Upgradation of JRE packaged by IBM Rational License Key Server and IBM Rational License Key Administrator

Content

JRE VULNERABILITY DETAILS:

A vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. The vulnerability ID is CVE-2011-3547.

AFFECTED PLATFORMS:

The list of platforms affected by this vulnerability is as follows.

AIX 5.1
AIX 5.2.*
AIX 5.3.*
AIX 6.1.*
HP-UX 11.0 PA-RISC
HP-UX 11i v1 PA-RISC
HP-UX 11i v2 IA64
HP-UX 11i v2 PA-RISC
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9
Solaris 10 SPARC
Solaris 8 x86-32
Solaris 9 x86-32
Windows 2000 SP4 Advanced Server/Server/Professional
Windows Server 2003 SP2 Enterprise/Standard x86-32
Windows Server 2003 SP2 Enterprise/Standard x86-64
Windows XP SP2 Professional x86-32
Windows Server 2008 Enterprise/Standard x86-32
Windows Server 2008 Enterprise/Standard x86-64
Windows Server 2008 R2 Enterprise x86-32
Windows Server 2008 R2 Enterprise x86-64
Windows Vista Business/Enterprise/Ultimate SP2 x86-32
Windows 7 Enterprise/Professional/Ultimate x86-32
Windows 7 Enterprise/Professional/Ultimate x86-64

Note:- All the versions of the License Server may not run on all of the above platforms.

REMEDIATION:

The recommended solution is to apply the iFixes provided by IBM as outlined here.

Vendor Fix(es):

For IBM RLKS 812 or RLKS 8.1.1 Users

An iFix is available to address this vulnerability. Links for downloading the fixes and the installation instructions are listed below.

RLKS 812 iFix 02
RLKS 811 iFix 06

How to install the iFixes

To install the Rational License Key Server fix on Windows platforms:
1. Download the Windows iFix.zip file.
2. Extract the compressed files to an appropriate directory.
3. Add the iFix repository location in Installation Manager as follows:

a) Launch IBM Installation Manager.
b) Click File->Preferences->Repositories.
c) Click Add Repository.
d) Browse to or enter the file path to the repository.config file. The repository.config file is located in the sub-directory "ifix" where you extracted the compressed files.

4. Stop the Rational License Key Server before installing the iFix.
Ensure the following processes are not running - lmgrd, lmutil, lmtools and ibmratl.
5. On the main page of Installation Manager click, Update.
6. Follow the instructions to install the iFix.
7. Start the Rational License Key Server.

To install the Rational License Key Server fix on Unix platforms:
1. Download the iFix.tar file for the platform.
2. Extract the iFix.tar: tar -xvf <iFix>.tar.
Use GNU tar for the extraction as the long names in the JRE directory cannot be handled by the native tars.
3. Go to the installation location of the license server.
4. Navigate to the config sub-folder.
5. Run the start_lmgrd_on_this_host script file with the stop option: ./start_lmgrd_on_this_host stop
6. The license server stops. To verify, run the command: ps -ef | grep lmgrd
7. Navigate to sub-directory <installation_directory>/base/cots/flexlm.11.8/<Platform>
8. Overwrite files in this directory with all the files from the iFix.
9. Navigate to the sub-directory <installation_directory>/config/jrexxx.<platform> or <installation_directory>/config/jre142.<platform>/jre. The JRE version can be either 1.4.2 or 1.5.0.
10. Delete the directories named "bin", "lib", "plugin" and "javaws" wherever applicable.
11. Copy the diretories named named "bin", "lib", "plugin" and "javaws" from the iFix wherever applicable.
12. Navigate to the sub-directory <installation_directory>/config/migrationutility.
13. Replace the file named "licmigrationutility.sh" from the iFix.
14. Go to the <installation_directory>/config/ directory.
15. Start the license server using the command: ./start_lmgrd_on_this_host start

Note:- The iFix can also be used as a complete, standalone installer on Unix platforms.

For IBM RLS 8.x, RLS 7.x and IBM Telelogic License Server 2.0 Users

There are no plans to release fixes for Rational License Server v8.x, v7.x and Telelogic License Server 2.0. IBM recommends all customers using these versions of license servers migrate to IBM Rational License Key server 8.1.2 and update the IBM Rational License Key server 8.1.2 with the fix for the security vulnerability described in this Technote.

Instructions on migrating to RLKS 8.1.2 are available through this Info Center Link.

Migration to RLKS 8.1.2

RLKS 8.1.2 can be downloaded from your Passport Advantage account or here

812 Download Link

Workaround(s):
None

REFERENCES:
More about the JRE security vulnerability can be read at CVE-2011-3547.

Other Fixes available in these iFixes:

RATLC01343154 - Expiration date error when importing licenses on Unix
RATLC01537384 - License import displays wrong information on Unix