GSKit is an IBM product that is used by IBM DB2 for SSL support. The GSKit that is shipped with DB2 contains multiple security vulnerabilities. By default, DB2 does not use SSL for client-server communication and therefore, this vulnerability affects DB2 only if SSL is enabled.
CVE(s): CVE-2012-2190, CVE-2012-2191, and CVE-2012-2203
Affected product(s) and affected version(s):
The following IBM DB2 and DB2 Connect V9.1, V9.5, V9.7 and V10.1 editions running on AIX, Linux, HP, Solaris and Windows.
IBM® DB2® Express Edition
IBM® DB2® Workgroup Server Edition
IBM® DB2® Enterprise Server Edition
IBM® DB2® Advanced Enterprise Server Edition
IBM® DB2® Connect™ Application Server Edition
IBM® DB2® Connect™ Enterprise Edition
IBM® DB2® Connect™ Unlimited Edition for System i®
IBM® DB2® Connect™ Unlimited Edition for System z®
The following IBM DB2 V9.8 editions running on AIX and Linux:
IBM® DB2® pureScale™ Feature for Enterprise Server Edition
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21626749
X-Force Database (http://xforce.iss.net/xforce/xfdb/75994)
X-Force Database (http://xforce.iss.net/xforce/xfdb/75996)
X-Force Database (http://xforce.iss.net/xforce/xfdb/77280)