[IQUG] [Alert: Spoofed 'From Address' Detected] FW: IQ 16.0 PL21 data corruption issue and downgrade procedure

Louie, David David.Louie at blackrock.com
Thu Jan 3 12:39:01 MST 2019


Here’s the SAP instructions.  It affects the latest version of 16.0 SP11.PL21, and two 16.1 versions SP02, SP03

Reason and Prerequisites
A bug exists in the PL21, PL13, and PL03 patch releases listed above. This bug has been isolated and fixed, and the fix will be available in the next PL releases for SAP IQ 16.0 SP11, SAP IQ 16.1 SP02, and SAP IQ 16.1 SP03.
The affected PL21, PL13, and PL03 patch releases have been removed from the SAP Software Download Center.
Solution
Downgrade your installation. Install the previous patch level release for your operating system from the SAP Software Download Center.

  1.  Shut down the SAP IQ server.
  2.  Remove the affected patch:
     *   Uninstall the PL03, PL13, or PL21 patch,
or
     *   Run the setup for the previous patch release, and overlay previous patch release binaries on top.
  3.  Restart the SAP IQ server using the previous patch level release binaries.

Note: ALTER DATABASE UPGRADE is not required for this installation downgrade procedure.
  4.  If you installed one of the affected PL21, PL13, or PL03 patch releases, and if you performed an ALTER DATABASE UPGRADE after that upgrade operation, check your database options. Some database option settings changed due to your upgrade to PL21, PL13, or PL03. For example, the FP_NBIT_ENABLE_TOKENCOUNT_CHECK option default value changed to ON from OFF in PL21, PL13, and PL03. For information on checking your database options after an upgrade, see Review the SAP IQ Options Every Time You Upgrade<https://help.sap.com/viewer/664aec65107f4c26a686e3228d71654c/16.1.3.3/en-US/39d7f37ba06c47559158c03be6143e90.html> in the SAP IQ Best Practices Guide.


From: iqug-bounces at iqug.org [mailto:iqug-bounces at iqug.org] On Behalf Of Louie, David
Sent: Thursday, January 03, 2019 1:36 PM
To: iqug at iqug.org
Subject: [Alert: Spoofed 'From Address' Detected] [IQUG] FW: IQ 16.0 PL21 data corruption issue and downgrade procedure


External Email: Use caution with links and attachments

Happy New Year Everyone!

We received an alert from SAP stating that due to ‘serious data corruption issues’ we should stop using IQ 16.0 SP11.PL21 immediately.

This data corruption is so serious SAP has removed the SP11.PL21 binaries from their download page.

Fortunately we only had it installed on one DEV server.

SAP has advised we can downgrade from SP11.PL21 back to SP11.PL20 simply by shutting down the server, rerunning the setup.bin (PL20)
and then restarting the server.  They state ALTER DATABASE upgrade need not be run for the rollback.

I just tested out the downgrade from PL21 --> PL20 on our lab host.

ALTER database upgrade needs to be run.  sp_iqcheckdb ( and a lot of other things I would think) breaks otherwise
1> sp_iqcheckdb 'check database'
2> go
Msg 213, Level 16, State 0:
SQL Anywhere Error -207: Wrong number of values for INSERT
(0 rows affected)
1> sp_iqcheckdb 'allocation database'
2> go
Msg 213, Level 16, State 0:
SQL Anywhere Error -207: Wrong number of values for INSERT
(0 rows affected)
1> alter database upgrade
2> go
Database upgrade started
Creating system views
Creation of system views completed
Creating DBO views
Creation of DBO views completed
Creating system procedures
Creation of system procedures completed
Creating system views
Creation of system views completed
Setting option values
Setting option values completed
Creating migration procedures
Creation of migration procedures completed
Creating jConnect procedures
Creation of jConnect procedures completed

(1    row affected)
1>quit


1> sp_iqcheckdb 'allocation database'
2> go
Stat
         Value
         Flags
--------------------------------------------------
         --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
         ------
==================================================
         ==============================
         ======
DBCC Allocation Mode Report


==================================================
         ==============================
         ======
    DBCC Status
         No Errors Detected




==================================================
         ==============================
         ======
Allocation Summary

Additionally the doc states that if you ran ALTER DATABASE UPGRADE after patching to PL21 you should check the options which may have changed.

The fact that you can downgraded from PL21 to PL20 is  contrary to what was stated in the past which was patching or upgrades were irreversible and restore from backup was the only way to downgrade.

Should we be concerned about this downgrade procedure?

Thanks
David


This message may contain information that is confidential or privileged. If you are not the intended recipient, please advise the sender immediately and delete this message. See http://www.blackrock.com/corporate/compliance/email-disclaimers for further information.  Please refer to http://www.blackrock.com/corporate/compliance/privacy-policy for more information about BlackRock’s Privacy Policy.
For a list of BlackRock's office addresses worldwide, see http://www.blackrock.com/corporate/about-us/contacts-locations.

© 2019 BlackRock, Inc. All rights reserved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://iqug.org/pipermail/iqug/attachments/20190103/23fb1afa/attachment-0001.html>


More information about the IQUG mailing list