Security Bulletin
Summary
Java SE issues disclosed in the Oracle October 2016 Critical Patch Update was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC , and Spectrum Cluster Foundation
Vulnerability Details
CVEID: CVE-2016-5582DESCRIPTION: An unspecified vulnerability related to the VM component has high confidentiality impact, high integrity impact, and high availability impact.CVSS Base Score: 9.6CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118069 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5568DESCRIPTION: An unspecified vulnerability related to the AWT component has high confidentiality impact, high integrity impact, and high availability impact.CVSS Base Score: 9.6CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118068 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5556DESCRIPTION: An unspecified vulnerability related to the 2D component has high confidentiality impact, high integrity impact, and high availability impact.CVSS Base Score: 9.6CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118067 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5573DESCRIPTION: An unspecified vulnerability related to the VM component has high confidentiality impact, high integrity impact, and high availability impact.CVSS Base Score: 8.3CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118070 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5597DESCRIPTION: An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.CVSS Base Score: 5.9CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118071 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-5554DESCRIPTION: An unspecified vulnerability related to the JMX component has no confidentiality impact, low integrity impact, and no availability impact.CVSS Base Score: 4.3CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118072 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVEID: CVE-2016-5542DESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact.CVSS Base Score: 3.1CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118073 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected Products and Versions
Platform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1
Platform Cluster Manager Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1
Platform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1
Spectrum Cluster Foundation 4.2.2
Remediation/Fixes
See workarounds
Workarounds and Mitigations
Platform Cluster Manager 4.1.x & Platform HPC 4.1.x
1. Download IBM JRE 6.0 x86_64 from the following location: http://www.ibm.com/support/fixcentral. (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)
2. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.
3. If high availability is enabled, shutdown standby management node, in order to avoid triggering high availability.
4. On the management node, stop GUI and PERF services
HA disabled:# pmcadmin stop# perfadmin stop allHA enabled:# egosh user logon -u Admin -x Admin# egosh service stop all
5. On management node, extract new JRE files and replace some old folders with new ones.
# tar -zxvf ibm-java-jre-6.0-16.35-linux-x86_64.tgz# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old# cp -r ibm-java-x86_64-60/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/# cp -r ibm-java-x86_64-60/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/# cp -r ibm-java-x86_64-60/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/
6. On management node, start GUI and PERF services
HA disabled:# pmcadmin start# perfadmin start allHA enabled:# egosh user logon -u Admin -x Admin# egosh service start all
Platform Cluster Manager 4.2.x & Platform HPC 4.2.x & Spectrum Cluster Foundation 4.2.2
1. Download IBM JRE 7.0 x86_64 from the following location: http://www.ibm.com/support/fixcentral. (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)
2. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.
3. If high availability is enabled, shutdown standby management node, in order to avoid triggering high availability.
4. On the management node, stop GUI and PERF services
# pcmadmin service stop --group ALL
5. On management node, extract new JRE files and replace some old folders with new ones.
# tar -zxvf ibm-java-jre-7.0-9.60-linux-x86_64.tgz# mv /opt/pcm/jre/bin /opt/pcm/jre/bin-old# mv /opt/pcm/jre/lib /opt/pcm/jre/lib-old# mv /opt/pcm/jre/plugin /opt/pcm/jre/plugin-old# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/jre/# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/jre/# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/jre/# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/
6. On management node, start GUI and PERF services
# pcmadmin service start --group ALL
7. If high availability is enabled, start up standby management node, and replace bin, lib, plugin folders under /opt/pcm/web-portal/jre/linux-x86_64, on standby management node.
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1024534