U radu programskog paketa IBM Tivoli Common Reporting uočen je i ispravljen sigurnosni propust. Propust je bilo moguće iskoristiti za uskraćivanje otvaranja URL adrese.
| Paket: | IBM Tivoli Common Reporting 2.x |
| Operacijski sustavi: | HP-UX 10.x, HP-UX 11.x, IBM AIX 5.x, IBM AIX 6.x, IBM AIX 7.x, IBM z/OS 1.x, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7, Sun Solaris 7, Sun Solaris 8, Sun Solaris 9, Sun Solaris 10 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| Izvorni ID preporuke: | 2.1.1.0-TIV-TCR-IF0002 |
| Izvor: | IBM |
| Problem: | |
| Problem sigurnosti je posljedica pogreške u programskoj komponenti "urlProvider.jar" na lokaciji " |
|
| Posljedica: | |
| Udaljeni napadač navedenu ranjivost može iskoristiti za uskraćivanje otvaranja URL adrese. |
|
| Rješenje: | |
| Rješenje problema sigurnosti je nadogradnja paketa na novije inačice. |
|
Izvorni tekst preporuke
-------------------------------------------------------------------------------+|
||Readme file for IBM Tivoli Common Reporting 2.1.1.0 Interim Fix 2||
|+-------------------------------------------------------------------------------+|
+----------------------------- NOTE --------------------------------+
|Before using this information and the product it supports, read the|
|information in 4."Notices". |
+-------------------------------------------------------------------+
This edition applies to Interim Fix 2 for Version 2, Release 1, Modified 1 of IBM Tivoli Common Reporting (program number 5724-T69).
Copyright International Business Machines Corporation 2011.
US Government Users Restricted Rights -- Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
+-----------------+
|Table of Contents|
+-----------------+
1. Description
1.1 APARs included
1.2 Internal defects
2. Applying Tivoli Common Reporting 2.1.1.0 Interim Fix 2
3. Uninstalling Tivoli Common Reporting 2.1.1.0 Interim Fix 2
4. Notices
+-----------------+
| 1. Description|
+-----------------+
The Interim Fix 2 for Tivoli Common Reporting 2.1.1.0 contains fixes for an internal defect.
This readme contains the most current information for this interim fix and takes precedence over all other documentation.
+-----------------------+
| 1.1 APARs included|
+-----------------------+
The Interim Fix 2 for Tivoli Common Reporting 2.1.1.0 contains no APAR fixes.
+------------------------+
| 1.2 Internal defects|
+------------------------+
PTE ISRM 1041 - Unable to load reporting page after first TIP/TCR server restart
Scenario: Product is installed on system A and configured both product and reports with local DB2. Database host name was mentioned as localhost as it is local db2 while creating data source for product. After installation of TIP, TCR and product, TIP/TCR servers are restarted. First, reports and other portlet operations work good on local system A where the product/TIP/TCR installed has been installed. However when a user tries to access the product using URL from some other machine say System B, the reporting page is unable to load. "Unable to Connect" exception in the portlet is shown.
So this fix addresses the above issue by updating the "urlProvider.jar" in <TCRComponent>/lib location.
Same is addressed as part of CMVC defect # 42784
+---------------------------------------------------------------------+
| 2 Applying Tivoli Common Reporting 2.1.1.0 Interim Fix 2|
+---------------------------------------------------------------------+
To apply the fix:
1. On the computer where Tivoli Common Reporting server has been
installed, unpack the 2.1.1.0-TIV-TCR-IF2.zip into a temporary directory.
2. Stop the Tivoli Common Reporting server.
3. Install the interim fix by running the following command from shell:
install[.sh|.bat] -i "<TCR_2110_HOME>"
- NOTE: PLEASE USE DOUBLE QUOTES WHILE SPECIFYING THE PATH
- where <TCR_2110_HOME> is the directory where Tivoli Common Reporting
is installed.
Example: /opt/IBM/tivoli/tipv2Components/TCRComponent
- You may have to add executable permission (+x) for the install.sh
script on Linux/UNIX platforms (chmod u+x install.sh).
- Due to case-sensitivity of Deployment Engine, the value used for
<TCR_2110_HOME> must be exactly the same as the directory path
entered during the TCR 2.1.1.0 installation. A common error is to
use a non capital letter for the installation drive on Windows.
If the disk where you installed Tivoli Common Reporting server
is "C:", you have to use a capital letter when specifying it,
for example:
install.bat -i c:\IBM\tivoli\tipv2Components\TCRComponent will not work, while
install.bat -i C:\IBM\tivoli\tipv2Components\TCRComponent will work.
4. Verify the installation:
Navigate to the folder where the Deployment Engine
has been installed.
For Windows the folder is:
%ProgramFiles%\IBM\Common\acsi\bin
Type listIU.cmd and the output should show that the TCR Interim Fix 2 has been installed, with an entry like below.
Fix (RootIU UUID: 3DD9564D2E7442788584C1F35B07F2A2 Name: SIU-TCR-2110-0002)Fix Name:826F534C48CA45799681EB7E8462A63A
Fix (RootIU UUID: 3DD9564D2E7442788584C1F35B07F2A2 Name: TCR-2110-0002)Fix Name:TCR-2110-0002
For UNIX-like systems:
Source the DE environment by running the following command:
. /var/ibm/common/acsi/setenv.sh for root user, or
. ~/.acsi_<USERNAME>/setenv.sh for non-root users.
Make sure you include the . (dot and space) characters when running the command.
Browse to the following directory:
/usr/ibm/common/acsi/bin for root user, or
~/.acsi_<USERNAME>/bin for non-user users.
Type listIU.sh and the output should show that the TCR Interim Fix 2 has been installed, with an entry like below.
Fix (RootIU UUID: 3DD9564D2E7442788584C1F35B07F2A2 Name: SIU-TCR-2110-0002)Fix Name:826F534C48CA45799681EB7E8462A63A
Fix (RootIU UUID: 3DD9564D2E7442788584C1F35B07F2A2 Name: TCR-2110-0002)Fix Name:TCR-2110-0002
5. Start the Tivoli Common Reporting server.
+-------------------------------------------------------------+
| 3 Uninstalling Tivoli Common Reporting 2.1.1.0 Interim Fix 2|
+-------------------------------------------------------------+
To remove from your Tivoli Common Reporting instance the Tivoli Common Reporting 2.1.1.0 Interim Fix 2, follow these steps:
1. Stop the Tivoli Common Reporting server.
2. Run the following command from shell:
install[.sh|.bat] -r <TCR_2110_HOME>
3. Start the server.
+----------+
| 4 Notices|
+----------+
This information was developed for products and services offered in the
U.S.A. IBM may not offer the products, services, or features discussed
in this document in other countries. Consult your local IBM
representative for information on the products and services currently
available in your area. Any reference to an IBM product, program, or
service is not intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property
right may be used instead. However, it is the user's responsibility to
evaluate and verify the operation of any non-IBM product, program, or
service.
IBM may have patents or pending patent applications covering subject
matter described in this document. The furnishing of this document does
not give you any license to these patents. You can send license
inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-178, U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact
the IBM Intellectual Property Department in your country or send
inquiries, in writing, to:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan
The following paragraph does not apply to the United Kingdom or any
other country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Some states do not allow disclaimer of express or implied warranties in
certain transactions, therefore, this statement might not apply to you.
This information could include technical inaccuracies or typographical
errors. Changes are periodically made to the information herein; these
changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s)
described in this publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of
those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own
risk.
IBM may use or distribute any of the information you supply in any way
it believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the
purpose of enabling: (i) the exchange of information between
independently created programs and other programs (including this one)
and (ii) the mutual use of the information which has been exchanged,
should contact:
IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758 U.S.A.
Such information may be available, subject to appropriate terms and
conditions, including in some cases, payment of a fee.
The licensed program described in this document and all licensed
material available for it are provided by IBM under terms of the IBM
Customer Agreement, IBM International Program License Agreement or any
equivalent agreement between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating
environments may vary significantly. Some measurements may have been
made on development-level systems and there is no guarantee that these
measurements will be the same on generally available systems.
Furthermore, some measurement may have been estimated through
extrapolation. Actual results may vary. Users of this document should
verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers
of those products, their published announcements or other publicly
available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related
to non-IBM products. Questions on the capabilities of non-IBM products
should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily
business operations. To illustrate them as completely as possible, the
examples include the names of individuals, companies, brands, and
products. All of these names are fictitious and any similarity to the
names and addresses used by an actual business enterprise is entirely
coincidental.
+--------------+
|4.1 Trademarks|
+--------------+
The following terms are trademarks of the IBM Corporation in the United
States or other countries or both:
IBM
The IBM logo
AIX
DB2
DB2® Universal Database
Tivoli
WebSphere
zSeries
Microsoft®, Windows®, and the Windows logo are registered trademarks, of
Microsoft Corporation in the U.S. and other countries.
UNIX is a registered trademark of The Open Group in the United States
and other countries.
Intel® is a trademark of Intel Corporation in the United States, other
countries, or both.
Linux® is a trademark of Linus Torvalds in the United States, other
countries, or both.
Other company, product, and service names may be trademarks or service
marks of others.
Posljednje sigurnosne preporuke