XCOM Linux 11.6 SP00 shows Oracle Java SE Multiple Vulnerabilities (SLOTH)
search cancel

XCOM Linux 11.6 SP00 shows Oracle Java SE Multiple Vulnerabilities (SLOTH)

book

Article ID: 138258

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Linux PC

Issue/Introduction

Based on our recent Vulnerability Assessment by security team they have found 1 critical item as per below which requires an urgent attention.

They recommend us to upgrade the Java to higher/recent as possible.

Current JRE installed for XCOM : /opt/CA/SharedComponents/JRE/1.8.0.45_ALL

Please advise on how to point the XCOM config to new upgraded Java?

88046 - Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH) (Unix)

Description : The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 71, 7 Update 95, or 6 Update 111. It is, therefore, affected by security vulnerabilities in the following components :
- 2D
- AWT
- JAXP
- JMX
- Libraries
- Networking
- Security

Solution: Upgrade to Oracle JDK / JRE 8 Update 71, 7 Update 95, 6 Update 111, or later. If necessary, remove any affected versions.

Environment

Release : 11.6 SP00 version 13081 (GA Release)

Component : XCOM Data Transport for Linux PC

 

Cause

Using XCOM 11.6 SP00 version 13081 (GA release) which distributes Java 1.8 u45


Resolution

Both XCOM 11.6 SP01 and 12.0 install Oracle "JRE 8 Upgrade 77" so will resolve the vulnerability

To access the install media login to the Broadcom Support Portal 

Select "XCOM Data Transport - for Linux (PC) Linux All"

Download and install 11.6 SP01 oR 12.0

By default XCOM 11.6 SP01 and XCOM 12.0 installs JRE 1.8 u77 under XCOM_HOME in directory /opt/CA/XCOM/JRE/1.8.0_77

The file xcom.glb has corresponding parameter XCOM_JVM set accordingly: CA XCOM DATA TRANSPORT FOR UNIX/LINUX 11.6.1 > XCOM_JVM

CA XCOM DATA TRANSPORT FOR UNIX/LINUX 12.0 > XCOM.JVM

 

 

Additional Information

Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH) (Unix)