I believe there was a previous thread a few days ago with this.
You would need to call support to find out if you can upgrade only the DB or go to RU2
Symantec is likely aware and has the fix or workaround
Check this link as it provides all security advisories for Symantec. Perhaps you can find what you need here:
https://www.symantec.com/security_response/securityupdates/list.jsp?fid=security_advisory
CVE-2009-5111 seems to be related to GoAhead Webserver, not sure this applies to SEPM
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5111