Bug Alert for NPS users with Golang installed
More Netezza bugs to report folks - this time on Monday IBM announced patches for multiple high-severity vulnerabilities impacting a number of products including Netezza and Cloud Pak for Data.
Three vulnerabilities were reported that affected the Golang packages that IBM Netezza for Cloud Pak for Data uses. Golang, or Go Language, is an open-source, compiled, and statically typed programming language designed by Google that is installed by default within the NPS container.
What is the impact of these bugs?
Two of these issues are rated ‘high severity’, with a Common Vulnerablity Scoring System, or CVSS, score of 7.5. All three flaws are described as denial-of-service (DoS) vulnerabilities in Golang that could be exploited remotely using specially crafted content or requests.
Who is affected by these bugs?
Golang is not installed in older Netezza systems, it only affects NPS versions 11.2.1.0 to 11.2.1.5.
What do you need to do?
There are two options.
- Upgrade to a patched version of Golang by downloading and replacing the binary as described in this link.
- Install NPS version 11.2.1.6, which was released on 9th August 2022. The release notes don't mention the golang bug fix specifically but the SecurityWeek article says that this patch fixes the problem.
If you want any further information, feel free to contact us.