IBM Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows
There are multiple vulnerabilities in open source expat XML parser that is used in DB2 Net Search Extender.
CVE(s): CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-1283, CVE-2015-2716, CVE-2016-4472, CVE-2016-0718, CVE-2016-5300
Affected product(s) and affected version(s):
DB2 Net Search Extender V9.7, V10.1, V10.5 and V11.1 for all supported platforms
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gzFsPr
X-Force Database: http://ift.tt/2aA9yyg
X-Force Database: http://ift.tt/2az7wLo
X-Force Database: http://ift.tt/2aAaouW
X-Force Database: http://ift.tt/2az7gfC
X-Force Database: http://ift.tt/2fFH1Xu
X-Force Database: http://ift.tt/2bykBrC
X-Force Database: http://ift.tt/2aA9DSH
X-Force Database: http://ift.tt/2cwoPxW
from IBM Product Security Incident Response Team http://ift.tt/2fFMsW9