CVE-2012-0712
Priority
Medium
Description
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through
FP4 allows remote authenticated users to cause a denial of service
(infinite loop) by calling the XMLPARSE function with a crafted string
expression.
FP4 allows remote authenticated users to cause a denial of service
(infinite loop) by calling the XMLPARSE function with a crafted string
expression.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0712
http://xforce.iss.net/xforce/xfdb/73496
http://www-01.ibm.com/support/docview.wss?uid=swg21588098
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379
http://xforce.iss.net/xforce/xfdb/73496
http://www-01.ibm.com/support/docview.wss?uid=swg21588098
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379
Notes
tyhicks> Fixed in 9.7 FP6
Package
| Upstream: | released (9.7 FP6) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needed |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | needed |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
Patches:
| Upstream: | http://www-01.ibm.com/support/docview.wss?uid=swg24032754 |