IBM Support

IBM Tivoli Composite Application Manager for Transactions Response Time 7.4.0.1 Interim Fix 65 Readme

Fix Readme


Abstract

Readme file for: 7.4.0.1-TIV-CAMRT-IF0065
Product - Component Release: 7.4.0.1
Update Name: 7.4.0.1-TIV-CAMRT-IF0065
Fix ID: 7.4.0.1-TIV-CAMRT-AIX-IF0065, 7.4.0.1-TIV-CAMRT-LINUX-IF0065, 7.4.0.1-TIV-CAMRT-WINDOWS-IF0065
Publication Date: 18 Aug 2023
Last modified date: 18 Aug 2023
Description: This IFIX contains Java™ update for following PSIRTs:
PSIRT PVR0457807 for CVE-2022-40609
PSIRT PVR0432018 for CVE-2022-21426

Content

Download location
Prerequisites and co-requisites
Installing
Additional information
List of fixes


Download location

The following is list of components, platforms, and file names that apply to this readme file.
 

Fix Download for AIX

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  AIX  7.4.0.1-TIV-CAMRT-AIX-IF0065


Fix Download for Linux

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  Linux  7.4.0.1-TIV-CAMRT-LINUX-IF0065


Fix Download for Windows

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  Windows
 


Prerequisites and co-requisites

This upgrade for the Robotic Response Time agents, which is part of ITCAM for Transactions: Response Time, can be applied to the following base versions. It must be applied to a machine on which Robotic Response Time agent is being installed.

  • 7.4.0.1 - AIX, Linux, Windows
  • 7.4.0.2 - AIX, Linux, Windows
     
Notes:
  1. Supported base versions include interim fixes that were applied to 7.4.0.1 and 7.4.0.2 versions.
  2. This interim fix is a quarterly SDK update. The update replaces the Java SDK without changing the product version. This interim fix can be applied to versions 7.4.0.1 and 7.4.0.2.
 

This patch replaces the two JREs that were shipped with the Robotic Response Time (T6) agent, bringing them to the latest level.
This action remediates multiple security issues.

 

This patch is applicable to the following T6 agents:

  • Version 7.4.0.1
  • Version 7.4.0.2
  • Windows, AIX, and Linux platforms.
     

The T6's JREs are only used when Rational Performance Tester (RPT) scripts playback, thus JREs are not available on Solaris and HPUX (RPT playback is not supported on Solaris and HPUX). 7.4 agent needs to update Java 80 JREs. These variations are noted in the installation steps. Any customizations done to the existing JREs need to be preserved. Since these JREs are product-specific (that is, the JREs are used by the T6 agent only), there can be only one customization as instructed by IBM support to enable strong encryption by updating the JRE's encryption policy (see the technote in the Installing section).


This patch includes Java80 updates.  After the patch, the Java™ versions will be:
  • Java 8.0 SR08 FP06

Related material:
This interim fix is a cumulative Java upgrade for Java PSIRT. Updates implemented in the following releases are included in this upgrade.
  • 7.4.0.1 - IF0005
  • 7.4.0.1 - IF0007
  • 7.4.0.1 - IF0009
  • 7.4.0.1 - IF0012
  • 7.4.0.1 - IF0015
  • 7.4.0.1 - IF0018
  • 7.4.0.1 - IF0021
  • 7.4.0.1 - IF0024
  • 7.4.0.1 - IF0027
  • 7.4.0.1 - IF0030
  • 7.4.0.1 - IF0032
  • 7.4.0.1 - IF0033
  • 7.4.0.1 - IF0034
  • 7.4.0.1 - IF0039
  • 7.4.0.1 - IF0041
  • 7.4.0.1 - IF0047
  • 7.4.0.1 - IF0049
  • 7.4.0.1 - IF0050
  • 7.4.0.1 - IF0051
  • 7.4.0.1 - IF0052
  • 7.4.0.1 - IF0055
  • 7.4.0.1 - IF0056
  • 7.4.0.1 - IF0057
  • 7.4.0.1 - IF0058
  • 7.4.0.1 - IF0060
  • 7.4.0.1 - IF0063

 

Installation information

Before Installing

Validate pre-existing Java80 is older than ones delivered in this interim fix.
The RRT Agent's Javas are located at:

  • Windows:
    • Java80: $ITMHOME\tmaitm6\java80 - only in 7.4.0.1-IF8 and later
  • Unix:
    • Java80: $ITMHOME/tmaitm6/java80 - only in 7.4.0.1-IF8 and later

Check the versions, for example
C:\ibm\itm\TMAITM6> .\java80\jre\bin\java.exe -version

 
>java80\jre\bin>java -version
java version "1.8.0_351"
Java(TM) SE Runtime Environment (build 8.0.7.20 - pwi3280sr7fp20-20221020_01(SR7 FP20))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2016 x86-32-Bit 20220929_37824 (JIT enabled, AOT enabled)
OpenJ9   - 02180fe
OMR      - 48fc32a
IBM      - bf759bf)
JCL - 20220922_01 based on Oracle jdk8u351-b10


 

Installing

Note:

If you updated T6 JRE to use strong encryption, then you must manually back up the following policy files and copy them to the new JREs:
  • \lib\security\local_policy.jar
  • \lib\security\US_export_policy.jar
     
See technote - How to enable strong encryption > 128 bit
https://www.ibm.com/support/pages/node/85585
See technote - Does the RRT agent support TLS 1.1/1.2 and 256-bit ciphers?
https://www.ibm.com/support/pages/node/529695
 
  • Back up existing Java80
    1. Stop the T6 agent
    2. Backup the existing Java JREs, for example
      > On Windows - cd c:\IBM\ITM\tmaitm6\
      > On Linux or Unix - cd /opt/IBM/ITM/tmaitm6
      > move java80 java80.old - only in 7.4.0.1-IF8 and later.
  • Replace the JREs
    1. Extract the archive to the same directory, for example, after unarchiving your directory structure is:

      Windows - c:\IBM\ITM\TMAITM6>dir java*

      C:\IBM\ITM\TMAITM6>dir java*
       Volume in drive C has no label.
       Volume Serial Number is 48DC-C1ED

       Directory of C:\IBM\ITM\TMAITM6
      09/28/2022  03:34 PM    <DIR>          java60
      11/22/2022  04:38 PM    <DIR>          java70
      09/28/2022  03:34 PM    <DIR>          java70.old
      08/08/2023  03:32 PM    <DIR>          java80
      09/28/2022  04:31 PM    <DIR>          java80.old
                     0 File(s)              0 bytes
                     5 Dir(s)   7,748,349,952 bytes free


      Linux or Unix - /opt/IBM/ITM/tmaitm6>ls -dl java*
      ........
      drwxr-xr-x 4 root root 4096 Feb 2 01:10 java70
      drwxr-xr-x 4 root root 4096 Sep 19 14:20 java70.bak
      drwxr-xr-x 4 root root 4096 Aug 8 01:10 java80
      drwxr-xr-x 4 root root 4096 Sep 19 14:20 java80.bak

    2. If applicable, copy the following unrestricted policy files from the "java80.old" directories to the new "java80" directories:

      Windows:
      java80.old\lib\security\local_policy.jar to java80\lib\security
      java80.old\lib\security\US_export_policy.jar to java80\lib\security

      Linux or Unix:
      java80.bak/lib/security/local_policy.jar to java80/lib/security
      java80.bak/lib/security/US_export_policy.jar to java80/lib/security
       
  • Validate the updated JRE version
    1. Check version number of JRE 8.0, for example:
      >java80\jre\bin>java -version
      java version "1.8.0_371"
      Java(TM) SE Runtime Environment (build 8.0.8.6 - pwi3280sr8fp6-20230601_01(SR8 FP6))
      IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2016 x86-32-Bit 20230529_51985 (JIT enabled, AOT enabled)
      OpenJ9   - 884d27c
      OMR      - ce9522f
      IBM      - b7435ac)
      JCL - 20230329_01 based on Oracle jdk8u371-b11

  • Restart Agent and ensure Rational Performance Tester Script playback works.
  • (Optional) Delete the backup Java runtimes.
     

Additional information

The Secure Hash Algorithm 256(SHA256) checksums of the images are as follows:

7.4.0.1-TIV-CAMRT-AIX-IF0065.tar - daf6abdfa518691f76ef656fc013b122
7.4.0.1-TIV-CAMRT-Linux-IF0065.tar - 867dbb6b3312e95bc0d8fb5dfc66cb44
7.4.0.1-TIV-CAMRT-Windows-IF0065.zip - b1cf53d838c8239af8b78176b6348754


List of fixes

A) APAR Content:
N/A


B) Additional Non-APAR Defects:

Defect 32113: PSIRT PVR0457807 IBM Java for CVE-2022-40609

Defect 32111:  PSIRT PVR0432018 IBM Java XML vulnerability for CVE-2022-21426


C) Enhancements
N/A

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS5MD2","label":"Tivoli Composite Application Manager for Transactions"},"ARM Category":[{"code":"a8m500000008i3OAAQ","label":"ITCAM-for-Transactions-\u003ERobotic Response Time RRT"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]

Document Information

Modified date:
25 August 2023

UID

ibm17025362