Security Bulletin
Summary
Vulnerability in IBM Java SDK affects IBM Platform Symphony and IBM Spectrum Symphony
Vulnerability Details
CVE IDs: CVE-2016-3610 CVE-2016-3598 CVE-2016-3606 CVE-2016-3587 CVE-2016-3511 CVE-2016-3550 CVE-2016-3485
Affected Products and Versions
IBM Platform Symphony: 5.2, 6.1.0.1, 6.1.1, 7.1 FP1, 7.1.1
IBM Spectrum Symphony: 7.1.2
Remediation/Fixes
see workarounds
Workarounds and Mitigations
1. Download location
Download this fix from the following location: http://www.ibm.com/eserver/support/fixes/
2. Scope
|
Applicability
| |
|
Linux on POWER 64-bit Linux on POWER 64-bit LE Windows 64-bit |
|
7.1.1 7.1 Fix Pack 1 |
|
|
|
egojre-1.8.0.311.ppc64.rpm egojre-1.8.0.311.ppc64le.rpm egojre-1.8.0.311.msi symSetup_jre6sr16fp30_linux-64_build420845.tar.gz symSetup_jre6sr16fp30_ppc64_build420845.tar.gz symSetup_jre6sr16fp30_win-x86_64_build420845.zip symSetup_jre7sr9fp50_linux-64_build420845.tar.gz symSetup_jre7sr9fp50_ppc64_build420845.tar.gz symSetup_jre7sr9fp50_win-x86_64_build420845.zip symSetup_jre8sr3fp11_linux-64_build420845.tar.gz symSetup_jre8sr3fp11_ppc64_build420845.tar.gz symSetup_jre8sr3fp11_ppc64le_build420845.tar.gz symSetup_jre8sr3fp11_win-x86_64_build420845.zip
|
3. Installation and configuration
3.1 Before installation
1. Shut down the cluster.
Log on to the host as the cluster administrator and run:
> source $EGO_TOP/cshrc.platform
> egosh user logon -u Admin -x Admin
> soamcontrol app disable all
> egosh service stop all
> egosh ego shutdown all
2. Back up the JRE folder for Platform Symphony 5.2, 6.1.0.1, 6.1.1, 7.0 Fix Pack 1, 7.1.1.
Back up the JRE folder on all hosts in the cluster:
The following steps use a Platform Symphony 7.1.1 cluster as an example:
For Linux 64-bit hosts:
$EGO_TOP/jre/3.3/linux-x86_64
For Linux on POWER 64-bit hosts:
$EGO_TOP/jre/3.3/linux-ppc64
For Linux on POWER 64-bit LE hosts:
$EGO_TOP/jre/3.3/linux-ppc64le
For Windows 64-bit hosts:
%SOAM_HOME%\..\jre\3.3
3. Uninstall the existing JRE for IBM Spectrum Symphony 7.1.2.
For Linux hosts:
Please query the existing jre package and uninstall it from the dbpath.
> rpm -qa --dbpath /tmp/rpm |grep egojre
egojre-1.8.0.3-408454.x86_64
> rpm -e egojre-1.8.0.3-408454.x86_64 --dbpath /tmp/rpm --nodeps
For Windows hosts:
You can use the Microsoft Windows "Add/Remove Programs" feature to uninstall the existing JRE package.
3.2 Installation steps
1. Log on to all hosts in the cluster and replace your current JRE folder with the downloaded ones in the following directory.
Note:
· For IBM Spectrum Symphony 7.1.2, use the JRE 8 rpm or msi packages to replace your original JRE.
· For Platform Symphony 7.1.1, use the JRE 8 packages to replace your original JRE.
· For Platform Symphony 7.1 Fix Pack 1, use the JRE 7 packages to replace your original JRE.
· For Platform Symphony 5.2, 6.1.0.1, and 6.1.1, use the JRE 6 packages to replace your original JRE.
JRE 8 packages:
symSetup_jre8sr3fp11_linux-64_build420845.tar.gz
symSetup_jre8sr3fp11_ppc64_build420845.tar.gz
symSetup_jre8sr3fp11_ppc64le_build420845.tar.gz
symSetup_jre8sr3fp11_win-x86_64_build420845.zip
JRE 7 packages:
symSetup_jre7sr9fp50_linux-64_build420845.tar.gz
symSetup_jre7sr9fp50_ppc64_build420845.tar.gz
symSetup_jre7sr9fp50_win-x86_64_build420845.zip
JRE 6 packages:
symSetup_jre6sr16fp30_linux-64_build420845.tar.gz
symSetup_jre6sr16fp30_ppc64_build420845.tar.gz
symSetup_jre6sr16fp30_win-x86_64_build420845.zip
The following steps use a Platform Symphony 7.1.1 cluster as an example:
For Linux 64-bit hosts:
> rm -rf $EGO_TOP/jre/3.3/linux-x86_64/*
> tar zxf symSetup_jre8sr3fp11_linux-64_build420845.tar.gz -C $EGO_TOP/jre/3.3/linux-x86_64
For Linux on POWER 64-bit host:
> rm -rf $EGO_TOP/jre/3.3/linux-ppc64/*
> tar zxf symSetup_jre8sr3fp11_ppc64_build420845.tar.gz -C $EGO_TOP/jre/3.3/linux-ppc64
For Linux on POWER 64-bit LE hosts:
> rm -rf $EGO_TOP/jre/3.3/linux-ppc64le/*
> tar zxf symSetup_jre8sr3fp11_ppc64le_build420845.tar.gz -C $EGO_TOP/jre/3.3/linux-ppc64le
For Windows 64-bit hosts:
> rd /S /Q "%SOAM_HOME%\..\jre\3.3"
> mkdir "%SOAM_HOME%\..\jre\3.3"
Then, extract the symSetup_jre8sr3fp11_win-x86_64_build420845.zip file to the %SOAM_HOME%\..\jre\3.3\ directory.
The following steps use an IBM Spectrum Symphony 7.1.2 cluster as an example:
For Linux 64-bit hosts:
The same dbpath and prefix must be used when installing IBM Spectrum Symphony 7.1.2:
> rpm –ivh --dbpath /tmp/rpm --prefix /opt/platform egojre-1.8.0.311.x86_64.rpm
For Linux on POWER 64-bit hosts:
The same dbpath and prefix must be used when installing IBM Spectrum Symphony 7.1.2:
> rpm –ivh --dbpath /tmp/rpm --prefix /opt/platform egojre-1.8.0.311.ppc64.rpm
For Linux on POWER 64-bit LE hosts:
The same dbpath and prefix must be used when installing IBM Spectrum Symphony 7.1.2:
> rpm –ivh --dbpath /tmp/rpm --prefix /opt/platform egojre-1.8.0.311.ppc64le.rpm
For Windows 64-bit hosts:
Copy the egojre-1.8.0.311.msi package to all hosts and double-click the msi package to run the installer.
3.3 After installation
1. Clean up the GUI work directory and the browser cache. Delete all subdirectories and files in this directory:
> rm -rf $EGO_TOP/gui/work/*
2. Start the cluster.
> source $EGO_TOP/cshrc.platform
> egosh ego start all
> soamcontrol app enable <AppName>
3.4 Uninstalling
1. Shut down the cluster.
Log on to the host as the cluster administrator and run:
> source $EGO_TOP/cshrc.platform
> egosh user logon -u Admin -x Admin
> soamcontrol app disable all
> egosh service stop all
> egosh ego shutdown all
2. Restore the backup files.
Log on to all hosts in the cluster and restore the backup JRE folder.
The following steps use a Platform Symphony 7.1.1 cluster as an example.
For Linux 64-bit hosts, the JRE folder is:
$EGO_TOP/jre/3.3/linux-x86_64
For Linux on POWER 64-bit hosts, the JRE folder is:
$EGO_TOP/jre/3.3/linux-ppc64
For Linux on POWER 64-bit LE hosts, the JRE folder is:
$EGO_TOP/jre/3.3/linux-ppc64le
For Windows 64-bit hosts, the JRE folder is:
%SOAM_HOME%\..\jre\3.3
The following steps use an IBM Spectrum Symphony 7.1.2 cluster as an example:
For Linux 64-bit hosts, first run:
> rpm -e egojre-1.8.0.311-420845.x86_64 --dbpath /tmp/rpm/ --nodeps
then reinstall the old JRE package by extracting the egojre rpm package from released bin package.
For Linux on POWER 64-bit LE hosts, first run:
> rpm -e egojre-1.8.0.311-420845.ppc64 --dbpath /tmp/rpm/ --nodeps
then reinstall the old JRE package by extracting the egojre rpm package from released bin package.
For Linux on POWER 64-bit LE hosts, first run:
> rpm -e egojre-1.8.0.311-420845.ppc64le --dbpath /tmp/rpm/ --nodeps
then reinstall the old JRE package by extracting the egojre rpm package from released bin package.
For Windows 64-bit hosts:
You can use the Microsoft Windows "Add/Remove Programs" feature to uninstall 1.8.0.311 JRE package.
Then reinstall the old JRE package by extracting the egojre msi package from released exe package.
3. Clean up the GUI work directory and the browser cache. Delete all subdirectories and files in this directory:
> rm -rf $EGO_TOP/gui/work/*
4. Start the cluster and enable the application.
> source $EGO_TOP/cshrc.platform
> egosh ego start all
> soamcontrol app enable <AppName>
4. List of files
egojre-1.8.0.311.x86_64.rpm
egojre-1.8.0.311.ppc64.rpm
egojre-1.8.0.311.ppc64le.rpm
egojre-1.8.0.311.msi
symSetup_jre6sr16fp30_linux-64_build420845.tar.gz
symSetup_jre6sr16fp30_ppc64_build420845.tar.gz
symSetup_jre6sr16fp30_win-x86_64_build420845.zip
symSetup_jre7sr9fp50_linux-64_build420845.tar.gz
symSetup_jre7sr9fp50_ppc64_build420845.tar.gz
symSetup_jre7sr9fp50_win-x86_64_build420845.zip
symSetup_jre8sr3fp11_linux-64_build420845.tar.gz
symSetup_jre8sr3fp11_ppc64_build420845.tar.gz
symSetup_jre8sr3fp11_ppc64le_build420845.tar.gz
symSetup_jre8sr3fp11_win-x86_64_build420845.zip
5. List of fixes
APAR: P101889
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
< 18 October 2016>: Original Version Published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1024457