Download
Abstract
UPGRADING SDI JRE TO 8.0 SERVICE REFRESH 5 BECAUSE OF MULTIPLE VULNERABILITIES
Download Description
+-----------------------------------------------------+
Interim Fix 7.2.0-ISS-SDI-LA0016 README
Security Directory Integrator 7.2.0 ( Also applicable to Tivoli Directory Integrator 7.1.1 )
LA Interim Fix 16
(All platforms)
JRE Level: Java 8 Service Refresh 5
Date: Nov 2017
+-----------------------------------------------------+
COPYRIGHT STATEMENT
====================
Nov 2017
References in this publication to IBM products, programs, or services do
not imply that IBM intends to make these available in all countries in
which IBM operates. Any reference to an IBM program product in this
publication is not intended to state or imply that only IBM's program
product may be used. Any functionally equivalent program may be used
instead.
IBM is a trademark of the International Business Machines Corporation.
Copyright International Business Machines Corporation 2017. All rights
Reserved.
Fix For
========
APAR - NA
PMR - NA
General Description:
====================
Upgrading to Java 8 SR 5 because of multiple Java vulnerabilities.
Details:
========
This Limited Availability Interim Fix contains JRE fix for multiple vulnerabilities.
Refer link for details :- http://www-01.ibm.com/support/docview.wss?uid=swg22009492
Prerequisites:
==============
Tivoli Directory Integrator v7.2.0 with or without any fix pack must be installed.
Tivoli Directory Integrator v7.1.1 with or without any fix pack must be installed.
Platforms:
==========
All supported Platforms
Downloading the Fix:
====================
- Under the Download options section, Click on the "Change Download options" link.
- Set the "Include prerequisites and co-requisite fixes (you can select the ones you need later)" checkbox to true.
Applying the Fix:
=================
- Shutdown SDI.
- Unzip the fix package to a temporary directory. The LA contains platform specific JRE's, copy the .zip or the .tar.gz to respective platforms.
- Extract the .zip /.tar.gz files into temp directory.
- Backup/rename the existing <SDI_Install_Dir\jvm\jre directory.
- Copy the <temp directory>\<extracted_jvm_dir>\jre directory and content as a sub-directory to the <SDI_Install_Dir>\jvm directory.
- Apply command 'chmod -R 755 jre' for non windows platform.
Changes to the Java policy file for Derby server to start
================================================
- Derby server does not start as the new JVM does not grant permissions by default.
- Resolve by using either option:
* To give all permissions to all files in the TDI install dir, add the following in the
// Standard extensions get all permissions by default
<TDI_Install_dir>\jvm\jre\lib\security\java.policy
grant codeBase "file:/<TDI_Install_dir>/-" {
permission java.security.AllPermission;
};
Note : The ending minus, "-", in the path. It means that all files in all folders, recursively, under the TDI install dir will be given this permission.
* To give permission to derby port to listen, add the following line in the
// allows anyone to listen on un-privileged ports
<TDI_Install_dir>\jvm\jre\lib\security\java.policy , under the default permissions granted to all
domains section.
permission java.net.SocketPermission "localhost:<port number>-", "listen";
For example : permission java.net.SocketPermission "localhost:1527-", "listen";
Note: 1527 is the derby port in this example.
Refer the adjacent link for additional information. http://www-01.ibm.com/support/docview.wss?uid=swg21450475
Confirming the Fix has been applied successfully:
=================================================
JAVA vulnerability will be resolved.
Prerequisites
Refer to 7.2.0-ISS-SDI-LA0016-README.txt for details
Product Synonym
TDI SDI
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24044211