TIBCO Runtime Agent: US-CERT Released a Cyber Security Alert for JREs Released by Sun Microsystems
Article ID: KB0086485
Updated On:
| Products | Versions |
|---|---|
| TIBCO Runtime Agent (TRA) | - |
| Not Applicable | - |
Description
Resolution:
On Jan. 22, 2007 US-CERT released a security alert, TA07-022A, for multiple vulnerabilities in Java released by Sun Microsystems. This alert affects the following Sun Java Runtime Environment versions:
JDK and JRE 5.0 Update 9 and earlier
SDK and JRE 1.4.2_12 and earlier
SDK and JRE 1.3.1_18 and earlier
For more details about this alert, please go to: http://www.us-cert.gov/cas/techalerts/TA07-022A.html
This alert affects TIBCO Runtime Agent (TRA) because TRA is shipped with JRE included. The affected versions of TRA are 5.3.2 and earlier, 5.4.x, and 5.5.0. We have just released TRA 5.3.3 that is shipped with JRE 1.4.2_13. For customers using TRA 5.3.2 or earlier we advise upgrading to 5.3.3 which will eliminate the vulnerabilities. For customers that are using TRA 5.3.2 or earlier versions but do not wish to upgrade to TRA 5.3.3 we advise that you manually upgrade your JRE to version 1.4.2_13. The attached document has the instructions on how to manually replace the JRE bundled within TRA with a customer version. Customers that are using TRA 5.4.x and 5.5.0 are advised to manually upgrade their JRE to version 1.5.0.10 until a TRA service pack is made available to address this issue. We plan to issue TRA 5.5.1 in February of 2007 that will contain an unaffected version of Sun JRE.
On Jan. 22, 2007 US-CERT released a security alert, TA07-022A, for multiple vulnerabilities in Java released by Sun Microsystems. This alert affects the following Sun Java Runtime Environment versions:
JDK and JRE 5.0 Update 9 and earlier
SDK and JRE 1.4.2_12 and earlier
SDK and JRE 1.3.1_18 and earlier
For more details about this alert, please go to: http://www.us-cert.gov/cas/techalerts/TA07-022A.html
This alert affects TIBCO Runtime Agent (TRA) because TRA is shipped with JRE included. The affected versions of TRA are 5.3.2 and earlier, 5.4.x, and 5.5.0. We have just released TRA 5.3.3 that is shipped with JRE 1.4.2_13. For customers using TRA 5.3.2 or earlier we advise upgrading to 5.3.3 which will eliminate the vulnerabilities. For customers that are using TRA 5.3.2 or earlier versions but do not wish to upgrade to TRA 5.3.3 we advise that you manually upgrade your JRE to version 1.4.2_13. The attached document has the instructions on how to manually replace the JRE bundled within TRA with a customer version. Customers that are using TRA 5.4.x and 5.5.0 are advised to manually upgrade their JRE to version 1.5.0.10 until a TRA service pack is made available to address this issue. We plan to issue TRA 5.5.1 in February of 2007 that will contain an unaffected version of Sun JRE.
Issue/Introduction
TIBCO Runtime Agent: US-CERT Released a Cyber Security Alert for JREs Released by Sun Microsystems
Attachments
Feedback
Yes
No
Powered by
