Download
Abstract
4.1.1-TMF-0124 provides an updated JAVA Runtime Environment (JRE) which includes the fix for Java parseDouble Security Vulnerability CVE-2010-4476. Updated 2011/10/03.
Download Description
*******************************************************************
* A change introduced by this patch is incomplete but will not
* adversely affect existing function.
*
* Please refer to APAR(s) IV08566 ...... for a description of the
* problem(s) and corrective action(s).
*
* Evaluate these APARs for the potential impact in your environment.
*******************************************************************
Please see the download package for the full Readme.
Patches superseded by this patch:
4.1-TMF-0032
4.1-TMF-0041
4.1-TMF-0061
4.1.1-TMF-0034
4.1.1-TMF-0075
4.1.1-TMF-0084LA
4.1.1-TMF-0105LA
New Fixes in 4.1.1-TMF-0124:
APAR IZ96820
Symptoms: Java parseDouble Security Vulnerability in JRE 1.3.1
shipped with the Java Runtime Environment (JRE) component of
Tivoli Management Framework.
There is no known issue about running the Tivoli Management
Framework components like JRIM, JCF, and the MDist2 GUI.
However, JRE 1.3.1 shipped with the Java Runtime Environment
(JRE) component of Tivoli Management Framework could be
affected by the vulnerability.
This problem relates to security vulnerability CVE-2010-4476
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
This patch provides the updated JRE for Solaris, AIX, Windows,
OS/2, Linux-ix86, and Linux-s390. This patch does not provide the
updated JRE for HPUX because all HP remediations require the
use of HP supplied FPUpdater Tool. IBM does not have the source
code of JRE 1.3.1 from HP and can not make the change.
| Created/Revised by | Date of Creation/Update | Summary of Changes |
| YS | 2011/03/24 | Document created |
| YS | 2011/10/03 | APAR IV08566 Changed README to add the description of TCM patches that solve the problem in the Additional Information section 2. |
Installation Instructions
Applying the Patch:
1) Extract the patch:
On a Unix system:
Extract the contents into a scratch directory. For the purpose
of this release note, assume that the symbol $PATCH points to
this directory.
# cd $PATCH
# tar xvf 4.1.1-TMF-0124.tar
On a Windows system:
Extract the contents into a scratch directory. For the purpose
of this release note, assume that the symbol %PATCH% points to
this directory.
> %SystemRoot%\system32\drivers\etc\Tivoli\setup_env
> X:
^-- 'X' is drive letter where %PATCH% is found
> cd %PATCH%
> tar xvf 4.1.1-TMF-0124.tar
NOTE: If you are extracting the tar image on a Windows
system, you will find an executable for tar in the TME
installation on Windows under bin/w32-ix86/tools/tar.exe.
2) If this patch is to be installed on a release level of 3.6 or
greater, follow these instructions for using Software
Installation Service (SIS). If not, skip to step 3 below.
NOTE: SIS can install Tivoli products on any hardware
platform supported by Tivoli, but there are some
hardware platforms on which SIS cannot be run. Please
check your SIS User's Manual for the list of platforms
on which SIS can be run.
NOTE: You must have the install_product and super authorization
roles to successfully install this patch.
a) From the Tivoli Desktop, pull down
Desktop --> Install --> Software Installation Service.
b) SIS will initialize, and bring up the Get Installation
Password Dialog. Enter your Installation Password.
c) Click the Install Button on the dialog which contains
the Tivoli image.
d) Click the Select Product Button on the Install Spreadsheet
Dialog.
e) Click the Import Product Button on the Select Product
Dialog.
f) Locate the media to 4.1.1-TMF-0124 using the file browser,
and select the PATCHES.LST file by double-clicking it.
g) Select 4.1.1-TMF-0124 in the Import Product Dialog, and
click the Import Button.
h) When the import is complete, click the OK Button on the
Global Progress Dialog.
i) Select 4.1.1-TMF-0124 in the Select Product Dialog, if it
is not already selected, and click the OK Button.
j) Now click the Select Machine Button on the Install
Spreadsheet Dialog.
k) Select the machine(s) you would like to install
4.1.1-TMF-0124 on and click the OK Button.
l) Click the appropriate cell(s) in the Install Spreadsheet
Dialog. (NOTE: This should yield an "X" in the cell(s)
for the machines you want to install 4.1.1-TMF-0124 to).
m) Click the Install Button.
n) Select the install algorithm you want to use on the
Installation Algorithm Dialog, and click OK.
o) SIS will perform the installation(s) you designated
in the Install Spreadsheet Dialog.
p) Installation is complete. Check the Additional
Installation Instructions section below.
3) Use the following steps to install the patch using the Tivoli
GUI install mechanism.
NOTE: You must have the install_product and super authorization
roles to successfully install this patch.
a) Select the "Install -> Install Patch..." option from the
"Desktop" menu to display the "Install Patch" dialog.
b) Press the "Select Media..." button to display the "File
Browser" dialog.
c) Enter the path to the directory containing the patch,
$PATCH, in the "Path Name:" field.
d) Press the "Set Media & Close" button to return to the
"Install Patch" dialog.
e) The patch install list now contains the name of the patch.
Select the patch by clicking on it.
f) Select the clients to install this patch on. This patch
needs to be installed on the TMR server and on each
managed node client.
g) Press the "Install" button to install the patch.
Additional Installation Instructions:
This patch does not install JREs on endpoints. JRE updates required
by any TMF based application on the endpoints are updated by
application dependencies that pull the JRE from the gateway.
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24029766