Question & Answer
Question
How to install LogJam vulnerability interim fix for embedded WebSphere Application Server (provided by Directory Server)?
Cause
LogJam vulnerability (CVE-2015-4000) requires that the Java (JRE/JDK) used by embedded WebSphere Application Server(eWAS) be updated with the interim fix PI42778 (for eWAS 7.0.0.31 or later) and with the interim fix PI42779 (for eWAS 6.1.0.47).
Answer
The tables on the Directory server recommended fixes page provides the latest recommended eWAS fix levels.
This LogJam Vulnerability CVE-2015-4000 problem is fixed in eWAS (and WAS) with the interim fix PI42778 (for eWAS 7.0.0.31 or later) and with the interim fix PI42779 (for eWAS 6.1.0.47).
This document provides installation procedure for Log Jam vulnerability interim fix for embedded WebSphere Application Server provided by Directory Server(SDS / TDS).
1. Identify the eWAS install location. (eWAS_install_location)
Here is the default install location of eWAS if SDS/TDS provided GUI was used during product installations.
V6.4:
Note: V6.4 provided full WAS 8.5.5, Use instructions provided in WebSphere Security Bulletin. Look into section "For V8.5.0.0 through 8.5.5.6 Full Profile".
V6.3.1:
AIX, Solaris: /opt/IBM/ldap/V6.3.1/appsrv
Linux: /opt/ibm/ldap/V6.3.1/appsrv
Windows: <ITDS_V6.3.1_install_location>\appsrv
V6.3:
AIX, Solaris: /opt/IBM/ldap/V6.3/appsrv
Linux: /opt/ibm/ldap/V6.3/appsrv
Windows: <ITDS_V6.3_install_location>\appsrv
V6.2:
AIX, HP-UX, Solaris: /opt/IBM/ldap/V6.2/appsrv
Linux: /opt/ibm/ldap/V6.2/appsrv
Windows: <ITDS_V6.2_install_location>\appsrv
V6.1:
AIX, HP-UX, Solaris: /opt/IBM/ldap/V6.1/appsrv
Linux: /opt/ibm/ldap/V6.1/appsrv
Windows: <ITDS_V6.1_install_location>\appsrv
2. Find the eWAS version that is in use and determine the need for fix pack installation:
# for AIX, HP-UX, Solaris and Linux, open a login shell
cd <eWAS_install_location>/bin
./versionInfo.sh
# for Windows open a command prompt:
cd <eWAS_install_location>\bin
versionInfo.bat
3. Install latest recommended eWAS and WASSDK fix packs:
3. a. For eWAS 7.0 provided by SDS 6.3.1 or TDS 6.3, install latest recommended eWAS fix pack (that is 7.0.0.39 or later fix level: current latest fix level is 7.0.0.41).
3. b. For eWAS 6.1 provided by TDS 6.2 or TDS 6.1, install eWAS fix pack 6.1.0.47.
4. Install required LogJam vulnerability interim fix for eWAS (choose one of the following based on the eWAS fix pack level installed in step 3.):
4. a. For eWAS 7.0.0.41 refer "embedded WebSphere Application Server 7.0 Fix Pack 41 (7.0.0.41)"
4. b. For eWAS 6.1.0.47 download the platform specific interim fix file from PI42779 and install using Update installer procedure - step 5.
The following table helps in identifying and downloading correct platform specific interim fix file:
Operating System | Java SDK Download package |
AIX | AIX 64-bit Power PC Java SDK |
HP-UX (pa-risc) | HP-UX 32-bit HP PA-RISC Java SDK |
HP-UX (IA64) | HP-UX 64-bit Intel Itanium Java SDK |
Linux (i386 / ia32) | Linux 32-bit x86 AMD/Intel Java SDK |
Linux (x86_64 / X64 / amd64) | Linux 64-bit x86 AMD/Intel Java SDK |
Linux (i/pSeries/ppc64) | Linux 64-bit i/p Series Java SDK |
Linux (zSeries / s390x) | Linux 64-bit S/390 Java SDK |
Solaris (SPARC) For Tivoli Directory Server V6.3 / V6.2 | Solaris 64-bit SPARC Java SDK |
Solaris (SPARC) For Tivoli Directory Server V6.1 ONLY | Solaris 32-bit SPARC Java SDK |
Solaris (amd64/x64/x86_64) | Solaris 64-bit x86 Java SDK |
Windows (i386 / ia32) | Win 32-bit x86 AMD/Intel Java SDK |
Windows (X64 / x86_64) | Win 64-bit x86 AMD/Intel Java SDK |
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21960863