IBM Security Bulletin: Vulnerabilty in XMLC affects IBM® DB2® LUW (CVE-2016-0729, CVE-2016-4463)
IBM DB2 for LUW bundles a XMLC library that is affected by CVE-2016-0729. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially crafted statement. This may cause the DB2 server to terminate abnormally or execute arbitary code.
CVE(s): CVE-2016-0729, CVE-2016-4463
Affected product(s) and affected version(s):
All fix pack levels of IBM DB2 V9.7, V10.1, V10.5 and V11.1 editions listed below and running on AIX, Linux, HP, Solaris or Windows are affected
IBM® DB2® Express Edition
IBM® DB2® Workgroup Server Edition
IBM® DB2® Enterprise Server Edition
IBM® DB2® Advanced Enterprise Server Edition
IBM® DB2® Advanced Workgroup Server Edition
IBM® DB2® Direct Advanced Edition
IBM® DB2® Direct Standard Edition
IBM® DB2® Connect™ Application Server Edition
IBM® DB2® Connect™ Enterprise Edition
IBM® DB2® Connect™ Unlimited Edition for System i®
IBM® DB2® Connect™ Unlimited Edition for System z®
The DB2 Connect products mentioned are affected only if a local database has been created.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ccJCGy
X-Force Database: http://ift.tt/297OoIU
X-Force Database: http://ift.tt/2b5BVXc
from IBM Product Security Incident Response Team http://ift.tt/2ceOcsz