IBM Support

LogJam vulnerability interim fix for embedded WebSphere Application Server - Install procedure

Question & Answer


Question

How to install LogJam vulnerability interim fix for embedded WebSphere Application Server (provided by Directory Server)?

Cause

LogJam vulnerability (CVE-2015-4000) requires that the Java (JRE/JDK) used by embedded WebSphere Application Server(eWAS) be updated with the interim fix PI42778 (for eWAS 7.0.0.31 or later) and with the interim fix PI42779 (for eWAS 6.1.0.47).

Answer

The tables on the Directory server recommended fixes page provides the latest recommended eWAS fix levels.

This LogJam Vulnerability CVE-2015-4000 problem is fixed in eWAS (and WAS) with the interim fix PI42778 (for eWAS 7.0.0.31 or later) and with the interim fix PI42779 (for eWAS 6.1.0.47).

This document provides installation procedure for Log Jam vulnerability interim fix for embedded WebSphere Application Server provided by Directory Server(SDS / TDS).

1. Identify the eWAS install location. (eWAS_install_location)

Here is the default install location of eWAS if SDS/TDS provided GUI was used during product installations.

V6.4:

Note: V6.4 provided full WAS 8.5.5, Use instructions provided in WebSphere Security Bulletin. Look into section "For V8.5.0.0 through 8.5.5.6 Full Profile".

V6.3.1:

AIX, Solaris: /opt/IBM/ldap/V6.3.1/appsrv
Linux: /opt/ibm/ldap/V6.3.1/appsrv
Windows: <ITDS_V6.3.1_install_location>\appsrv

V6.3:

AIX, Solaris: /opt/IBM/ldap/V6.3/appsrv
Linux: /opt/ibm/ldap/V6.3/appsrv
Windows: <ITDS_V6.3_install_location>\appsrv

V6.2:

AIX, HP-UX, Solaris: /opt/IBM/ldap/V6.2/appsrv
Linux: /opt/ibm/ldap/V6.2/appsrv
Windows: <ITDS_V6.2_install_location>\appsrv

V6.1:

AIX, HP-UX, Solaris: /opt/IBM/ldap/V6.1/appsrv
Linux: /opt/ibm/ldap/V6.1/appsrv
Windows: <ITDS_V6.1_install_location>\appsrv

2. Find the eWAS version that is in use and determine the need for fix pack installation:

# for AIX, HP-UX, Solaris and Linux, open a login shell
cd <eWAS_install_location>/bin
./versionInfo.sh

# for Windows open a command prompt:
cd <eWAS_install_location>\bin
versionInfo.bat

3. Install latest recommended eWAS and WASSDK fix packs:

3. a. For eWAS 7.0 provided by SDS 6.3.1 or TDS 6.3, install latest recommended eWAS fix pack (that is 7.0.0.39 or later fix level: current latest fix level is 7.0.0.41).

3. b. For eWAS 6.1 provided by TDS 6.2 or TDS 6.1, install eWAS fix pack 6.1.0.47.

4. Install required LogJam vulnerability interim fix for eWAS (choose one of the following based on the eWAS fix pack level installed in step 3.):

4. a. For eWAS 7.0.0.41 refer "embedded WebSphere Application Server 7.0 Fix Pack 41 (7.0.0.41)"

4. b. For eWAS 6.1.0.47 download the platform specific interim fix file from PI42779 and install using Update installer procedure - step 5.

The following table helps in identifying and downloading correct platform specific interim fix file:

Operating System
Java SDK Download package
AIX
AIX 64-bit Power PC Java SDK
HP-UX (pa-risc)
HP-UX 32-bit HP PA-RISC Java SDK
HP-UX (IA64)
HP-UX 64-bit Intel Itanium Java SDK
Linux (i386 / ia32)
Linux 32-bit x86 AMD/Intel Java SDK
Linux (x86_64 / X64 / amd64)
Linux 64-bit x86 AMD/Intel Java SDK
Linux (i/pSeries/ppc64)
Linux 64-bit i/p Series Java SDK
Linux (zSeries / s390x)
Linux 64-bit S/390 Java SDK
Solaris (SPARC)
For Tivoli Directory Server V6.3 / V6.2
Solaris 64-bit SPARC Java SDK
Solaris (SPARC)
For Tivoli Directory Server V6.1 ONLY
Solaris 32-bit SPARC Java SDK
Solaris (amd64/x64/x86_64)
Solaris 64-bit x86 Java SDK
Windows (i386 / ia32)
Win 32-bit x86 AMD/Intel Java SDK
Windows (X64 / x86_64)
Win 64-bit x86 AMD/Intel Java SDK

[{"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.1;6.2;6.3;6.3.1;6.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21960863