Fix Readme
Abstract
Readme file for: 7.4.0.1-TIV-CAMRT-IF0057
Product - Component Release: 7.4.0.1
Update Name: 7.4.0.1-TIV-CAMRT-IF0057
Fix ID: 7.4.0.1-TIV-CAMRT-AIX-IF0057, 7.4.0.1-TIV-CAMRT-LINUX-IF0057, 7.4.0.1-TIV-CAMRT-WINDOWS-IF0057
Publication Date: 20 February 2022
Last modified date: 20 February 2022
Description: This interim fix contains Java update for IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035.
Content
Download location
Below is a list of components, platforms, and file names that apply to this readme file.
Fix Download for AIX
Product - Component Name: | Platform: | Fix: |
---|---|---|
Tivoli Composite Application Manager for Transactions | AIX | 7.4.0.1-TIV-CAMRT-AIX-IF0057 |
Fix Download for Linux
Product - Component Name: | Platform: | Fix: |
---|---|---|
Tivoli Composite Application Manager for Transactions | Linux | 7.4.0.1-TIV-CAMRT-LINUX-IF0057 |
Fix Download for Windows
Product - Component Name: | Platform: | Fix: |
---|---|---|
Tivoli Composite Application Manager for Transactions | Windows |
Prerequisites and co-requisites
This upgrade for the Robotic Response Time agents, which is part of ITCAM for Transactions: Response Time, might be applied to the following base versions. It must be applied to a machine on which Robotic Response Time agent has been installed.
- 7.4.0.1 - AIX, Linux, Windows
- 7.4.0.2 - AIX, Linux, Windows
- Supported base versions include interim fixes applied to any of the above release levels.
- This interim fix is a quarterly SDK update. The update replaces the Java SDK without changing the product version. This interim fix might be applied to versions 7.4.0.1 and 7.4.0.2.
This patch replaces the two JREs shipped with the Robotic Response Time (T6) agent, bringing them to the latest level. This remediates multiple security issues.
This patch is applicable for T6 agents:
- Version 7.4.0.1
- Version 7.4.0.2
- Windows, AIX, and Linux platforms.
The T6's JREs are only used when playing back Rational Performance Tester (RPT) scripts, thus not available on Solaris and HPUX (RPT playback is not supported on Solaris and HPUX). 7.4 agent needs to update Java 80 and Java 70 JREs. These variations are noted in the installation steps below. Any customizations done to the existing JREs need to be preserved. Since these JREs are product-specific (ie only used by the T6 agent), there can only be at most one customization as instructed by IBM support, which is to enable strong encryption by updating the JRE's encryption policy (see technote in Installing).
This patch only includes Java70 and Java80 updates. After the patch, the Java versions will be:
- Java 7.0 SR11
- Java 8.0 SR07
Related material:
This interim fix is a cumulative Java upgrade for Java PSIRT. Updates in these releases are included in this upgrade.
- 7.4.0.1 - IF0005
- 7.4.0.1 - IF0007
- 7.4.0.1 - IF0009
- 7.4.0.1 - IF0012
- 7.4.0.1 - IF0015
- 7.4.0.1 - IF0018
- 7.4.0.1 - IF0021
- 7.4.0.1 - IF0024
- 7.4.0.1 - IF0027
- 7.4.0.1 - IF0030
- 7.4.0.1 - IF0032
- 7.4.0.1 - IF0033
- 7.4.0.1 - IF0034
- 7.4.0.1 - IF0039
- 7.4.0.1 - IF0041
- 7.4.0.1 - IF0047
- 7.4.0.1 - IF0049
- 7.4.0.1 - IF0050
- 7.4.0.1 - IF0051
- 7.4.0.1 - IF0052
- 7.4.0.1 - IF0055
- 7.4.0.1 - IF0056
IBM Java SDK Security Bulletin
https://www.ibm.com/support/pages/node/6522860
Installation information
Before Installing
Validate pre-existing Java70 and Java80 are older than ones delivered in this interim fix.
The RRT Agent's Javas are located in
- Windows:
- Java70: $ITMHOME\tmaitm6\java70
- Java80: $ITMHOME\tmaitm6\java80 - only in 7.4.0.1-IF8 and later
- Unix:
- Java70: $ITMHOME/tmaitm6/java70
- Java80: $ITMHOME/tmaitm6/java80 - only in 7.4.0.1-IF8 and later
Check the versions, for example
C:\ibm\itm\TMAITM6> .\java80\jre\bin\java.exe -version
Java version "1.8.0_151"
Java(TM) SE Runtime Environment (build 8.0.5.7 - pwi3280sr5fp7-20171216_01(SR5 FP7)) IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2008 R2 x86-32 20171215_373586 (JIT enabled, AOT enabled)
OpenJ9 - 5aa401f
OMR - 101e793
IBM - b4a79bf)
JCL - 20171214_01 based on Oracle jdk8u151-b12
Installing
Notes
- If you have updated the T6 JRE to use strong encryption, you must manually back up the policy files and copy them to the new JREs. The two files are:
- \lib\security\local_policy.jar
- \lib\security\US_export_policy.jar
https://www.ibm.com/support/pages/node/85585
See technote - Does the RRT agent support TLS 1.1/1.2 and 256-bit ciphers?
https://www.ibm.com/support/pages/node/529695
- Back up existing Java70 and Java80
- Stop the T6 agent
- Backup existing Java JREs, for example
> On Windows - cd c:\IBM\ITM\tmaitm6\
> On Linux or Unix - cd /opt/IBM/ITM/tmaitm6
> move java70 java70.old
> move java80 java80.old - only in 7.4.0.1-IF8 and later.
- Replace the JREs
- Unzip/Untar the archive to the same directory, for example, after unarchiving your directory structure is:
Windows - c:\IBM\ITM\TMAITM6>dir java*Volume in drive C has no label.
Volume Serial Number is 44AB-01FC
Directory of c:\IBM\ITM\TMAITM6
........
29/05/2013 02:04 PM <DIR> java70
13/02/2013 02:14 PM <DIR> java70.old
28/08/2016 07:08 PM <DIR> java80
28/08/2016 07:17 PM <DIR> java80.old0 File(s) 0 bytes
4 Dir(s) 40,808,731,648 bytes free
Linux or Unix - /opt/IBM/ITM/tmaitm6>ls -dl java*........
drwxr-xr-x 4 root root 4096 Feb 2 01:10 java70
drwxr-xr-x 4 root root 4096 Sep 19 14:20 java70.bak
drwxr-xr-x 4 root root 4096 Feb 2 01:10 java80
drwxr-xr-x 4 root root 4096 Sep 19 14:20 java80.bak - If applicable, copy the following unrestricted policy files from the "java70.old" and "java80.old" directories to the new "java70" and "java80" directories:
Windows:java70.old\lib\security\local_policy.jar to java70\lib\security
java70.old\lib\security\US_export_policy.jar to java70\lib\security
java80.old\lib\security\local_policy.jar to java80\lib\security
java80.old\lib\security\US_export_policy.jar to java80\lib\security
Linux or Unix:java70.bak/lib/security/local_policy.jar to java70/lib/security
java70.bak/lib/security/US_export_policy.jar to java70/lib/security
java80.bak/lib/security/local_policy.jar to java80/lib/security
java80.bak/lib/security/US_export_policy.jar to java80/lib/security
- Unzip/Untar the archive to the same directory, for example, after unarchiving your directory structure is:
- Validate the updated JRE version/function
- Check version number of JRE 7.0, for example
>java70\jre\bin>java -version
java version "1.7.0"
Java(TM) SE Runtime Environment (build pwi3270sr11-20211006_01(SR11))
IBM J9 VM (build 2.6, JRE 1.7.0 Windows Server 2016 x86-32 20211005_014446 (JIT enabled, AOT enabled)
J9VM - R26_Java726_SR11_20211005_1445_B14446
JIT - r11_20211005_14446
GC - R26_Java726_SR11_20211005_1445_B14446
J9CL - 20211005_14446)
JCL - 20210923_01 based on Oracle jdk7u321-b08 >java80\jre\bin>java -version
java version "1.8.0_311"
Java(TM) SE Runtime Environment (build 8.0.7.0 - pwi3280sr7-20211025_01(SR7))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2019 x86-32-Bit 20211022_15212 (JIT enabled, AOT enabled)
OpenJ9 - 6abb372
OMR - b898db9
IBM - 2f2c48b)
JCL - 20210930_01 based on Oracle jdk8u311-b11
- Check version number of JRE 7.0, for example
- Restart Agent and ensure Rational Performance Tester Script playback works.
- (Optional) Delete the backup Java runtimes.
Additional information
The Secure Hash Algorithm 256(SHA256) checksums of the images are as follows:
7.4.0.1-TIV-CAMRT-AIX-IF0057.tar - C09396C0F84E49026BE80909E59ECE054FDC912B12671126312F2F0C4431E515
7.4.0.1-TIV-CAMRT-Linux-IF0057.tar - D6429F9B97239C1A53F71B2C3BB2C18660523A0D5C1799123E8B8497B409A564
7.4.0.1-TIV-CAMRT-Windows-IF0057.zip - F4B8C565E21AFF8FB134ECFAD04310179F3C99D26A63D3F98E1B0000BABC6912
List of fixes
A) APAR Content:
N/A
B) Additional Non-APAR Defects:
Defect 31977: PSIRT PVR0308418 IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035
C) Enhancements
N/A
Document change history
Version | Date | Description of change |
1.0 | 26 Feb 2022 | Initial Version |
Was this topic helpful?
Document Information
Modified date:
21 February 2022
UID
ibm16556426