IBM Support

7.2.0-ISS-SDI-LA0005

Download


Abstract

UPGRADING SDI JRE TO JAVA 1.7 SR8 FP 10 BECAUSE OF JAVA FREAK VULNERABILITY AND APAR IV66462

Download Description

+-----------------------------------------------------+
Interim Fix 7.2.0-ISS-SDI-LA0005 README
Security Directory Integrator 7.2.0 (Also applicable to TDI 7.1.1 release)
LA Interim Fix 5
(All platforms)
JRE Level: Java 1.7 SR08 FP 10 + FREAK iFix.
Date: April 2015
+-----------------------------------------------------+

COPYRIGHT STATEMENT
====================
April 2015

References in this publication to IBM products, programs, or services do
not imply that IBM intends to make these available in all countries in
which IBM operates. Any reference to an IBM program product in this
publication is not intended to state or imply that only IBM's program
product may be used. Any functionally equivalent program may be used
instead.

IBM is a trademark of the International Business Machines Corporation.

Copyright International Business Machines Corporation 2015. All rights
Reserved.

Fix For
========

APAR - NA
PMR - NA


General Description:
====================
UPGRADING SDI JRE TO JAVA 1.7 SR8 FP 10 BECAUSE OF JAVA FREAK VULNERABILITY AND APAR IV66462.

Details:
========
This Limited Availability Interim Fix contains JRE fix for Java FREAK and IV66462.

CVE-2015-0138 : Java Freak Vulnerability details
A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections.
An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite.
This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.
This vulnerability is also known as the FREAK attack


IV66462 : JAVA.LANG.ARRAYINDEXOUTOFBOUNDSEXCEPTION WHILE ITERATING THROUGH THE EMPTY JAVA.UTIL.HASHTABLE AFTER DE-SERIALIZATION
When ISIM adapters upgraded their JRE, the issue reported in this Java APAR caused some ISIM adapters to break down.
Refer link for details :- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66462

Prerequisites:
==============
Security Directory Integrator v7.2.0 along with 7.2.0-ISS-SDI-FP0002 should be applied.
Tivoli Directory Integrator v7.1.1 along with 7.1.1-TIV-TDI-FP0004 should be applied.


Platforms:
==========
All supported Platforms

Downloading the Fix:
====================
- Under the Download options section, Click on the "Change Download Options" link.
- Set the "Include prerequisites and co-requisite fixes (you can select the ones you need later)" checkbox to true.

Applying the Fix:
=================
- Shutdown SDI.

- Unzip the fix package to a temporary directory. The LA contains platform specific JRE's, copy the .zip or the .tar.gz to respective platforms.

- Extract the .zip /.tar.gz files.

- Copy the jre dir from the extracted .zip / .tar.gz into a dir called jvm.

- Backup the older JVM dir under <SDI_Install_Dir\jvm>. For this, rename the older dir by changing its name to anything other than JVM.

- Replace the existing JVM dir which was backed up earlier with the fix files ( newly created JVM folder ).

- Apply command 'chmod -R 755 JVM' under JVM dir for non windows platform.


Confirming the Fix has been applied successfully:
=================================================
JAVA FREAK vulnerability will be resolved.
ISIM Adapters will work properly.

Prerequisites

Security Directory Integrator v7.2.0 along with 7.2.0-ISS-SDI-FP0002 should be applied.
Tivoli Directory Integrator v7.1.1 along with 7.1.1-TIV-TDI-FP0004 should be applied.

Installation Instructions

Refer to 7.2.0-ISS-SDI-LA0005_README.txt for details

On
[{"DNLabel":"7.2.0-ISS-SDI-LA0005","DNDate":"1 Apr 2015","DNLang":"English","DNSize":"3502","DNPlat":{"label":"All Platforms","code":""},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FSecurity+Directory+Integrator&fixids=7.2.0-ISS-SDI-LA0005-JAVA-FREAK&source=SAR","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSCQGF","label":"Tivoli Directory Integrator"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.1;7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

SDI TDI ITDI IDI

Document Information

Modified date:
15 June 2018

UID

swg24039734