IBM DB2 UDB Multiple Unspecified Vulnerabilities (Linux)

Summary
The host is installed with IBM DB2 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to bypass security restrictions, cause a denial of service. Impact Level: System/Application
Solution
Update IBM DB2 9.5 Fixpak 5, http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
Insight
The flaws are due to: - An unspecified error in the Engine Utilities component, causes segmentation fault by modifying the db2ra data stream sent in a request from the load utility. - An unspecified error in 'db2licm' within the Engine Utilities component it has unknown impact and local attack vectors. - An unspecified error in the DRDA Services componenta, causes the server trap by calling a SQL stored procedure in unknown circumstances. - An error in relational data services component, allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. - Multiple unspecified errors in bundled stored procedures in the Spatial Extender component, have unknown impact and remote attack vectors. - An unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component, allows to cause a denial of service (instance crash) by compiling a SQL query
Affected
IBM DB2 version 9.5 prior to Fixpak 5
References