IBM Support

IBM Tivoli Composite Application Manager for Transactions Response Time 7.4.0.1 Interim Fix 63 Readme File

Fix Readme


Abstract

Readme file for: 7.4.0.1-TIV-CAMRT-IF0063
Product - Component Release: 7.4.0.1
Update Name: 7.4.0.1-TIV-CAMRT-IF0063
Fix ID: 7.4.0.1-TIV-CAMRT-AIX-IF0063, 7.4.0.1-TIV-CAMRT-LINUX-IF0063, 7.4.0.1-TIV-CAMRT-WINDOWS-IF0063
Publication Date: 23 Nov 2022
Last modified date: 23 Nov 2022
Description: This IFIX contains Java™ update for: PSIRT PVR0405049 for CVE-2022-3676

Content

Download location
Prerequisites and co-requisites
Installing
Additional information
List of fixes


Download location

The following is list of components, platforms, and file names that apply to this readme file.
 

Fix Download for AIX

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  AIX  7.4.0.1-TIV-CAMRT-AIX-IF0063


Fix Download for Linux

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  Linux  7.4.0.1-TIV-CAMRT-LINUX-IF0063


Fix Download for Windows

 Product - Component Name:  Platform:  Fix:
 Tivoli Composite Application Manager for Transactions  Windows
 


Prerequisites and co-requisites

This upgrade for the Robotic Response Time agents, which is part of ITCAM for Transactions: Response Time, can be applied to the following base versions. It must be applied to a machine on which Robotic Response Time agent is being installed.

  • 7.4.0.1 - AIX, Linux, Windows
  • 7.4.0.2 - AIX, Linux, Windows
     
Notes:
  1. Supported base versions include interim fixes that were applied to 7.4.0.1 and 7.4.0.2 versions.
  2. This interim fix is a quarterly SDK update. The update replaces the Java SDK without changing the product version. This interim fix can be applied to versions 7.4.0.1 and 7.4.0.2.
 

This patch replaces the two JREs that were shipped with the Robotic Response Time (T6) agent, bringing them to the latest level.
This action remediates multiple security issues.

 

This patch is applicable to the following T6 agents:

  • Version 7.4.0.1
  • Version 7.4.0.2
  • Windows, AIX, and Linux platforms.
     

The T6's JREs are only used when Rational Performance Tester (RPT) scripts playback, thus JREs are not available on Solaris and HPUX (RPT playback is not supported on Solaris and HPUX). 7.4 agent needs to update Java 80 JREs. These variations are noted in the installation steps. Any customizations done to the existing JREs need to be preserved. Since these JREs are product-specific (that is, the JREs are used by the T6 agent only), there can be only one customization as instructed by IBM support to enable strong encryption by updating the JRE's encryption policy (see the technote in the Installing section).


This patch includes Java70 and Java80 updates.  After the patch, the Java™ versions will be:
  • Java 7.0 SR11 FP15
  • Java 8.0 SR07 FP20

Related material:
This interim fix is a cumulative Java upgrade for Java PSIRT. Updates implemented in the following releases are included in this upgrade.
  • 7.4.0.1 - IF0005
  • 7.4.0.1 - IF0007
  • 7.4.0.1 - IF0009
  • 7.4.0.1 - IF0012
  • 7.4.0.1 - IF0015
  • 7.4.0.1 - IF0018
  • 7.4.0.1 - IF0021
  • 7.4.0.1 - IF0024
  • 7.4.0.1 - IF0027
  • 7.4.0.1 - IF0030
  • 7.4.0.1 - IF0032
  • 7.4.0.1 - IF0033
  • 7.4.0.1 - IF0034
  • 7.4.0.1 - IF0039
  • 7.4.0.1 - IF0041
  • 7.4.0.1 - IF0047
  • 7.4.0.1 - IF0049
  • 7.4.0.1 - IF0050
  • 7.4.0.1 - IF0051
  • 7.4.0.1 - IF0052
  • 7.4.0.1 - IF0055
  • 7.4.0.1 - IF0056
  • 7.4.0.1 - IF0057
  • 7.4.0.1 - IF0058
  • 7.4.0.1 - IF0060

 

Installation information

Before Installing

Validate pre-existing Java80 is older than ones delivered in this interim fix.
The RRT Agent's Javas are located at:

  • Windows:
    • Java70: $ITMHOME\tmaitm6\java70
    • Java80: $ITMHOME\tmaitm6\java80 - only in 7.4.0.1-IF8 and later
  • Unix:
    • Java70: $ITMHOME/tmaitm6/java70
    • Java80: $ITMHOME/tmaitm6/java80 - only in 7.4.0.1-IF8 and later

Check the versions, for example
C:\ibm\itm\TMAITM6> .\java80\jre\bin\java.exe -version
 
java version "1.8.0_331"
Java(TM) SE Runtime Environment (build 8.0.7.10 - pwi3280sr7fp10-20220505_01(SR7 FP10))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2016 x86-32-Bit 20220427_27745 (JIT enabled, AOT enabled)
OpenJ9   - b15041a
OMR      - 3671a9f
IBM      - 1b0232b)
JCL - 20220504_01 based on Oracle jdk8u331-b09

 

Installing

Note:

If you updated T6 JRE to use strong encryption, then you must manually back up the following policy files and copy them to the new JREs:
  • \lib\security\local_policy.jar
  • \lib\security\US_export_policy.jar
     
See technote - How to enable strong encryption > 128 bit
https://www.ibm.com/support/pages/node/85585
See technote - Does the RRT agent support TLS 1.1/1.2 and 256-bit ciphers?
https://www.ibm.com/support/pages/node/529695
 
  • Back up existing Java70 and Java80
    1. Stop the T6 agent
    2. Backup the existing Java JREs, for example
      > On Windows - cd c:\IBM\ITM\tmaitm6\
      > On Linux or Unix - cd /opt/IBM/ITM/tmaitm6
      > move java70 java70.old
      > move java80 java80.old - only in 7.4.0.1-IF8 and later.
  • Replace the JREs
    1. Extract the archive to the same directory, for example, after unarchiving your directory structure is:

      Windows - c:\IBM\ITM\TMAITM6>dir java*

      C:\IBM\ITM\TMAITM6>dir java*
       Volume in drive C has no label.
       Volume Serial Number is 8492-1522

       Directory of C:\IBM\ITM\TMAITM6
      09/28/2022  03:34 PM    <DIR>          java60
      11/22/2022  04:38 PM    <DIR>          java70
      09/28/2022  03:34 PM    <DIR>          java70.old
      11/22/2022  04:37 PM    <DIR>          java80
      09/28/2022  04:31 PM    <DIR>          java80.old
                     0 File(s)              0 bytes
                     5 Dir(s)   7,748,349,952 bytes free


      Linux or Unix - /opt/IBM/ITM/tmaitm6>ls -dl java*
      ........
      drwxr-xr-x 4 root root 4096 Feb 2 01:10 java70
      drwxr-xr-x 4 root root 4096 Sep 19 14:20 java70.bak
      drwxr-xr-x 4 root root 4096 Feb 2 01:10 java80
      drwxr-xr-x 4 root root 4096 Sep 19 14:20 java80.bak

    2. If applicable, copy the following unrestricted policy files from the "java70.old" and "java80.old" directories to the new "java70" and "java80" directories:

      Windows:
      java70.old\lib\security\local_policy.jar to java70\lib\security
      java70.old\lib\security\US_export_policy.jar to java70\lib\security
      java80.old\lib\security\local_policy.jar to java80\lib\security
      java80.old\lib\security\US_export_policy.jar to java80\lib\security

      Linux or Unix:
      java70.bak/lib/security/local_policy.jar to java70/lib/security
      java70.bak/lib/security/US_export_policy.jar to java70/lib/security
      java80.bak/lib/security/local_policy.jar to java80/lib/security
      java80.bak/lib/security/US_export_policy.jar to java80/lib/security
       
  • Validate the updated JRE version
    1. Check version number of JRE 7.0, for example:

      >java70\jre\bin>java -version
      java version "1.7.0"
      Java(TM) SE Runtime Environment (build pwi3270sr11fp15-20220624_01(SR11 FP15))
      IBM J9 VM (build 2.6, JRE 1.7.0 Windows Server 2016 x86-32 20220617_030965 (JIT enabled, AOT enabled)
      J9VM - R26_Java726_SR11_20220617_2310_B30965
      JIT  - r11_20220617_30965
      GC   - R26_Java726_SR11_20220617_2310_B30965
      J9CL - 20220617_30965)
      JCL - 20220620_01 based on Oracle jdk7u351-b07

    2. Check version number of JRE 8.0, for example:
      >java80\jre\bin>java -version
      java version "1.8.0_351"
      Java(TM) SE Runtime Environment (build 8.0.7.20 - pwi3280sr7fp20-20221020_01(SR7 FP20))
      IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2016 x86-32-Bit 20220929_37824 (JIT enabled, AOT enabled)
      OpenJ9   - 02180fe
      OMR      - 48fc32a
      IBM      - bf759bf)
      JCL - 20220922_01 based on Oracle jdk8u351-b10

  • Restart Agent and ensure Rational Performance Tester Script playback works.
  • (Optional) Delete the backup Java runtimes.
     

Additional information

The Secure Hash Algorithm 256(SHA256) checksums of the images are as follows:

7.4.0.1-TIV-CAMRT-AIX-IF0063.tar - 80a3b311a5af3266fadefbac5caf1bb28c2c7d2e 
7.4.0.1-TIV-CAMRT-Linux-IF0063.tar - 342e339d7e47b23fe39717ea42758d3d44ccf1da 
7.4.0.1-TIV-CAMRT-Windows-IF0063.zip - 606c9cc9b030802a1be0b7257db4648d08aa0b1b


List of fixes

A) APAR Content:
N/A


B) Additional Non-APAR Defects:

Defect 32028: PSIRT PVR0405049 IBM Java - OpenJ9 CVE-2022-3676


C) Enhancements
N/A

Document change history

 
 Version  Date  Description of change
 1.0  23 Nov 2022  Initial Version

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS5MD2","label":"Tivoli Composite Application Manager for Transactions"},"ARM Category":[{"code":"a8m500000008i3OAAQ","label":"ITCAM-for-Transactions-\u003ERobotic Response Time RRT"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
23 November 2022

UID

ibm16837199

Page Feedback