 2015) Patch name

bug #

Popular name

6017

50069, 50431, 50579, 51128

Security update

6019

50984, 51585, 51593, 52329

Security update

6020

51781

Security update

6 Guardium v9.0/9.5 patch 700 release notes

Guardium Patch Update (GPU) 9.0 p700 patches/ bugs fixed Appliance Patch (Fixcentral heading) Includes 45 patches since GPU p600 (October 2015): 367, 554, 368, 369, 555, 556, 557, 1083, 558, 370, 1084, 371, 559, 560, 561, 562, 601, 602, 372, 603, 373, 563, 604, 605, 606, 564, 565, 566, 374, 607, 567, 375, 608, 376, 609, 568, 610, 1085, 611, 612, 613, 614, 615, 616, 617

Includes 3 CVEs since GPU p600 (October 2015): 6017, 6019, 6020 (see table on previous page)

Includes 15 Sniffer Updates since GPU p600 (October 2015): 4050 to 4066 (see separate Sniffer Update table after patch table)

Fix #

Ad-hoc patch#

Guardium Bug#

APAR

Description of Fix

1.

367

49895

GA15617

Export/import excluding group members not working as expected

2.

554

49859

Flat Log Requests column not in built-in Buffer Usage Report under Guardium Monitor

3.

368

48980

Invalid Query error when using Custom table joins on Dataset fields

4.

369

42763

5.

555

47049

6.

556

49979

7.

557

42763

8.

1083

49983

9.

558

49867

IT11868

Fix error when configuring value change auditing

10.

370

49561

GA15628

Add details on activity in User Activity Audit report

11.

1084

GA15638

Correct instructions for SAP Application User Translation Turn off scheduling on predefined distributed reports

GA15565

Fix invalid query when trying to create custom domain with double left outer join

GA15638

Correct instructions for SAP Application User Translation Purge Sniffer Buffer table

Language update for v9.0 GPU 600

7 Guardium v9.0/9.5 patch 700 release notes

Fix #

Ad-hoc patch#

Guardium Bug#

12.

371

50227

Invoke optimization of DATAMART database during midnight purge

13.

559

50227

Invoke optimization of DATAMART database during midnight purge

14.

560

50262

15.

561

50019

16.

562

42763

17.

601

50501

Fix importing Classifier Processes missing Classifier Policies

18.

602

49620

Fix export/import definitions of distributed reports

19.

372

50029

20.

603

50259, 50322

21.

373

40575

22.

563

50498

23.

604

49156

24.

605

50888

25.

606

26.

APAR

GA15702

Description of Fix

Saving OR LIKE GROUP condition for Object requires an Object attribute for Field Audit process does not complete execution on aggregator

GA15638

GA15849

Correct instructions for SAP Application User Translation

UID Chain Scheduled Job Exception 50259 - Add group export to the generic CSV export 50302 - Fix purging logic Add report parameter 'REMOTE_SOURCE' for Restful grdapi online_report

GA15659

Fix how to export the PDF defined in the Audit Task using grdapi

GA15599

Fix Enterprise Alerts running on Managed Units

GA15657

Fix Send Verdict Analyzer Rule only Accepting Integer Patterns

50861

GA15676

Fix grdapi command to add computed attribute

564

50679

GA15699

Fix syslog file being truncated

27.

565

50857

28.

566

49880

29.

374

Fix mapping of Computed Attributes in Entitlement related custom tables GA15640

50066

30.

607

50966, 50975, 51058, 51069,

Fix drill down error for quick search outliers Fix instance of Central Manager Unit Utilization not reporting the same diagnostics as the collectors

50966 - Generic CSV export: Access Log, Outliers List and Summary datamarts has to be TIMESTAMP sensitive 50975 - Fail to purge datamart's extraction file when the file fails to be transferred

8 Guardium v9.0/9.5 patch 700 release notes

Fix #

Ad-hoc patch#

Guardium Bug#

APAR

51082, 51086, 51109

Description of Fix

51058 - Generic CSV export: remove Original Timezone from Sessions and Full Sql datamarts 51069 - Generic CSV export: in some cases it uses FTP transfer method when SCP is set 51082 = Generic CSV export: Add Copy File Info and Timestamp to the Extraction Log 51086 - Generic CSV export: Add predefined Export: Buff Usage Monitor datamart 51109 - Generic CSV export: Destination host validation

31.

567

32.

375

33.

608

GA15699 50679, 50716

50612

50679 - Fix syslog file is being truncated GA15699 50716 - Fix Audit Process writing to External Feed taking 7 to 12 hours to complete

GA15683

Fix CLI log on access not appearing on LAST ACTIVITY column of customer's custom report 40575 - Report parameter 'REMOTE_SOURCE' is not supported for restful grdapi online_report

40575, 49156, 49895, 50716, 51308, 51332, 51621, 51342, 51565, 50259, 50302, 50966, 50975, 51058, 51069, 51082, 51086, 51109, 51873, 51928

GA15599

49156 - Enterprise Alerts running on Managed Unit GA15599

GA15617

49895 - Export/import excluding group members not working as expected GA15617 50259 - Add group export to the generic CSV export 50302 - Correct purging logic

GA15686

50716 - Audit Process writing to External Feed takes 7 to 12 hours to complete, when run locally it completes within 10 minutes GA15686 50966 - Generic CSV export: Access Log, Outliers List and Summary datamarts has to be TIMESTAMP sensitive 50975 - Fail to purge datamart's extraction file when the file fails to be transferred 51058 - Generic CSV export: remove Original Timezone from Sessions and Full Sql datamarts 51069 - Generic CSV export: in some cases it uses FTP transfer method when SCP is set 51082 - Generic CSV export: Add Copy File Info and Timestamp to the Extraction Log

9 Guardium v9.0/9.5 patch 700 release notes

Fix #

Ad-hoc patch#

Guardium Bug#

APAR

Description of Fix

51086 - Generic CSV export: Add predefined Export: Buff Usage Monitor datamart 51109 - Generic CSV export: Destination host validation 51308 - Invalid query when using IN PERIOD condition IT14074

51332 - Managed Unit cannot connect to the new Primary Central Manager IT14074 51342 - Generic CSV export: Add predefined Export: VA Results 51565 - Generic CSV export: Date Time part of the file name must be in UTC 51621 - Add unix_domain_socket_marker to inspection engine section to GUI 51873 - Files can be purged if a data had been extracted (DM_EXTRACTION_LOG.RECORDS_EXTRACTED>0), but doesn't cleanup if no data extracted and only COMPLETE file is created 51928 - Predefined Datamart extraction doesn't work on 32 bits because of MySQL syntax error

34.

376

35.

609

Add unix_domain_socket_marker to inspection engine section to GUI

51621

50451 - STAP tracking within custom domain - not able to join entities 50857 - Correct mapping of Computed Attributes in Entitlement related custom tables 50451, 50857, 50868, 50888, 51262, 51801, 51942, 51949, 52065, 52237

GA15658 GA15657

50868 - AA Report Field not accessible by non-admin account GA15658 50888 - "Send Verdict" Analyzer Rule only Accepts Integer Patterns GA15657 51262 - Global Profile cannot be shown in V9.5 GPU600 with 1084

GA15742

51801 - rsyslogd dropping messages from real-time alerts GA15742 51942 - Uploaded modules are not displayed on GUI when search by client.

GA15700

51949 - Outlier OutOfMemoryError javacores GA15700

10 Guardium v9.0/9.5 patch 700 release notes

Fix #

Ad-hoc patch#

Guardium Bug#

APAR

Description of Fix

IT14376

52065 - Correct GUI for Japanese after P608 installed IT14376 52237 - Uploaded modules are not displayed on GUI when search by client.

36.

568

37.

610

52245

51126, 52437, 52801, 52957, 53002, 53587

GA15731

Fix how to get Audit Process Log data using RestAPI

GA15816

51126 - Central Manager Enterprise STAP Verification report is empty GA15816

GA15778

52437 - OUTLIER dump files in /VAR/LOG/TMP/TOMCAT GA15778

GA15777

52801 - Distributed reports running for long time after GPU600 upgrade leads to high CPU usage on Central Manager GA15777

GA15782

52957 - STAP config is not updatable from GUI for Windows S-TAPs GA15782 53002 - Oracle CVE and Patch mechanism enhancement for >= Oracle 12.1.0.2.0 53587 - Inconsistent group write permissions on /var/log/guard

38.

1085

51871

39.

611

53002

40.

612

41.

GA15783

Oracle CVE and Patch mechanism enhancement for >= Oracle 12.1.0.2.0 45857 - Add "STAP ID" to the captured data

45857, 50541

50451 - STAP tracking within custom domain - not able to join entities 45857 - Add "STAP ID" to the captured data

613 GA15731 45857, 53002, 52245, 53783

42.

614

43.

615

Stop system fails to shutdown Guardium properly

53757

52245 - How to get Audit Process Log data using restAPI. GA15731 53002 - Oracle CVE and Patch mechanism enhancement for >= Oracle 12.1.0.2.0

GA15784

53783 - Parser error TDS_MS-current:1:16342: unexpected end of file GA15784

GA15844

Fix report on GDM_ERROR

GA15832

Motherboard was replaced then got error "eth: is not ready failed; no link present. Check cable?" for eth0 and eth2

51732

11 Guardium v9.0/9.5 patch 700 release notes

Fix #

Ad-hoc patch#

Guardium Bug#

APAR

Description of Fix

44.

616

50029

GA15849

UID Chain Scheduled Job Exception

45.

617

50066 - Central Manager Unit Utilization is not reporting the same diagnostics as the collectors. 50066, 51732, 53757, 53767, 53779, 54380

GA15832

51732 - Motherboard was replaced then got error "eth: is not ready failed; no link present. Check cable?" for eth0 and eth2 GA15832

GA15844

53757 - Fix report on GDM_ERROR GA15844

GA15823

53767 - Backup space requirement is incorrect GA15823 53779 - Analyzer Rule to mask passwords in UID Chain 54380 - v9p611 was shipped but did not include gdmmonitor-ora.sql and gdmmonitor-ora-container.sql

12 Guardium v9.0/9.5 patch 700 release notes

Sniffer Updates since GPU p600 Sniffer Updates since GPU p600 (October 2015): 4050 to 4066

1.

2.

Sniffer update

Guardium Bug #

4050

50585/ 50452

Regression Issues in Logger code failing to log exceptions and SQL Objects.

50360

Big5 Characters incorrectly logged as Server Hostname and Client Hostname when using legacy GWMQ client for SQL Server.

36975

MongoDB traffic does not support GuardAppEvents.

45489

The Alias cannot show in the reports for App User translation results of EBS Oracle.

49655

Logger cannot create trigger statements without parser error.

50290

Oracle DEBUG support: some Oracle DEBUG commands get parser error and only full_sql=oradebug.

50387

Use 64-bit key sent by UNIX STAP for session management.

50401

Add possibility to use different Regex libraries in logger rules.

50402

After failover SENDER_IP in GDM_SESSION is logged as 255.255.255.255

50630

Cannot update any S-TAP parameter from GUI with patch 600 32-bit.

4051

49724

APAR

GA07508

Description

Fix instance of Teradata statements and viewpoint user not collected on Guardium application.

50469

Improve code for iSeries.

50483

Fix instance of Named function getting a parser error.

13 Guardium v9.0/9.5 patch 700 release notes

Sniffer update

Guardium Bug #

APAR

Description

50624

GA15649

Fix wrong value for Records Affected (shows RA=786444, must be much smaller).

50641 50676

3.

4.

4052

4053

Add support for PCRE library for logger rules. GA15648

Fix Sniffer in conflict with v9.0/9.5 GPU p600.

50744

Fix GPB message without original SQL not logged.

50835

Fix Sniffer patch 4050 installation not successful on Central Manager.

46679

GA15502

Increase of RA=-1 with Informix traffic.

50469

Improve code for iSeries.

50528

Parse MEMSQL queries.

50749

Fix SGATE TERMINATE not firing f MS-SSQL SERVER Linked Server with openquery is within a batch of SQLs executed.

50774

GA15656

Fix SGATE attach not triggered on login packet.

48898

GA15558

Reports showing full SQL show "RAW" in report

49724

GA07508

Teradata statements and viewpoint user not collected on Guardium.

50413

GA15677

Occasional Empty DB User for MySQL traffic in Linux

50774

GA15656

SGATE attach not triggered on login packet

50954

Unexpected Application User name is set for PeopleSoft

51032

Difference between SQL and Full SQL for z/OS traffic

14 Guardium v9.0/9.5 patch 700 release notes

Sniffer update

5.

4054

Guardium Bug #

APAR

Description

51146

GA15679

SQL Developer source program is translated to "JDBC THIN CLIENT"

51234

In v9.0 p4053_r83763, "select *" statements get wrong RA (gdm_construct_text & instance)

44657

CIFS/SMB traffic is not logged

50749

GA15669

SGATE TERMINATE does not fire if MS SQL SERVER Linked Server with Open query is within a batch of SQLs executed

50973

GA15678

EXCEPTION from parse on "use Database" command

51147 6.

7.

4055

4056

High number of sniffer restarts

50749

GA15669

SGATE TERMINATE does not fire if MS SQLSERVER Linked Server with Open query is within a batch of SQLs executed

50973

GA15678

EXCEPTION from parse on "use Database" command

51147

Fix high number of sniffer restarts

51330

Fix Teradata parser.

51439

Traffic collection stops, Sniffer stops matching any rules

51449

Sniffer is running out of memory, and stops with "Attempt to free invalid pointer" error

51573

Fix instance of sub-query be parsed two times

51791

Sybase bind variables, add Correction for nullable data types.

51626

Remove command in Mongo 3.2 not logged in Guardium.

51162

Combine DDL alters to speed up patch installation

15 Guardium v9.0/9.5 patch 700 release notes

Sniffer update

Guardium Bug #

APAR

Description

(collectors) 51439

8.

4057

9.

4058

10.

4059

GA15698

Traffic collection stops, sniffer stops matching any rules

51500

MySQL prepared statements

51745

Unplanned characters appearing on Report for DB username (ATAP enabled) for Windows

51975

Linefeed code is inserted in GDM_CONSTRUCT.ORIGINAL_SQL when multiple SQL statements are executed in MSSQL

52037

v9 packet_run does not process SLON correctly with Oracle 12 traffic

52074

Use odp.net connect to oracle11@hp, not get full_sql and db_user

52343

mysql:p4056,r85878 ,"DATETIME" will get parser error Not released

52058

INSERT SQL issued by Oracle Pro*C cannot be captured.

52712

Fix parse_flat_log segfault

52944

Sniffer stops with v9.5p4056

53024

Add more MariaDB command options for MySQL

53186

Fix two rows of DB_NAME

53214

Parse_flat_log gets error "ERROR: UNKNOWN server type TRD"

53009

Analyzer Rule to mask passwords in UID Chain

53051

Sniffer not capturing traffic from Windows Oracle 12c

16 Guardium v9.0/9.5 patch 700 release notes

Sniffer update

Guardium Bug #

APAR

Description

client 53107

Incorrect Object Name Reported

53227

Skip logging not working for exceptions

53360

GA15768

53345

53476

11.

4060

4061

Sybase: procedure and trigger both get object_type ='procedure' GA15774

Parser error for MS SQL SERVER traffic that includes sp_executesql

53670

Oracle parser errors

53682

SQL not Appearing in Reports

53771

Only 3 out of 5 Oracle DDL captured with ALLOW ALL policy in place

53783

12.

Snif_stderr: Failed - Insert Ignore into gdm_secure_params

GA15784

Parser error TDS_MS-current:1:16342: unexpected end of file

53790

Prepared Statements in Oracle doesn't seem to be processed for values.

53853

Bind variable blank if default capture value checked

53722

Fix MS SQL parser errors

53771

Fix instance of only 3 out of 5 Oracle DDL captured with ALLOW ALL policy in place

53970

P4060 r88262 :parse STP with wrong verb depth

53975

GA15807

Oracle 'select v$parameter' statement dumped in Traffic Report

17 Guardium v9.0/9.5 patch 700 release notes

Sniffer update

Guardium Bug #

APAR

53996

13.

14.

4062

4063

Description

Problem with ATAP traffic. Hash at the end of the packet prevents from logging long SQL statements.

53456

GA15805

Consistent GDM_ERROR table filling up with Oracle Parser_Error

53334

GA15804

STATEMENT TYPE shows "RAW" for dbaccess queries

54034

GA15806

Traffic is not hitting rule that it should

54181

Parser Errors in the GDM_ERROR table

54190

Parser error when reserved word used in SQL statement context

54217

P4061-Row in GDM_ERROR that wasn't in p4060 (line 1:117: unexpected char: 0x01)

51422

Filtering exact object name when parsing SQL

51779

Delete and do not create DDLs with the same sequence number

53107

Incorrect Object Name Reported - v9.5

53907

Sniffer thread stuck in Oracle traffic

54174

GA15817

54186

54255

.NET application executes store procedures and either we see sp(null,null) as values or we see garbage information as parameter values p4061: create Pivot table,part after Pivot is not be parsed

GA09975

54264

p4061 masking of last 8 numbers in creditno resulting in all 16 credit numbers being masked Parser_error 'current:1:33: unexpected token: number'

18 Guardium v9.0/9.5 patch 700 release notes

Sniffer update

Guardium Bug #

APAR

54284

15.

16.

17.

4064

4065

4066

Description

Listening slon commands on localhost only.

54345

GA15810

No SQL logged after replaying Windows Oracle SLON

54562

GA15878

Collector cannot capture with Policy action

54594

GA15877

Cannot capture SQL at report with dynamic SQL by Pro*C

54611

GA15870

Wrong Records affected RA=8192 when different value expected

54671

GA15847

clone of 54616: Alerts from iSeries database have LEEF variable unpopulated

54804

Fixed issue when Buff Usage Monitor report is empty because of the database connection error.

54478

Long SELECT UNION SQL not Logging at all when max_sql_size is set to above 300KB

54799

Full SQL with values not being captured by v10 collector due to Parsing Issue

54070

iSTAP reports wrong OSUSER

54678

GA15873

54713

54861

Parser error with MongoDB leading to full database Guardium Report Depicting Incorrect Server Host Name in LTM Environment

GA15882

Valid Netezza SQL logged as PARSER_ERROR after applying P4064

19 Guardium v9.0/9.5 patch 700 release notes

Known issues, V9.0/v9.5 GPU p700 Database Access Format In v9.0 GPU 700, Guardium changed the internal database access format. As a result, older adhoc patches may not be compatible with the Guardium system on v9.0 GPU 700 or higher. If an older patch is not compatible with v9.0 GPU 700, during patch installation, an error message will appear. In CLI, the error message is: Patch not compatible with this appliance. This patch contains an old access format.

In the GUI, the error message is: Patch Installation Failed - Patch not compatible with this appliance (access format)

In case the functionality from an incompatible patch is not included in v9.0 GPU 700, and is still required, request Guardium Customer Support to provide a new patch.

Accelerator installation For v9.5 accelerators, only the installation has changed. The contents are the same and they do not need to be re-installed if the earlier ones were already installed.

20 Guardium v9.0/9.5 patch 700 release notes

Language Pack SqlGuard-9.0p1086_Language_Update_GPU_700

Separate versions for 32-bit and 64-bit SqlGuard-9.0p1086_Language_Update_GPU_700_32-bit.tgz.enc SqlGuard-9.0p1086_Language_Update_GPU_700_64-bit.tgz.enc

The language pack is separate from GPU 700. There are changes to some of the JAR files to enable them to be translated. Therefore, the language pack contains some updated JAR files. Since these may conflict with newer versions of the JAR files in later patches (for example, after GPU patch 700), it is important that Guardium users install the language pack before installing any other patches on a system that has GPU patch 700 or the v9.0 ISO. If Guardium users install the language pack after the other patches, they may need to re-install the other patches. On a non-English Guardium system, the language pack must be installed before upgrading to GPU patch 700. Note: The language pack is not needed to install GPU patch 700 on an English Guardium system, but the language pack must be installed on a non-English Guardium system.

Question #1: Should V9.0 patch 700 be applied again after the language pack is installed? Answer: No, do not apply V9.0 patch 700 twice. If upgrading a Guardium English system with v9.0 GPU patch 700, install the GPU, then install the language pack, and then run the CLI command, store language, to change the language on what was previously a Guardium English system. On a Guardium non-English system, the language pack must be installed before the GPU.

Question #2: Is the language pack dependent on installing the Health Check patch 9997? Answer: No, the language pack is NOT dependent on first installing the Health Check patch 9997.

21 Guardium v9.0/9.5 patch 700 release notes

Question #3: What happens if a user installs GPU patch 700 before the language pack on a nonEnglish system? Answer: V9.0/9.5 GPU patch 700 will not install on a non-English system that does not have the language pack installed beforehand.

22 Guardium v9.0/9.5 patch 700 release notes

Online help available via Web The online help is included in the Guardium 9.0/9.5 Knowledge Center on the Web at: http://www01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.nex.igsec.doc/g95_welcome.ht ml Search all the product information together at that site. The Knowledge center is updated more frequently than the embedded online help and is the most up-to-date source of information.

Use this link to retrieve a list of all public URLs for V9.0/9.5: http://www-01.ibm.com/support/docview.wss?&uid=swg27045362

Links to System requirements/ Technical requirements for v9.5 V9.5 System Requirements (Platforms Supported) (June 2016) 32-bit and 64-bit http://www-01.ibm.com/support/docview.wss?&uid=swg27045286

V9.5 Software Appliance Technical Requirements (August 2015) 32-bit and 64-bit New hardware configurations (6) http://www-01.ibm.com/support/docview.wss?&uid=swg27045285

2016 September 08 IBM Guardium Version 9.5 Licensed Materials - Property of IBM. © Copyright IBM Corp. 2016. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” (www.ibm.com/legal/copytrade.shtml)

23 Guardium v9.0/9.5 patch 700 release notes