vCloud Application Director and vRealize Automation Application Services JRE update to include a fix for CVE-2014-6593
search cancel

vCloud Application Director and vRealize Automation Application Services JRE update to include a fix for CVE-2014-6593

book

Article ID: 338417

calendar_today

Updated On:

Products

VMware VMware Aria Suite

Issue/Introduction

The Oracle (Sun) JRE package is updated to 1.7.0_76. The update addresses multiple security issues that exist in the earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0_76 in the Oracle Java SE Critical Patch Update Advisory for January 2015. The JRE update includes a fix for CVE-2014-6593.

This security patch has been tested and proven to address the security issues observed in the following vCloud Application Director and vRealize Automation Application Services versions:

  • vRealize Automation Application Services 6.2
  • vRealize Automation Application Services 6.1.1
  • vCloud Application Director 6.0.1
  • vCloud Application Director 5.2.0

Links to download the patch

Product VersionsPatch File NameDownload Links
vRealize Automation Application Services 6.2vmware-jre-1.7.0_76-1server.x86_64.rpmAppServices-62
vRealize Automation Application Services 6.1.1vmware-jre-1.7.0_76-1server.x86_64.rpmAppServices-611
vCloud Application Director 6.0.1vmware-jre-1.7.0_76-1server.x86_64.rpmvCloudAppD-601
vCloud Application Director 5.2.0jre-6u91-linux-amd64.rpmvCloudAppD-520


Resolution

Steps to apply the patch

Note: You should have root privilege to perform these operations.

  1. Take a snapshot of the vCloud Application Director or vRealize Automation Application Services virtual machine.
  2. Log in to the vCloud Application Director or vRealize Automation Application Services virtual appliance.
  3. Stop the VMware Application Director or vRealize Automation Application Services server using the following command:
    # service vmware-darwin-tcserver stop
    Note: This command stops the vCloud Application Director service and the communication between VA and other components such as vCloud Automation Center, vCloud Director and so on. When you restart the service, the vCloud Application Director functionality is restored.
  4. Download the vmware-jre-1.7.0_76-1server.x86_64.rpm (For vCloud Application Director 6.0.1, vRealize Automation Application Service 6.1.1 and 6.2) or jre-6u91-linux-amd64.rpm (For vCloud Application Director 5.2.0) and install the patch using the following command:
    # rpm -Uvh vmware-jre-1.7.0_76-1server.x86_64.rpm (For vCloud Application Director 6.0.1, vRealize Automation Application Service 6.1.1 and 6.2)
    # rpm -Uvh jre-6u91-linux-amd64.rpm (For vCloud Application Director 5.2.0)
  5. Start the VMware Application Director or vRealize Automation Application Services server using the following command:
    # service vmware-darwin-tcserver start