IBM Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995).
A vulnerability in IBM DB2 for Linux, Unix and Windows could allow a local user to gain elevated privilege.
CVE(s): CVE-2016-5995
Affected product(s) and affected version(s):
The following IBM DB2 and DB2 Connect editions running on AIX, Linux and HP are vulnerable.
IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Connect™ Application Server Edition
IBM DB2 Connect Application Server Advanced Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System i®
IBM DB2 Connect Unlimited Edition for System z®
IBM DB2 Connect Unlimited Advanced Edition for System z
IBM DB2 10.5 Advanced Enterprise Server Edition
IBM DB2 10.5 Advanced Workgroup Server Edition
IBM DB2 10.5 Developer Edition for Linux, Unix and Windows
The IBM data server client and driver types are as follows:
IBM Data Server Driver Package
IBM Data Server Driver for ODBC and CLI
IBM Data Server Runtime Client
IBM Data Server Client
The following table details which DB2 release, fixpacks and platforms are affected:
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ccHVcj
X-Force Database: http://ift.tt/2ceMBmM
Release | Fixpacks | Platforms |
V9.7 | All | Linux Power™ |
V10.1 | All | Linux Power™ |
V10.5 | All | Linux Power™ |
V10.5 | FP7 | All except Windows, Solaris SPARC and Solaris x86 |
V11.1 | GA | Linux Power™ little endian and Linux System z® |
from IBM Product Security Incident Response Team http://ift.tt/2ccJ6s5