Ibm® Sterling Connect: Direct




Download 79.91 Kb.
bet2/6
Sana25.12.2019
Hajmi79.91 Kb.
#4856
1   2   3   4   5   6
Fix Availability Date: 26 November 2014

High Impact: N

Reported Severity: 5
4.7.0.2_iFix002: RTC446327 / APAR IT05789

Description of Issue: Parsing a process that contains PDS-like files names fails. For example, CD Requester fails to validate a process specifying FILE="del.me(+1)": The parameter is invalid.

Trying to submit the process from the CLI fails too: An unhandled error occurred!

Description of Fix: Fixed a compatibility issue with VS 2013.

Fix Availability Date: 26 November 2014

High Impact: N

Reported Severity: 3
4.7.0.2_iFix003: RTC416379 / APAR IT05862

Description of Issue: Data corruption occurring at a subsequent COPY step when it gets restarted before the first checkpoint has been received. This only occurs when Windows is SNODE writing the destination file.

Description of Fix: Added code to update the ckpt file in-between COPY steps.

Fix Availability Date: 02 December 2014

High Impact: N

Reported Severity: 2
4.7.0.2_iFix004: RTC436475 / APAR IT05895

Description of Issue: Processes have been submitted to the TCQ while Strong Password

Security (SPE) was enabled. These processes with fail with LUPC028I and LUPC006I once the Connect:Direct Windows server has been restarted.

Description of Fix: Fixed a length issue when decrypting process text.

Fix Availability Date: 03 December 2014

High Impact: N

Reported Severity: 2
4.7.0.2_iFix005: RTC419555 / APAR IT01361

Description of Issue: Message File Automatic Import.

Description of Fix: The Connect:Direct message file will be automatically imported into the message database while applying a fix pack, unless disabled by the user through specifying LAUNCHMSGIMP=0 on the fix pack command line. To import new messages manually, run the CD Message Import Utility.

Fix Availability Date: 16 December 2014

High Impact: N

Reported Severity: 4
4.7.0.2_iFix006: RTC451252 / RFE 445016 (ID 60501) / APAR IT06113

Description of Issue: Connect:Direct Windows SDK for x64 bit Windows Platform in C++.

Description of Fix: Provided 64-bit versions of CdCore.lib and CdCore.dll in a new x64 folder.

To build the C++ samples for the x64 platform, please remove your existing *.sln and *.vcxproj files from the CPPSample1 and CPPSample2 folders before applying this fix. Once the fix has been applied, start with opening the new *.vcxproj files.

Fix Availability Date: 17 December 2014

High Impact: N

Reported Severity: 5
4.7.0.2_iFix007: RTC451116 / APAR IT06200 / CVE-2014-8730

Description of Issue: A Transport Layer Security (TLS) padding vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack affects IBM Sterling Connect:Direct for Microsoft Windows.

Description of Fix: Enabled the GSK_STRICTCHECK_CBCPADBYTES setting in GSKit to check for strict compliance with the TLS RFC.

Fix Availability Date: 19 December 2014

High Impact: Y

Reported Severity: 2
4.7.0.2_iFix008: RTC451886 / APAR IT06256

Description of Issue: The CLI help is missing the LIMIT keyword in the Select Statistics command help.

Description of Fix: Added the following text to the "help select statistics;" output:

[limit = number of entries]

Fix Availability Date: 30 December 2014

High Impact: N

Reported Severity: 4
4.7.0.2_iFix009: RTC451923 / APAR IT06263

Description of Issue: Message SSRV134I not logged correctly.

Description of Fix: Added proper process name and number information and fixed the &PNUM value in the message data.

Fix Availability Date: 30 December 2014

High Impact: N

Reported Severity: 4
4.7.0.2_iFix010: RTC452029 / APAR IT06282

Description of Issue: Summary message SCPA085I shows wrong SNODE name on wildcard copy receive. It shows the pnode's name instead.

Description of Fix: Fixed.

Fix Availability Date: 02 January 2015

High Impact: N

Reported Severity: 3
4.7.0.2_iFix011: RTC452049 / APAR IT06289

Description of Issue: Enhance the LCOA014I message to provide more details on failed logon attempts.

Description of Fix: The OS system error code is now logged as the feedback code (FDBK) and the specified userid is added to the message data. Here are some typical error codes and their meaning:

1326: Logon failure - unknown user name or bad password.

1331: Logon failure - account currently disabled.

1385: Logon failure - the user has not been granted the requested logon type at this computer.

Fix Availability Date: 02 January 2015

High Impact: N

Reported Severity: 5
4.7.0.2_iFix012: RTC452149 / APAR IT06308

Description of Issue: The CD Change Notification Utility (ChNotify.exe) shows invalid values or fails with an error: Encountered an improper argument. Saving the configuration will corrupt the Notification settings in the registry. As a result, the Connect:Direct Server will show an LCRG011I error during startup: The data stored in the registry is out of range - CDRG_reg2mem.

Description of Fix: Fixed a side effect introduced by 4.7.0.2_iFix001.

Fix Availability Date: 06 January 2015

High Impact: N

Reported Severity: 2
All iFixes and fix packs listed above are accumulated in fix pack 3 (4.7.0.3).

iFixes after 4.7.0.3
4.7.0.3_iFix001: RTC453745 / APAR IT07026 / CVE-2014-3065

Description of Issue: There is a vulnerability in IBM Runtime Environment Java Technology Edition, Version 7 that is used by IBM Sterling Connect:Direct for Microsoft Windows. The issue was disclosed as part of the IBM Java SDK updates in October 2014.

Description of Fix: Updated the IBM Runtime Environment Java and moved its location to a new ibm_jre folder due to changes in the installer.

Fix Availability Date: 19 March 2015

High Impact: Y

Reported Severity: 2
4.7.0.3_iFix002: RTC459219 / APAR IT07670 / CVE-2015-0138, CVE-2015-0159

Description of Issue: GSKit is an IBM component that is used by IBM Sterling Connect:Direct for Microsoft Windows. The GSKit that is shipped with IBM Sterling Connect:Direct for Microsoft Windows contains multiple security vulnerabilities including the "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability.

Description of Fix: Updated the version of GSKit.

Fix Availability Date: 19 March 2015

High Impact: Y

Reported Severity: 2
4.7.0.3_iFix003: RTC457187 / APAR IT07984

Description of Issue: Concurrent Session High Water Mark

Description of Fix: The Concurrent Sessions High Water Mark count is the maximum number of sessions running concurrently. This is information only and requires no action. It is logged each day at midnight local time and at system shutdown in the SCNT record in statistics. A new LCNT001I message was introduced to provide visibility to the user: Concurrent Sessions High Water Mark count of &MAX occurred at &TIME.
Fix Availability Date: 26 March 2015

High Impact: N

Reported Severity: 5
4.7.0.3_iFix004: RTC462325 / APAR IT08243 / CVE-2015-2808, CVE-2011-3389

Description of Issue: CBC ciphers are vulnerable to CVE-2011-3389 (BEAST Attack). Previous recommendation to mitigate CVE-2011-3389 was to not use CBC ciphers. RC4 ciphers are vulnerable to CVE-2015-2808 (Bar Mitzvah Attack). Current recommendation to mitigate CVE-2015-2808 is to discontinue use of RC4 ciphers. However, the remaining available ciphers are generally CBC ciphers.

Description of Fix: Fixed code to mitigate CVE-2011-3389 (BEAST Attack).

Recommendation: Sterling Connect:Direct for Microsoft Windows by default disables the RC4 stream cipher. If you enabled the RC4 stream cipher you are exposed to the RC4 “Bar Mitzvah” Attack for SSL/TLS. IBM recommends that you review your entire environment to identify other areas where you have enabled the RC4 stream cipher and take appropriate mitigation and remediation actions.

Fix Availability Date: 20 April 2015

High Impact: Y

Reported Severity: 2
4.7.0.3_iFix005: RTC459344 / APAR IT08410

Description of Issue: Installation fails on a bare Windows system while trying to initialize Secure+. The following error message is shown in the installation log:

1: SPCli.log: Exception in thread "main" java.lang.UnsatisfiedLinkError: cdsp (The application has failed to start because its side-by-side configuration is incorrect.

Description of Fix: Added the Microsoft Visual C++ 2008 SP1 Redistributable package as a prerequisite to the installer.

Workaround: Manually download the latest Microsoft Visual C++ 2008 SP1 (x86) Redistributable package from Microsoft and install it prior to installing Sterling Connect:Direct.

Fix Availability Date: 20 April 2015

High Impact: N

Reported Severity: 2
4.7.0.3_iFix006: RTC465748 / APAR IT08979

Description of Issue: The Control Pad window in CD Requester showing nodes and

commands is a bit too narrow. Sometimes command text may not fit into the window and a horizontal scroll bar appears. While the user can scroll or resize the window, it is an extra step for him to do so.

Description of Fix: Increased the default windows size of the Control Pad to enhance usability.

Fix Availability Date: 19 May 2015

High Impact: N

Reported Severity: 5
4.7.0.3_iFix007: RTC463248 / APAR IT08977

Description of Issue: The Microsoft Visual C++ 2013 Redistributable Package (x86) did not get installed on some x64 Windows systems as expected.

Description of Fix: While this has not caused any issues, the 3rd party install conditions have been fixed, so that the redistributable gets installed as expected.

In addition, the Microsoft Visual C++ 2013 Redistributable Package (x64) was added to the SDK installer, because the SDK does support x64 C++ executables now.

Fix Availability Date: 19 May 2015

High Impact: N

Reported Severity: 4
4.7.0.3_iFix008: RTC468875 / APAR IT09460

Description of Issue: Sterling Control Center and the Application Interface for Java (AIJ) fail to update Secure+ configurations after applying 4.7.0.3_iFix001.

Description of Fix: Updated the path to the JRE in the CMGR to point to the new JRE installation directory.

Fix Availability Date: 15 June 2015

High Impact: N

Reported Severity: 2
4.7.0.3_iFix009: RTC469611 / APAR IT09613

Description of Issue: CSPA320W warning occurring even when Secure+ was already disabled on the Snode by default: The Snode allowed a Pnode override to disable Secure+.

Description of Fix: Updated the condition for CSPA320W to occur.

Fix Availability Date: 23 June 2015

High Impact: N

Reported Severity: 4
4.7.0.3_iFix010: RTC472434 / APAR IT10446

Description of Issue: Process goes immediately from TIMR RE to HOLD HS on a TCP/IP timeout (LIPT011I, OS error 10060) and does not retry.

Description of Fix: Removed the condition that had triggered HOLD HS, allowing the process to retry as expected.

Fix Availability Date: 31 July 2015

High Impact: N

Reported Severity: 3
4.7.0.3_iFix011: RTC467270 / APAR IT09724

Description of Issue: Secure+ transfers failing when Windows is sending and the negotiated buffer size (RU Size) is less than 16384 bytes.

Description of Fix: Updated the buffer size calculation.

Fix Availability Date: 06 August 2015

High Impact: N

Reported Severity: 2
4.7.0.3_iFix012: RTC471699 / APAR IT10556

Description of Issue: Connect:Direct API commands over a secure connection fail after upgrading the JRE in Connect:Direct Browser, Sterling Control Center or other application using the Application Interface for Java (AIJ).

Description of Fix: Fixed.

Fix Availability Date: 10 August 2015

High Impact: N

Reported Severity: 2
4.7.0.3_iFix013: RTC460012 / APAR IT11122

Description of Issue: When a process fails with an exception response, like LSMG622I and SCPA024I, it was moved to the HOLD queue but with a wrong status of HS. As a side effect of this status, the process will get restarted at the next node startup.

Description of Fix: Updated exception handling to correctly move the process to HOLD HE.



Download 79.91 Kb.
1   2   3   4   5   6




Download 79.91 Kb.