10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
The Java vulnerabilities identified in the April 2013 Oracle Java security alert need to be fixed in IBM Intelligent Operations Center 1.5. The procedures in this security bulletin identify appropriate IBM patches for these Java vulnerabilities and directs how to apply them. No reference to other IBM product update pages should be necessary.
Vulnerability details
The following vulnerabilities are fixed by the instructions in this security bulletin.
CVE ID | DESCRIPTION |
---|---|
CVE-2013-2422 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83570 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
CVE-2013-2435 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83563 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
CVE-2013-2432 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83559 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
CVE-2013-2431 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83564 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. |
CVE-2013-1557 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83572 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors. |
CVE-2013-1537 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83571 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI . |
CVE-2013-1558 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83561 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. |
CVE-2013-2440 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83562 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
CVE-2013-1518 | |
CVSS Base Score: 10 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83566 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. |
CVE-2013-0401 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82823 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | The JRE component allows remote attackers to execute arbitrary code via vectors related to AWT. |
CVE-2013-1488 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82821 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | The JRE component allows remote attackers to execute arbitrary code via unspecified vectors involving reflection and Libraries. |
CVE-2013-1491 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82820 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | The JRE component allows remote attackers to execute arbitrary code via vectors related to 2D. |
CVE-2013-1569 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83557 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
CVE-2013-2384 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83556 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
CVE-2013-2383 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83555 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
CVE-2013-2394 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83576 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
CVE-2013-2419 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83581 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect availability via unknown vectors related to 2D. |
CVE-2013-2420 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83560 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
CVE-2013-2421 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83573 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. |
CVE-2013-2423 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83591 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to HotSpot. |
CVE-2013-2426 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83574 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
CVE-2013-2428 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83568 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. |
CVE-2013-2434 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83558 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
CVE-2013-2436 | |
CVSS Base Score: 9.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83575 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
CVE-2013-2429 | |
CVSS Base Score: 7.6 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83578 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO |
CVE-2013-2430 | |
CVSS Base Score: 7.6 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83577 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. |
CVE-2013-1563 | |
CVSS Base Score: 7.6 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83579 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. |
CVE-2013-2438 | |
CVSS Base Score: 5 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83585 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to JavaFX. |
CVE-2013-2424 | |
CVSS Base Score: 5 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83582 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JMX. |
CVE-2013-2417 | |
CVSS Base Score: 5 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83586 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P | Unspecified vulnerability in the JRE component allows remote attackers to affect availability via unknown vectors related to Networking. |
CVE-2013-2418 | |
CVSS Base Score: 4.6 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83587 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P | Unspecified vulnerability in the JRE component allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
CVE-2013-1540 | |
CVSS Base Score: 4.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83590 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment. |
CVE-2013-2433 | |
CVSS Base Score: 4.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83589 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment. |
CVE-2013-2416 | |
CVSS Base Score: 4.3 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83588 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment. |
CVE-2013-2415 | |
CVSS Base Score: 2.1 | |
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83592 | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows local users to affect confidentiality via vectors related to JAX-WS. |
_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _
_Note: _According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Assumptions
These procedures assume some familiarity with Linux usage. A user may wish to deviate from some of the steps, such as putting files in different places, depending on local conventions. In this document, it is assumed that patches are downloaded to the Intelligent Operations Center installation server and then distributed from there. An IBM ID is required to download the packages.
It is also assumed that the hostnames of the Intelligent Operations Center servers are as follows. If they are different for your installation, change the values as appropriate for your installation.
Database server: ioc15db
Application server: ioc15app
Event server: ioc15event
Management server: ioc15mgmt
All the steps should be run as the root
user unless otherwise noted. The Administrator might wish to temporarily enable remote root login, which is disabled by cyber hygiene. See Re-enabling remote root log on. in the product documentation.
Stop all IBM Intelligent Operations Center services
Stop all IBM Intelligent Operations Center services by running the following on the management server:
su – ibmadmin
/opt/IBM/ISP/mgmt/scripts/IOCControl.sh stop all ``_<IOCControl_password>_
exit
Install IBM Update Installer for WebSphere V7.0.0.29
The Update Installer installs updates to IBM WebSphere software. This patch updates the Update Installer first, on the three Intelligent Operations Center servers that have it installed. You can use any server to download the patches, but this document assumes that the installation server is used to download any of the files used to update.
1. Log on to the installation server as the root
user.
2. Download the 7.0.0.29-WS-UPDI-LinuxAMD64.tar.gz package.
3. Choose Save File when prompted in /root/Downloads
4. Move the file to a staging area for patches. For example a directory for this Technote for Java April 2013 patches by running the following commands
`mkdir -p /root/Downloads/TN_Java_4-2013_WAS_Update_Installer
mv /root/Downloads/7.0.0.29-WS-UPDI-LinuxAMD64.tar.gz /root/Downloads/TN_Java_4-2013_WAS_Update_Installer
cd /root/Downloads/TN_Java_4-2013_WAS_Update_Installer
`
5. Copy the file to the application, event, and management servers by running the following commands.
sftp ioc15app
Enter “yes” to continue with connecting if prompted
Enter the root password for the server
`put 7.0.0.29-WS-UPDI-LinuxAMD64.tar.gz
quit
sftp ioc15`event
Enter “yes” to continue with connecting if prompted
Enter the root password for the server
`put 7.0.0.29-WS-UPDI-LinuxAMD64.tar.gz
quit
sftp ioc15mgmt`
Enter “yes” to continue with connecting if prompted
Enter the root password for the server
`put 7.0.0.29-WS-UPDI-LinuxAMD64.tar.gz
quit
`
6. Install the update installer package on the application server, event server, and management server by doing the following steps on each server.
g. Using the graphical desktop, log on as the root user.
h. Run the following commands:
`mkdir -p /root/Downloads/TN_Java_4-2013_WAS_Update_Installer
mv /root/7.0.0.29-WS-UPDI-LinuxAMD64.tar.gz /root/Downloads/TN_Java_4-2013_WAS_Update_Installer
cd /root/Downloads/TN_Java_4-2013_WAS_Update_Installer
tar -zxvf 7.0.0.29-WS-UPDI-LinuxAMD64.tar.gz
`
i. Install the update installer by running the following commands.
`cd /root/Downloads/TN_Java_4-2013_WAS_Update_Installer/UpdateInstaller
./install.sh
`
j. Do the following to install the update installer.
xi. Accept all defaults and click Next to go to the next screen.
xii. For the Software License Agreement" check I accept and clickNext.
xiii. After System Prerequisites Check Passed, click Next.
xiv. After Installed Locations Detected", “/opt/IBM/WebSphere/UpdateInstaller” is displayed, click Next.
xv. After Installation Complete Success is displayed, clear Launch IBM Update Installer for WebSphere Softwareand click Finish.
Download WebSphere Application Server version 7 fix pack 29 and related patches
Download the fix packs and related patches on the installation server and distribute to the appropriate servers.
1. Log on to the installation server as the root
user.
2. Download the fix pack for the application server
c. Download the 7.0.0-WS-WAS-LinuxX64-FP0000029.pak package.
d. Log on with your IBM ID and password, if required.
e. Choose Save File when prompted in /root/Downloads
f. Move the file to a staging area for patches.
`mkdir -p /root/Downloads/TN_Java_4-2013_WAS_7.0.0.29_Fix_Pack
mv /root/Downloads/2013_WAS_7.0.0.29_Fix_Pack /root/Downloads/TN_Java_4-2013_WAS_7.0.0.29_Fix_Pack`
7. Download the fix pack for the web server plug-ins.
h. Download the 7.0.0-WS-PLG-LinuxX64-FP0000029.pak package.
i. Choose Save File when prompted in /root/Downloads
j. Move the file to a staging area for patches.
mv /root/Downloads/7.0.0-WS-PLG-LinuxX64-FP0000029.pak /root/Downloads/TN_Java_4-2013_WAS_7.0.0.29_Fix_Pack
11. Download the fix pack for the IBM HTTP Server.
l. Download the 7.0.0-WS-IHS-LinuxX64-FP0000029.pak package.
m. Choose Save File when prompted in /root/Downloads
n. Move the file to a staging area for patches.
mv /root/Downloads/7.0.0-WS-IHS-LinuxX64-FP0000029.pak /root/Downloads/TN_Java_4-2013_WAS_7.0.0.29_Fix_Pack
15. Download the fix pack for the Java SDK.
p. Download the 7.0.0-WS-WASSDK-LinuxX64-FP0000029.pak package.
q. Choose Save File when prompted in /root/Downloads
r. Move the file to a staging area for patches.
mv /root/Downloads/7.0.0-WS-WASSDK-LinuxX64-FP0000029.pak /root/Downloads/TN_Java_4-2013_WAS_7.0.0.29_Fix_Pack
19. Download the fix pack for the DMZ Secure Proxy Server
t. Download the 7.0.0-WS-NDDMZ-LinuxX64-FP0000029.pak package.
u. Choose Save File when prompted in /root/Downloads
v. Move the file to a staging area for patches.
mv /root/Downloads/7.0.0-WS-NDDMZ-LinuxX64-FP0000029.pak /root/Downloads/TN_Java_4-2013_WAS_7.0.0.29_Fix_Pack
23. Copy the files to the application, event, and management servers by running the following commands.
cd /root/Downloads/TN_Java_4-2013_WAS_7.0.0.29_Fix_Pack `` sftp ioc15app
Enter “yes” to continue with connecting if prompted
Enter the root password for the server
`mput *.pak /opt/IBM/WebSphere/UpdateInstaller/maintenance
quit
sftp ioc15`event
Enter “yes” to continue with connecting if prompted
Enter the root password for the server
`mput *.pak /opt/IBM/WebSphere/UpdateInstaller/maintenance
quit
sftp ioc15mgmt`
Enter “yes” to continue with connecting if prompted
Enter the root password for the server
`mput *.pak /opt/IBM/WebSphere/UpdateInstaller/maintenance
quit`
Download WebSphere Application Server version 6.1 fix pack 47 and related patches
1. Download the 6.1.0-WS-WAS-LinuxX64-FP0000047.pak package
2. .Log on with your IBM ID and password, if required.
3. Choose Save File when prompted in /root/Downloads
4. Download the 6.1.0-WS-WASSDK-LinuxX64-FP0000047 package.
5. Choose Save File when prompted in /root/Downloads
6. Download the 6.1.0.0-WS-WASJavaSDK-Linux64-IFPM96452.pak package.
7. Choose Save File when prompted in /root/Downloads
8. Move the files to a staging area for patches.
`mkdir -p /root/Downloads/WAS_6.1_FixPack
mv /root/Downloads/*.pak /root/Downloads/WAS_6.1_FixPack
cd /root/Downloads/WAS_6.1_FixPack`
9. Move the files to the event server by running the following commands:
`sftp ioc15``event
``mput *.pak /opt/IBM/WebSphere/UpdateInstaller/maintenance
quit`
Use the WebSphere Update Installer installation wizard to update the application server
1. Run /opt/IBM/WebSphere/UpdateInstaller/update.sh
2. For Product Selection Directory Pathspecify ``/opt/IBM/HTTPServer/Plugins
3. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
`7.0.0-WS-WASSDK-LinuxX64-FP0000029.pak
7.0.0-WS-PLG-LinuxX64-FP0000029.pak`
4. On Installation Summary, select Verify my permission to perform the installation.
5. Continue through the installer until the maintenance package is updated.
6. Click Relaunch to restart the installer.
7. For Product Selection Directory Pathspecify /opt/IBM/HTTPServer
8. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
7.0.0-WS-IHS-LinuxX64-FP0000029.pak
9. On Installation Summary, select Verify my permission to perform the installation.
10. Continue through the installer until the maintenance package is updated.
11. Click Relaunch to restart the installer.
12. For Product Selection Directory Pathspecify /opt/IBM/AppServer
13. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
`77.0.0-WS-WAS-LinuxX64-FP0000029.pak
7.0.0-WS-WASSDK-LinuxX64-FP0000029.pak`
14. On Installation Summary, select Verify my permission to perform the installation.
15. Continue through the installer until the maintenance package is updated and click Finish.
16. Delete the /opt/IBM/WebSphere/wp_profile1/configuration/org.eclipse.osgi
folder.
Use the WebSphere Update Installer installation wizard to update the management server
1. Run /opt/IBM/WebSphere/UpdateInstaller/update.sh
2. For Product Selection Directory Pathspecify /opt/IBM/HTTPServer/Plugins
3. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
`7.0.0-WS-WASSDK-LinuxX64-FP0000029.pak
7.0.0-WS-PLG-LinuxX64-FP0000029.pak`
4. On Installation Summary, select Verify my permission to perform the installation.
5. Continue through the installer until the maintenance package is updated.
6. Click Relaunch to restart the installer.
7. For Product Selection Directory Pathspecify /opt/IBM/HTTPServer
8. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
7.0.0-WS-IHS-LinuxX64-FP0000029.pak
9. On Installation Summary, select Verify my permission to perform the installation.
10. Continue through the installer until the maintenance package is updated.
11. Click Relaunch to restart the installer.
12. For Product Selection Directory Pathspecify /opt/IBM/AppServer
13. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
`77.0.0-WS-WAS-LinuxX64-FP0000029.pak
7.0.0-WS-WASSDK-LinuxX64-FP0000029.pak`
14. On Installation Summary, select Verify my permission to perform the installation.
15. Continue through the installer until the maintenance package is updated and click Finish.
16. Reset the ownership of files using the following command:
chown -R ibmadmin:ibmadmins /opt/IBM/WebSphere/AppServer/profiles/*
Use the WebSphere Update Installer installation wizard to update the event server
1. Run /opt/IBM/WebSphere/UpdateInstaller/update.sh
2. For Product Selection Directory Pathspecify /opt/IBM/HTTPServer/Plugins
3. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
`7.0.0-WS-WASSDK-LinuxX64-FP0000029.pak
7.0.0-WS-PLG-LinuxX64-FP0000029.pak`
4. On Installation Summary, select Verify my permission to perform the installation.
5. Continue through the installer until the maintenance package is updated.
6. Click Relaunch to restart the installer.
7. For Product Selection Directory Pathspecify /opt/IBM/HTTPServer
8. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
7.0.0-WS-IHS-LinuxX64-FP0000029.pak
9. On Installation Summary, select Verify my permission to perform the installation.
10. Continue through the installer until the maintenance package is updated .
11. Click Relaunch to restart the installer.
12. For Product Selection Directory Pathspecify /opt/IBM/AppServerV61
13. Continue through the installer selecting the defaults. For Available Maintenance Package to Install accept the following packages.
`6.1.0-WS-WASSDK-LinuxX64-FP0000047.pak
6.1.0-WS-WAS-LinuxX64-FP0000047.pak
6.1.0.0-WS-WASJavaSDK-LinuxX64-IFPM86452.pak
**IMPORTANT:**Do not select
7.0.0-WS-WAS-LinuxX64-FP0000029.pakor
7.0.0-WS-WASSDK-LinuxX64-FP0000029.pak` .
14. On Installation Summary, select Verify my permission to perform the installation.
15. Continue through the installer until the maintenance package is updated the click Finish .
Install Tivoli Access Manager for e-Business WebSEAL, Patch 6.1.1-ISS-AWS-FP0007
The data server and management server will be updated.
1. Log on to the installation server as the root
user.
2. Download the IBM Global Security Kit GSKit Version 7.0.4.42. package.
c. Enter an IBM ID and password.
d. Find the IBM Global Security Kit (GSKit V7.0.4.42) Version 7.0.4.42, All OS per ESD/PA Media Pks
package.
e. Click Continueand accept the license agreement.
f. Find the IBM Global Security Kit (GSKit V7.0.4.42) for Linux ia-32 gsk7bas-7.0-4.42.i386.rpm (4.2 mb)
package. The 32-bit version must be used regardless of system architecture.
g. Save the file to the /root/Downloads/gsk7bas-7.0-4.42.i386.rpm
directory.
h. Run the following command.
mkdir -p /root/Downloads/TN_Java_4-2013_TAM_for_eB_WebSEAL
i. Run the following command to move the file to a staging area:
mv /root/Downloads/gsk*.rpm /root/Downloads/TN_Java_4-2013_TAM_for_eB_WebSEAL
10. Download the TAM patches package.
k. Enter an IBM ID and password.
l. Download the following packages:
`6.1.1-ISS-AWS-FP0007-LIN.tar.Z
6.1.1-ISS-TAM-FP0007-LIN.tar.Z `
m. (Optional) Non-English customers should download the following International Language Pack update.
6.1.1.7-ISS-TAM-LANGPK.tar.Z
n. Save the files in the /root/Downloads/TN_Java_4-2013_TAM_for_eB_WebSEAL
directory.
15. Copy the GSKit and TAM patches to the database and management servers by running the following commands:
`Cd /root/Downloads/TN_Java_4-2013_TAM_for_eB_WebSEAL
sftp ioc15db
put gsk*.rpm
quit
sftp ioc15mgmt
put gsk*.rpm
mput ISS.Z
quit`
16. Log on to the database server as the root
user.
17. Update the IBM Global Security Toolkit (GSKit) to version 7.0.4.42.
r. Make sure the gsk7bas-7.0-4.42.i386.rpm
file is in /root/
directory.
s. Run rpm -U /root/gsk7bas-7.0-4.42.i386.rpm
20. Log on to the management server as the root
user.
21. Update the IBM Global Security Toolkit (GSKit) to version 7.0.4.42 before installing the Tivoli Access Manager packages.
v. Verify that the /root/gsk7bas-7.0-4.42.i386.rpm
file exists.
w. Run rpm -U /root/gsk7bas-7.0-4.42.i386.rpm
24. Apply the ISS-TAM-FP007 update.
y. Verify that the ``/root/6.1.1-ISS-TAM-FP0007-LIN.tar.Z
file exists.
z. Extract the archive files buy running the following commands:
`gzip -d /root/6.1.1-ISS-TAM-FP0007-LIN.tar.Z
tar xvf /root/6.1.1-ISS-TAM-FP0007-LIN.tar`
aa. Apply each rpm by running the following commands:
`rpm -U /root/PDAcld-PD-6.1.1-7.i386.rpm
rpm -U /root/PDAuthADK-PD-6.1.1-7.i386.rpm
rpm -U /root/PDJrte-PD-6.1.1-7.i386.rpm
rpm -U /root/PDMgr-PD-6.1.1-7.i386.rpm
rpm -U /root/PDMgrPrxy-PD-6.1.1-7.i386.rpm
rpm -U /root/PDRTE-PD-6.1.1-7.i386.rpm
rpm -U /root/PDWPM-PD-6.1.1-7.i386.rpm
rpm -U /root/TivSecUtl-TivSec-6.1.1-2.i386.rpm`
28. (Optional) Apply the downloaded patch 6.1.1.7-ISS-TAM-LANGPK.tar.Z
for non-English installations.
ac. Verify that the ``/root/6.1.1.7-ISS-TAM-LANGPK.tar.Z
file exists.
ad. Extract the patch to a temporary directory by running the following commands:
`gzip -d /root/6.1.1.7-ISS-TAM-LANGPK.tar.Z
tar xvf /root/6.1.1.7-ISS-TAM-LANGPK.tar`
ae. To install language packages for Tivoli Access Manager Runtime for Java and Tivoli Access Manager Runtime with an installer, run the following commands:
`cd /opt/ibm/java-x86-64-68/bin
./java -jar /root/pdjrte_lp_setup.jar`
af. Follow the instructions on the installer and select the appropriate languages until the update is complete
ag. Run the installer for the Tivoli Access Manager Runtime by running the following command:
./java -jar /root/pdrte_lp_setup.jar
34. Apply the ISS-AWS-FP007
update.
ai. Make sure the /root/6.1.1-ISS-TAM-FP0007-LIN.tar.Z
file exists.
aj. Extract the archive files by running the following commands:
`gzip -d /root/6.1.1-ISS-AWS-FP0007-LIN.tar.Z
tar xvf /root/6.1.1-ISS-AWS-FP0007-LIN.tar `
ak. Apply each rpm by running the following commands:
`rpm -U /root/PDWebRTE-PD-6.1.1-7.i386.rpm
rpm -U /root/PDWeb-PD-6.1.1-7.i386.rpm
rpm -U /root/PDWebADK-PD-6.1.1-7.i386.rpm `
Restart all IBM Intelligent Operations Center services
Restart all IBM Intelligent Operations Center services by running the following on the management server:
su – ibmadmin
/opt/IBM/ISP/mgmt/scripts/IOCControl.sh start all ``_<IOCControl_password>_
exit
April 2013 Java security alert
Security Bulletin: WebSphere - Oracle CPU April 2013
Java API Documentation Updater Tool
X-Force Vulnerability Database
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
[{“Product”:{“code”:“SS3NGB”,“label”:“IBM Intelligent Operations Center”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“–”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“1.5;1.5.0.1;1.5.0.2”,“Edition”:“”,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}}]