U radu programskog paketa IBM Tivoli Common Reporting uočen je sigurnosni propust koji napadaču omogućuje izvođenje DoS (eng. Denial of Service) napada.

+-------------------------------------------------------------------+
|+-----------------------------------------------------------------+|
||Readme file for IBM Tivoli Common Reporting 2.1.0.0 Interim Fix 2||
|+-----------------------------------------------------------------+|
+-------------------------------------------------------------------+


+----------------------------- NOTE --------------------------------+
|Before using this information and the product it supports, read the|
|information in 4."Notices".                                        |
+-------------------------------------------------------------------+
This edition applies to Interim Fix 2 for version 2, release 1 of IBM Tivoli Common Reporting (program number 5724-T69).

Copyright International Business Machines Corporation 2011.
US Government Users Restricted Rights -- Use, duplication or disclosure 
restricted by GSA ADP Schedule Contract with IBM Corp.

+-----------------+
|Table of Contents|
+-----------------+
	1. Description
	1.1 APARs included
	1.2 Internal defects
	2. Applying Tivoli Common Reporting 2.1.0.0 Interim Fix 2
	3. Uninstalling Tivoli Common Reporting 2.1.0.0 Interim Fix 2
	4. Notices
	
+---------------+
| 1. Description|
+---------------+
The Interim Fix 2 for Tivoli Common Reporting 2.1.0.0 contains fix for the Java Vulnerability issue - Denial of Service.
More about this issue can be found at http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html

This readme contains the most current information for this interim fix  and takes precedence over all other documentation.

+-------------------+
| 1.1 APARs included|
+-------------------+
The Interim Fix 2 for Tivoli Common Reporting 2.1.0.0 contains fixes for the following APARs:

	PM32173 -  Ship SDK IFIX to address SECURITY VULNERABILITY - WAS v7.0
			 Ship SDK iFix to address a security vulnerability that causes an infinite loop in the application. 
			 This fix will add the security patch to the TIP's JRE and Cognos JRE.
			 Note: This fix supports only 32-bit installation.

+---------------------+
| 1.2 Internal defects|
+---------------------+
None

+---------------------------------------------------------+
| 2 Applying Tivoli Common Reporting 2.1.0.0 Interim Fix 2|
+---------------------------------------------------------+
To apply the fix:

	1.	On the computer where Tivoli Common Reporting server has been 
		installed, unpack the 2.1.0.0-TIV-TCR-IF2.zip into a temporary 
		directory. 
	
	1a.	Browse to 2.1.0.0-TIV-TCR-IF2\TCR-2100-0002\FILES and apply the below command.
		dos2unix *.sh
		(this will ensure windows ^M characters are removed, if any, from the 3 .sh files)

	2. 	Stop the Tivoli Common Reporting server.

	2a.	NOTE: For non-root installation, there has to be read/write permission available for /opt/IBM folder.
		This is required for the WAS Update Installer to be installed, which in turn is used to install the patch.

	3. 	Install the interim fix by running the following command from shell:
			
			install[.sh|.bat] -i <TCR_2100_HOME>,
		
		- where <TCR_2100_HOME> is the directory where Tivoli Common Reporting
			is installed.
		- You may have to add executable permission (+x) for the install.sh 
			script on Linux/UNIX platforms (chmod u+x install.sh).
		- Due to case-sensitivity of Deployment Engine, the value used for 
			<TCR_2100_HOME> must be exactly the same as the directory path 
			entered during the TCR 2.1.0.0 installation. A common error is to 
			use a non capital letter for the installation drive on Windows. 
			If the disk where you installed Tivoli Common Reporting server 
			is "C:", you have to use a capital letter when specifying it, 
			for example:

			install.bat -i c:\IBM\tivoli\tipv2Components\TCRComponent will not work, while
			install.bat -i C:\IBM\tivoli\tipv2Components\TCRComponent will work.

	4.	Verify the installation:
		
			Navigate to the folder where the Deployment Engine
			has been installed.
		
			For Windows the folder is:
				%ProgramFiles%\IBM\Common\acsi\bin
			Type listUI.cmd and the output should show that the TCR 2.1 Interim Fix 2 has been installed.
		
			For UNIX-like systems:
			Source the DE environment by running the following command: 
				. /var/ibm/common/acsi/setenv.sh for root user, or
				. ~/.acsi_<USERNAME>/setenv.sh for non-root users.
			Make sure you include the . (dot and space) characters when 
			running the command.
			Browse to the following directory:
				/usr/ibm/common/acsi/bin for root user, or
				~/.acsi_<USERNAME>/bin for non-user users.
			Type listUI.sh and the output should show that the TCR 2.1 Interim Fix 2 has been installed.

	5. 	Start the Tivoli Common Rerporting server.

+-------------------------------------------------------------+
| 3 Uninstalling Tivoli Common Reporting 2.1.0.0 Interim Fix 2|
+-------------------------------------------------------------+
To remove from your Tivoli Common Reporting instance the Tivoli Common Reporting 2.1.0.0 Interim Fix 2, follow these steps:

	1. 	Stop the Tivoli Common Reporting server.

	2. 	Run the following command from shell:
		install[.sh|.bat] -r <TCR_2100_HOME>

	3.	Start the server.

+----------+
| 4 Notices|
+----------+
This information was developed for products and services offered in the
U.S.A. IBM may not offer the products, services, or features discussed
in this document in other countries. Consult your local IBM
representative for information on the products and services currently
available in your area. Any reference to an IBM product, program, or
service is not intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property
right may be used instead. However, it is the user's responsibility to
evaluate and verify the operation of any non-IBM product, program, or
service.

IBM may have patents or pending patent applications covering subject
matter described in this document. The furnishing of this document does
not give you any license to these patents. You can send license
inquiries, in writing, to:



IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-178, U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact
the IBM Intellectual Property Department in your country or send
inquiries, in writing, to:

IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan

The following paragraph does not apply to the United Kingdom or any
other country where such provisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in
certain transactions, therefore, this statement might not apply to you.

This information could include technical inaccuracies or typographical
errors. Changes are periodically made to the information herein; these
changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s)
described in this publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of
those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own
risk.

IBM may use or distribute any of the information you supply in any way
it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the
purpose of enabling: (i) the exchange of information between
independently created programs and other programs (including this one)
and (ii) the mutual use of the information which has been exchanged,
should contact:

IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX  78758 	U.S.A.

Such information may be available, subject to appropriate terms and
conditions, including in some cases, payment of a fee.

The licensed program described in this document and all licensed
material available for it are provided by IBM under terms of the IBM
Customer Agreement, IBM International Program License Agreement or any
equivalent agreement between us.

Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating
environments may vary significantly. Some measurements may have been
made on development-level systems and there is no guarantee that these
measurements will be the same on generally available systems.
Furthermore, some measurement may have been estimated through
extrapolation. Actual results may vary. Users of this document should
verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers
of those products, their published announcements or other publicly
available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related
to non-IBM products. Questions on the capabilities of non-IBM products
should be addressed to the suppliers of those products.

This information contains examples of data and reports used in daily
business operations. To illustrate them as completely as possible, the
examples include the names of individuals, companies, brands, and
products. All of these names are fictitious and any similarity to the
names and addresses used by an actual business enterprise is entirely
coincidental.

+--------------+
|4.1 Trademarks|
+--------------+
The following terms are trademarks of the IBM Corporation in the United
States or other countries or both: 

IBM
The IBM logo 
AIX
DB2
DB2® Universal Database
Tivoli
WebSphere
zSeries

Microsoft®, Windows®, and the Windows logo are registered trademarks, of
Microsoft Corporation in the U.S. and other countries.

UNIX is a registered trademark of The Open Group in the United States
and other countries.

Intel® is a trademark of Intel Corporation in the United States, other
countries, or both.

Linux® is a trademark of Linus Torvalds in the United States, other
countries, or both.

Other company, product, and service names may be trademarks or service
marks of others.