IBM Support

7.1.1-TIV-TDI-LA0040

Download


Downloadable File

Abstract

UPGRADING TDI JRE TO 7.0 SR10 FP40 BECAUSE OF MULTIPLE VULNERABILITIES

Download Description

+-----------------------------------------------------+
Interim Fix 7.1.1-TIV-TDI-LA0040 README
Tivoli Directory Integrator 7.1.1  ( Also applicable to Security Directory Integrator 7.2.0 and Tivoli Directory Integrator 7.1.0 )
LA Interim Fix 40
(All platforms)
JRE Level: Java 7 Service Refresh 10 Fix pack 40
Date: Mar 2019
+-----------------------------------------------------+
COPYRIGHT STATEMENT
====================
Mar 2019
References in this publication to IBM products, programs, or services do
not imply that IBM intends to make these available in all countries in
which IBM operates. Any reference to an IBM program product in this
publication is not intended to state or imply that only IBM's program
product may be used. Any functionally equivalent program may be used
instead.
IBM is a trademark of the International Business Machines Corporation.
Copyright International Business Machines Corporation 2019. All rights
Reserved.
Fix For
========
    APAR   -   NA
    PMR    -   NA         

General Description:  
====================
Upgrading to Java 7 Service Refresh 10 Fix pack 40 because of multiple Java vulnerabilities.
Note:
For HP-UX-IA64        Java 7.0.10.35 version is shipped.
For Solaris Sparc 32  Java 7.0.10.35 version is shipped.
For Solaris X86   64  Java 7.0.10.35 version is shipped.
Details:
========
This Limited Availability Interim Fix contains JRE fix for multiple vulnerabilities.
Refer link for details :- http://www-01.ibm.com/support/docview.wss?uid=swg20875442
Prerequisites:   
==============
Security Directory Integrator v7.2.0 with or without any fix pack must be installed.
Tivoli Directory Integrator v7.1.1 with or without any fix pack must be installed.
Tivoli Directory Integrator v7.1.0 with or without any fix pack must be installed.

Platforms:  
==========
All supported  Platforms

Downloading the Fix:
====================
- Under the Download options section, Click on the "Change Download options" link.
- Set the "Include prerequisites and co-requisite fixes (you can select the ones you need later)" checkbox to true.
Applying the Fix:
=================
- Shutdown TDI.
- Unzip the fix package to a temporary directory. The LA contains platform specific JRE's, copy the .zip or the .tar.gz to respective
platforms.
- Extract the .zip /.tar.gz files into temp directory.
-  Backup/rename the existing <TDI_Install_Dir\jvm\jre directory.
- Copy the <temp directory>\<extracted_jvm_dir>\jre directory and content as a sub-directory to the <TDI_Install_Dir>\jvm directory.
-  Apply command 'chmod -R 755 jre' for non windows platform.

Changes to the Java policy file for Derby  server to start
================================================
- Derby server does not start as the new JVM does not grant permissions by default.
- Resolve by using either option:
    * To give all permissions to all files in the TDI install dir, add the following in the  <TDI_Install_dir>\jvm\jre\lib
\security\java.policy
        grant codeBase "file:/<TDI_Install_dir>/-" {
                permission java.security.AllPermission;
        };
        Note : The ending minus, "-", in the path. It means that all files in all folders, recursively, under the TDI install
dir will be given this permission.
    * To give permission to derby port to listen, add the following line in the   <TDI_Install_dir>\jvm\jre\lib\security
\java.policy , under the  default permissions granted to all
domains section.
        permission java.net.SocketPermission "localhost:<port number>-", "listen";
        For example : permission java.net.SocketPermission "localhost:1527-", "listen";
        Note: 1527 is the derby port in this example.

Refer the adjacent link for additional information. http://www-01.ibm.com/support/docview.wss?uid=swg21450475

Confirming the Fix has been applied successfully:   
=================================================
JAVA vulnerability will be resolved.

Prerequisites

Refer to 7.1.1-TIV-TDI-LA0040-README.txt for details

Installation Instructions

Refer to 7.1.1-TIV-TDI-LA0040-README.txt for details

On
[{"DNLabel":"7.1.1-TIV-TDI-LA0040","DNDate":" ","DNLang":"English","DNSize":"4,035","DNPlat":{"label":"Platform Independent","code":"PF025"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Directory+Integrator&fixids=7.1.1-TIV-TDI-LA0040-Java7-SR10FP40&source=SAR","DNURL_FTP":"","DDURL":null}]

Document Location

Worldwide

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSCQGF","label":"Tivoli Directory Integrator"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.0;7.1.1;7.2.0","Edition":"Edition Independent","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

TDI SDI

Document Information

Modified date:
13 March 2019

UID

ibm10875796