IBM Support

IBM Tivoli Composite Application Manager for Transactions Response Time 7.4.0.1 Interim Fix 67 Readme

Fix Readme


Abstract

Readme file for: 7.4.0.1-TIV-CAMRT-IF0067
Product - Component Release: 7.4.0.1
Update Name: 7.4.0.1-TIV-CAMRT-IF0067
Fix ID: 7.4.0.1-TIV-CAMRT-AIX-IF0067, 7.4.0.1-TIV-CAMRT-LINUX-IF0067, 7.4.0.1-TIV-CAMRT-WINDOWS-IF0067
Publication Date: 17 May 2024
Last modified date: 17 May 2024
Description: This IFIX contains Java™ update for the following PSIRTs:
PSIRT PVR0460438 for CVE-2023-22045, CVE-2023-22049
PSIRT PVR0489276 for CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850

Content

Download location
Prerequisites and co-requisites
Installing
Additional information
List of fixes


Download location

The following is list of components, platforms, and file names that apply to this readme file.
 

Fix Download for AIX

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  AIX  7.4.0.1-TIV-CAMRT-AIX-IF0067


Fix Download for Linux

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  Linux  7.4.0.1-TIV-CAMRT-LINUX-IF0067


Fix Download for Windows

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  Windows
 


Prerequisites and co-requisites

This upgrade for the Robotic Response Time agents, which is part of ITCAM for Transactions: Response Time, can be applied to the following base versions. It must be applied to a machine on which Robotic Response Time agent is being installed.

  • 7.4.0.1 - AIX, Linux, Windows
  • 7.4.0.2 - AIX, Linux, Windows
     
Notes:
  1. Supported base versions include interim fixes that were applied to 7.4.0.1 and 7.4.0.2 versions.
  2. This interim fix is a quarterly SDK update. The update replaces the Java SDK without changing the product version. This interim fix can be applied to versions 7.4.0.1 and 7.4.0.2.
 

This patch replaces the JRE v8 that was shipped with the Robotic Response Time (T6) agent, bringing it to the latest level.
This action remediates multiple security issues.

 

This patch is applicable to the following T6 agents:

  • Version 7.4.0.1
  • Version 7.4.0.2
  • Windows, AIX, and Linux platforms.
     

The T6's JREs are only used when Rational Performance Tester (RPT) scripts playback, thus JREs are not available on Solaris and HPUX (RPT playback is not supported on Solaris and HPUX). 7.4 agent needs to update Java 80 JREs. These variations are noted in the installation steps. Any customizations done to the existing JREs need to be preserved. Since these JREs are product-specific (that is, the JREs are used by the T6 agent only), there can be only one customization as instructed by IBM support to enable strong encryption by updating the JRE's encryption policy (see the technote in the Installing section).


This patch includes Java80 updates.  After the patch, the Java™ versions will be:
  • Java 8.0 SR08 FP21

Related material:
This interim fix is a cumulative Java 8 upgrade for Java PSIRT. Java 8 Updates implemented in the following releases are included in this upgrade.
  • 7.4.0.1 - IF0005
  • 7.4.0.1 - IF0007
  • 7.4.0.1 - IF0009
  • 7.4.0.1 - IF0012
  • 7.4.0.1 - IF0015
  • 7.4.0.1 - IF0018
  • 7.4.0.1 - IF0021
  • 7.4.0.1 - IF0024
  • 7.4.0.1 - IF0027
  • 7.4.0.1 - IF0030
  • 7.4.0.1 - IF0032
  • 7.4.0.1 - IF0033
  • 7.4.0.1 - IF0034
  • 7.4.0.1 - IF0039
  • 7.4.0.1 - IF0041
  • 7.4.0.1 - IF0047
  • 7.4.0.1 - IF0049
  • 7.4.0.1 - IF0050
  • 7.4.0.1 - IF0051
  • 7.4.0.1 - IF0052
  • 7.4.0.1 - IF0055
  • 7.4.0.1 - IF0056
  • 7.4.0.1 - IF0057
  • 7.4.0.1 - IF0058
  • 7.4.0.1 - IF0060
  • 7.4.0.1 - IF0063
  • 7.4.0.1 - IF0065
For Java7 upgrade (not included in this IFix), please use the latest IFix (IFix63) previously available, that is providing Java7 upgrade:

Installation information

Before Installing

Validate pre-existing Java80 is older than ones delivered in this interim fix.
The RRT Agent's Javas are located at:

  • Windows:
    • Java80: $ITMHOME\tmaitm6\java80 - only in 7.4.0.1-IF8 and later
  • Unix:
    • Java80: $ITMHOME/tmaitm6/java80 - only in 7.4.0.1-IF8 and later

Check the versions, for example
 
C:\IBM\ITM\TMAITM6\java80\jre\bin>java -version
java version "1.8.0_351"
Java(TM) SE Runtime Environment (build 8.0.7.20 - pwi3280sr7fp20-20221020_01(SR7 FP20))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2016 x86-32-Bit 20220929_37824 (JIT enabled, AOT enabled)
OpenJ9   - 02180fe
OMR      - 48fc32a
IBM      - bf759bf)
JCL - 20220922_01 based on Oracle jdk8u351-b10

 

Installing

Note:

If you updated T6 JRE to use strong encryption, then you must manually back up the following policy files and copy them to the new JREs:
  • \lib\security\local_policy.jar
  • \lib\security\US_export_policy.jar
     
See technote - How to enable strong encryption > 128 bit
https://www.ibm.com/support/pages/node/85585
See technote - Does the RRT agent support TLS 1.1/1.2 and 256-bit ciphers?
https://www.ibm.com/support/pages/node/529695
 
  • Back up existing Java80
    1. Stop the T6 agent
    2. Backup the existing Java JREs, for example
      > On Windows - cd c:\IBM\ITM\tmaitm6\
      > On Linux or Unix - cd /opt/IBM/ITM/tmaitm6
      > move java80 java80.old - only in 7.4.0.1-IF8 and later.
  • Replace the JREs
    1. Extract the archive to the same directory, for example, after unarchiving your directory structure is:

      Windows - C:\IBM\ITM\TMAITM6>dir java*

      C:\IBM\ITM\TMAITM6>dir java*
       Volume in drive C has no label.
       Volume Serial Number is 48DC-C1ED

       Directory of C:\IBM\ITM\TMAITM6
      09/28/2022  03:34 PM    <DIR>          java60
      11/22/2022  04:38 PM    <DIR>          java70
      09/28/2022  03:34 PM    <DIR>          java70.old
      04/17/2024  03:32 PM    <DIR>          java80
      04/18/2024  04:31 PM    <DIR>          java80.old
                     0 File(s)              0 bytes
                     5 Dir(s)   7,748,349,952 bytes free


      Linux or Unix - /opt/IBM/ITM/tmaitm6>ls -dl java*
      ........
      drwxr-xr-x 4 root root 4096 Feb 2 01:10 java70
      drwxr-xr-x 4 root root 4096 Sep 19 14:20 java70.bak
      drwxr-xr-x 4 root root 4096 Apr 18 01:10 java80
      drwxr-xr-x 4 root root 4096 Apr 19 14:20 java80.bak

    2. If applicable, copy the following unrestricted policy files from the "java80.old" directories to the new "java80" directories:

      Windows:
      java80.old\lib\security\local_policy.jar to java80\lib\security
      java80.old\lib\security\US_export_policy.jar to java80\lib\security

      Linux or Unix:
      java80.bak/lib/security/local_policy.jar to java80/lib/security
      java80.bak/lib/security/US_export_policy.jar to java80/lib/security
       
  • Validate the updated JRE version

    1. Check version number of JRE 8.0, for example:
      C:\IBM\ITM\TMAITM6\java80\jre\bin>java -version
       java version "1.8.0_401"
      Java(TM) SE Runtime Environment (build 8.0.8.21 - pwi3280sr8fp21-20240221_01(SR8 FP21))
      IBM J9 VM (build 2.9, JRE 1.8.0 Windows 11 x86-32-Bit 20240216_65882 (JIT enabled, AOT enabled)
      OpenJ9   - 6a2a245
      OMR      - 9440e34
      IBM      - 7394519)
      JCL - 20231221_01 based on Oracle jdk8u401-b10

  • Restart Agent and ensure Rational Performance Tester Script playback works.
  • (Optional) Delete the backup Java runtimes.
     

Additional information

The Secure Hash Algorithm 256(SHA256) checksums of the images are as follows:

7.4.0.1-TIV-CAMRT-AIX-IF0067.tar - 3d2233a3749abf13bc3b436ae616a2b0
7.4.0.1-TIV-CAMRT-Linux-IF0067.tar - c8b5c8a8863f4b4dc38ded7f09767686
7.4.0.1-TIV-CAMRT-Windows-IF0067.zip - 976f599c9c0930e1437b63034af515d6


List of fixes

A) APAR Content:
N/A


B) Additional Non-APAR Defects:

Defect 32142:  PSIRT PVR0460438 IBM Java for CVE-2023-22045, CVE-2023-22049

Defect 32143:  PSIRT PVR0489276 IBM Java for CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850


C) Enhancements
N/A

[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS5MD2","label":"Tivoli Composite Application Manager for Transactions"},"ARM Category":[{"code":"a8m500000008i3OAAQ","label":"ITCAM-for-Transactions-\u003ERobotic Response Time RRT"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]

Document Information

Modified date:
17 May 2024

UID

ibm17149565

Page Feedback