XCOM for Linux r11.6 SP01 and Java 1.8.0_77 vulnerabilities
search cancel

XCOM for Linux r11.6 SP01 and Java 1.8.0_77 vulnerabilities


Article ID: 210688


Updated On:


XCOM Data Transport XCOM Data Transport - Linux PC XCOM Data Transport - Windows XCOM Data Transport - z/OS


XCOM for Linux r11.6 SP01 ("CA XCOM Data Transport r11.6 16083 SP01 64bit (for <no SNA support>)" installs JRE 1.8.0_77 which has been highlighted by a scanner tool as having vulnerabilities.

Vulnerabilities Details for JRE version
CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289

Solution Proposed by scanner tool:
The vendor released updates (Java SE JDK and JRE 8 Update 121 or later, Java SE JDK and JRE 7 Update 131, Java SE JDK and JRE 6 Update 141) will resolve these issues.


Release : 11.6
Component : XCOM Data Transport for Linux PC


Later SP01 patches upgrade the JRE to 1.8.0_162 which complies with a JRE release that resolves the above issues.
XCOM patches contain cumulative fixes and therefore it is only necessary to install the latest patch to pick up all the fixes released since the last service pack. 
Therefore to upgrade the JRE to 1.8.0_162, just install the latest patch from the Solutions page: https://support.broadcom.com/group/ecx/solutionfiles?sellable=XCOMLP555&os=LINUX%20-ALL&release=11.6&solution=XCOM%20Data%20Transport%20for%20Linux%20(PC)%20LINUX%20-ALL&subfamily=XCOM

Additional Information

NOTE: Switching to OpenJDK is now supported, so if it is required to install a later JRE than the SP01 patches provide please see KB article: Implementing OpenJDK with XCOM for Linux and Windows