IBM Security Bulletin: Vulnerability in InstallAnywhere affects DB2 Recovery Expert, DB2 Merge Backup, InfoSphere Optim High Performance Unload for DB2, and InfoSphere pureQuery Runtime on Windows Platform (CVE-2016-4560)

InstallAnywhere generates installation executables that are vulnerable to a DLL-planting, affecting DB2 Recovery Expert, DB2 Merge Backup, InfoSphere Optim High Performance Unload, and InfoSphere pureQuery Runtime on Windows platform.

CVE(s): CVE-2016-4560

Affected product(s) and affected version(s):

DB2 Recovery Expert for Linux UNIX and Windows 4.1.0 and earlier DB2 Merge Backup for Linux UNIX and Windows 2.1.0.1 and earlier
InfoSphere Optim High Performance Unload for DB2 for Linux, UNIX and Windows 5.1.0.1 and earlier
IBM InfoSphere Optim pureQuery Runtime 3.3 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28SnMYi
X-Force Database: http://ift.tt/1Vw3dW4



from IBM Product Security Incident Response Team http://ift.tt/28RLl7f