AIX

 View Only
  • 1.  Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

    IBM Champion
    Posted Tue June 25, 2024 02:45 PM

    Most AIX patches are somewhat straightforward.  Check to see if you're vulnerable.  If so, download it, unzip it, and apply the patch (and they give the whole installp command).

    Java is different.  Check to see if you're vulnerable.  If so, download it but they give no instructions on how to install it.  Sure the readme has an IBM link but that link is not direct.  So, how do I install the fix outlined at:  https://www.ibm.com/support/pages/node/7158591

    Yes, the lslpp shows that I am running a 64bit so I clicked on that.  I got to Fix Central and downloaded the series of files.

    Now what?



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------


  • 2.  RE: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

    Posted Tue June 25, 2024 04:36 PM

    I agree that it is a miss that JAVA updates don't have the install commands.
    smit install is your friend :)

    Try it as a preview first and then actually install. Note ACCEPT license does not default to yes.

    Update Installed Software to Latest Level (Update All)

    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.

    [TOP]                                                   [Entry Fields]
    * INPUT device / directory for software               /images/java8.825
    * SOFTWARE to update                                  _update_all
      PREVIEW only? (update operation will NOT occur)     yes                    +
      COMMIT software updates?                            yes                    +
      SAVE replaced files?                                no                     +
      AUTOMATICALLY install requisite software?           yes                    +
      EXTEND file systems if space needed?                yes                    +
      VERIFY install and check file sizes?                no                     +
      DETAILED output?                                    no                     +
      Process multiple volumes?                           yes                    +
      ACCEPT new license agreements?                      yes                    +
      PREVIEW new LICENSE agreements?                     no                     +



    ------------------------------
    Alexander Pettitt
    ------------------------------



  • 3.  RE: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

    IBM Champion
    Posted Wed June 26, 2024 09:19 AM

    So I looked at both your example, and the IBM support page.

    I'm now at the following:
    lslpp -L | grep -i java
    cd /tmp
    mkdir -p /tmp/java_install
    cd /tmp/java_install
    sftp redacted@delivery04-bld.dhe.ibm.com
    ls
    mget *
    quit
    ls *.gz
    IJ50978.tar.gz
    pap6480sr8fp25-20240328_01-sdk.tar.gz
    java8_64_installp_8.0.0.825.tar.gz

    Do I expand all three of those tar files and install all the resulting files?



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------



  • 4.  RE: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

    Posted Wed June 26, 2024 02:35 PM

    Yes you will need to gunzip and untar each file as per the instructions

    # gunzip -c < TAR_GZ_FILE | tar -xvf -



    ------------------------------
    Alexander Pettitt
    ------------------------------



  • 5.  RE: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

    IBM Champion
    Posted Wed June 26, 2024 03:07 PM
    Trying the smitty.  We do zero development in AIX.  Basically it's there solely to run IBM Storage Protect.  Only.  I'm guessing I don't need
    - docs
    - jclsource
    - samples
    I do need
    - Java8_64.jre
    - Java8_64.sdk
     
    smitty install_all
        Input device / directory for software: ./
        SOFTWARE to install:  Esc+4 to list
        Use Esc+7 to pick: Java8_64.jre, Java8_64.sdk
        PREVIEW only? You might want to say yes the first time.
        ...
        ACCEPT new license agreements? yes
        ...
        Enter
     
    lslpp -L | grep -i java
    > lslpp -L | grep -i java
      Java6.sdk                6.0.0.655    C     F    Java SDK 32-bit
      Java7_64.jre             7.0.0.715    C     F    Java SDK 64-bit Java Runtime
      Java7_64.sdk             7.0.0.715    C     F    Java SDK 64-bit Development
      Java8_64.jre             8.0.0.825    C     F    Java SDK 64-bit Java Runtime
      Java8_64.sdk             8.0.0.825    C     F    Java SDK 64-bit Development
                                 3.3.2.0    C     F    RSCT GUI JAVA Msgs - U.S.
                                 3.3.2.0    C     F    RSCT RMC JAVA Msgs - U.S.


    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------



  • 6.  RE: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

    Posted Wed June 26, 2024 06:12 AM

    Alternatively here is an IBM support page 

    IBM Java for AIX HowTo: Install, Upgrade, or Downgrade IBM Java



    ------------------------------
    Alexander Pettitt
    ------------------------------