7.1.1-TIV-TDI-LA0036

Download Description

+-----------------------------------------------------+
Interim Fix 7.1.1-TIV-TDI-LA0036 README
Security Directory Integrator 7.1.1 ( Also applicable to Security Directory Integrator 7.2.0 and Tivoli Directory Integrator 7.1.0 )
LA Interim Fix 36
(All platforms)
JRE Level: Java 7 Service Refresh 10 Fix pack 10
Date: Nov 2017
+-----------------------------------------------------+

COPYRIGHT STATEMENT
====================
Nov 2017

References in this publication to IBM products, programs, or services do
not imply that IBM intends to make these available in all countries in
which IBM operates. Any reference to an IBM program product in this
publication is not intended to state or imply that only IBM's program
product may be used. Any functionally equivalent program may be used
instead.

IBM is a trademark of the International Business Machines Corporation.

Copyright International Business Machines Corporation 2017. All rights
Reserved.

Fix For
========

APAR - NA
PMR - NA


General Description:
====================
Upgrading to Java 7 Service Refresh 10 Fix pack 10 because of multiple Java vulnerabilities.

Details:
========
This Limited Availability Interim Fix contains JRE fix for multiple vulnerabilities.

Refer link for details :- http://www-01.ibm.com/support/docview.wss?uid=swg22009492



Prerequisites:
==============
Security Directory Integrator v7.2.0 with or without any fix pack must be installed.
Tivoli Directory Integrator v7.1.1 with or without any fix pack must be installed.
Tivoli Directory Integrator v7.1.0 with or without any fix pack must be installed.


Platforms:
==========
All supported Platforms


Downloading the Fix:
====================
- Under the Download options section, Click on the "Change Download options" link.
- Set the "Include prerequisites and co-requisite fixes (you can select the ones you need later)" checkbox to true.



Applying the Fix:
=================
- Shutdown TDI.

- Unzip the fix package to a temporary directory. The LA contains platform specific JRE's, copy the .zip or the .tar.gz to respective platforms.

- Extract the .zip /.tar.gz files into temp directory.

- Backup/rename the existing <TDI_Install_Dir\jvm\jre directory.

- Copy the <temp directory>\<extracted_jvm_dir>\jre directory and content as a sub-directory to the <TDI_Install_Dir>\jvm directory.

- Apply command 'chmod -R 755 jre' for non windows platform.


Changes to the Java policy file for Derby server to start
================================================
- Derby server does not start as the new JVM does not grant permissions by default.

- Resolve by using either option:

* To give all permissions to all files in the TDI install dir, add the following in the

// Standard extensions get all permissions by default
<TDI_Install_dir>\jvm\jre\lib\security\java.policy

grant codeBase "file:/<TDI_Install_dir>/-" {
permission java.security.AllPermission;
};

Note : The ending minus, "-", in the path. It means that all files in all folders, recursively, under the TDI install dir will be given this permission.

* To give permission to derby port to listen, add the following line in the

// allows anyone to listen on un-privileged ports
<TDI_Install_dir>\jvm\jre\lib\security\java.policy , under the default permissions granted to all domains section.

permission java.net.SocketPermission "localhost:<port number>-", "listen";

For example : permission java.net.SocketPermission "localhost:1527-", "listen";
Note: 1527 is the derby port in this example.


Refer the adjacent link for additional information. http://www-01.ibm.com/support/docview.wss?uid=swg21450475


Confirming the Fix has been applied successfully:
=================================================
JAVA vulnerability will be resolved.