Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU

Remediation/Fixes

In order to fix this vulnerability, java is to be upgraded to 8.0.6.35 for TADDM versions 7.3.0.5 - 7.3.0.8 or to 7.0.10.90 for TADDM versions 7.3.0.3 - 7.3.0.4.

Check java version installed on TADDM servers using the below command:

$COLLATION_HOME/external/<jdk- folder according to OS>/bin/java -version

• For TADDM 7.3.0.5 - 7.3.0.8 (JAVA 8), if the above command output contains "SR6 FP10" or "8.0.6.10" or Higher as build in Java(TM) SE Runtime Environment information, apply efix for the new IBM SDK only, efix_jdk8.0.6.35_FP8201126.zip given in Table-1 below.
• For TADDM 7.3.0.3 - 7.3.0.4 (JAVA 7), if the above command output contains "SR10 FP65" or "7.0.10.65" or Higher as build in Java(TM) SE Runtime Environment information, apply efix for the new IBM SDK only, efix_jdk7.0.10.90_FP420171214.zip given in Table-1 below.
• For all other cases,

          The remediation consists of 2 steps:

1. Please contact IBM Support and open a case for a custom version of eFix "customJDK8.0.6.10" as this efix involves TADDM code changes. Include the current eFix level (ls -rlt etc/efix*), TADDM version and a link to this bulletin.
2. Alongwith the above efix, apply efix for the new IBM SDK as per TADDM version given in table below.

Table-1:

Please get familiar with the eFix readme in etc/efix_readme.txt. These fixes for the respective FixPack(s) can be downloaded and applied directly.

Table-2:

Below are the JREs :