IBM Platform Application Center 9.1.0 Fix 236027 Readme
Abstract
This fix resolves security vulnerabilities s2-020, s2-021, s2-022 related to the Apache Struts 2 third-party libraries.
Description
Readme documentation for IBM Platform Application Center 9.1.0 Fix 236027
This fix addresses the following issues:
- Apache Struts 2 third party libraries have
been found to have security vulnerabilities.
To fix the security issues
s2-020, s2-021, s2-022, Apache Struts 2 version has been updated to
2.3.16.3, and the common fileupload version has been updated to 1.3.1.
For more details on the security issues, refer to:
- http://struts.apache.org/release/2.3.x/docs/s2-020.html
- http://struts.apache.org/release/2.3.x/docs/s2-021.html
- http://struts.apache.org/release/2.3.x/docs/s2-022.html
Readme
file for: IBM® Platform Application Center
Product/Component Release: 9.1.0.0
Update Name: Fix 236027
Fix ID: pac9.1_standard_linux-x64.tar.Z
Publication date: 28 May 2014
Last modified date:
Contents:
None.
Download Fix 236027 from the following location: http://www.ibm.com/eserver/support/fixes/
Affected components include: None. None.
None.
5.1 Before installation
Stop all IBM Platform Application Center services:
If EGO is not enabled:
perfadmin stop all
pmcadmin stop
If EGO is enabled:
a. Log on to EGO.
egosh user logon -u Admin -x Admin
b. Stop IBM Platform Application Center services.
egosh service stop mysql WEBGUI jobdt plc purger
c. Check that services have stopped.
egosh service list
5.2 Installation steps
The
following steps assume IBM Platform Application Center is installed in
/opt/pac.
Replace with your actual installation directory.
1.
Determine the location of your
existing IBM Application Center installation.
#rpm
-q --queryformat "%{INSTPREFIXES}\n" pcc-appcenter
2.
As root, log on to your IBM Platform Application
Center 9.1 host. Backup the exiting installation directory, for
example:
#cp
-rfp /opt/pac /opt/pac.bak
3. Backup
database if you use local MySQL.
Export local IBM Platform Application
Center mysql database use command:
#mysqldump
-u pacuser -p pac --add-drop-table > /root/pacdata.sql
4. Download the fix file: pac9.1_standard_linux-x64.tar.Z.
5. Extract pac9.1_standard_linux-x64.tar.Z.
6. As root, log on to your IBM Platform Application Center 9.1 host.
7.
Set your IBM Platform Application Center
environment:
For csh or tcsh:
% source /opt/pac/cshrc.platform
For sh, ksh, or bash:
$ . /opt/pac/profile.platform
8.
Install the fix.
rpm -Uvh --prefix ${PAC_TOP} pcc-appcenter-9.1-236027.x86_64.rpm
Note:
Replace ${PAC_TOP} with your actual installation directory.
5.3 After installation
1. Start IBM Platform Application Center services
If EGO is not enabled:
perfadmin start all
pmcadmin start
If EGO is enabled:
a. Log on to EGO.
egosh user logon -u Admin -x Admin
b. Start IBM Platform Application Center services.
egosh service start mysql WEBGUI jobdt plc purger
c. Check that services have stopped.
egosh service list
2. Clear your browser cache before
logging into IBM Platform Application Center.
This is required on every browser that
will access IBM Platform Application Center.
Otherwise, IBM Platform Application
Center will not work properly.
6.1 Before uninstallation
Stop all IBM Platform Application Center services:
If EGO is not enabled:
perfadmin stop all
pmcadmin stop
If EGO is enabled:
a. Log on to EGO.
egosh user logon -u Admin -x Admin
b. Stop IBM Platform Application Center services.
egosh service stop mysql WEBGUI jobdt plc purger
c. Check that services have stopped.
egosh service list
6.2 Roll back the fix
The
following steps assume IBM Platform Application Center is installed in
/opt/pac.
Replace with your actual installation directory.
1. Download the RPM package for the exact version they were running before applying the patch, for example, pcc-appcenter-9.1-123456.x86_64.rpm.
2. Set your IBM Platform Application
Center
environment:
For csh or tcsh:
% source /opt/pac/cshrc.platform
For sh, ksh, or bash:
$ . /opt/pac/profile.platform
3.
Install the
IBM Platform Application Center RPM package, for Example:
#rpm -Uvh
--prefix ${PAC_TOP} --oldpackage --noscripts
pcc-appcenter-9.1-123456.x86_64.rpm
Note:
Replace ${PAC_TOP} with your actual installation directory.
4. If administrator has done some customization on code, copy back the changed code from backup directory.
5. Start IBM Platform Application Center services
If EGO is not enabled:
perfadmin start all
pmcadmin start
If EGO is enabled:
a. Log on to EGO.
egosh user logon -u Admin -x Admin
b. Start IBM Platform Application Center services.
egosh service start mysql WEBGUI jobdt plc purger
c. Check that services have stopped.
egosh service list
6. Clear your browser cache before
logging into IBM Platform Application Center.
This is required on every browser that
will access IBM Platform Application Center.
Otherwise, IBM Platform Application
Center will not work properly.
${PAC_TOP}/perf/1.2/lib/commons-fileupload-1.3.1.jar
${PAC_TOP}/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/commons-fileupload-1.3.1.jar
${PAC_TOP}/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-core-2.3.16.3.jar
${PAC_TOP}/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-json-plugin-2.3.16.3.jar
${PAC_TOP}/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-spring-plugin-2.3.16.3.jar
${PAC_TOP}/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/xwork-core-2.3.16.3.jar
© Copyright IBM Corporation 2014
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml