Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1099 Cognos Business Intelligence 10.2.x interim fixes address a security vulnerability 8 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Cognos Business Intelligence Publisher: IBM Operating System: AIX HP-UX Linux variants Solaris Windows Impact/Access: Access Privileged Data -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-0224 Reference: ASB-2014.0073 ASB-2014.0071 ASB-2014.0069.2 ASB-2014.0068 ESB-2014.0888 ESB-2014.0887 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg24037870 - --------------------------BEGIN INCLUDED TEXT-------------------- Cognos Business Intelligence 10.2.x interim fixes address a security vulnerability Document information More support for: Cognos Business Intelligence Software version: 10.2, 10.2.1 Operating system(s): AIX, HP Itanium, HP-UX, Linux, Solaris, Windows Reference #: 4037870 Modified date: 2014-07-07 Downloadable files Abstract Cognos Business Intelligence interim fixes address a security vulnerability affecting IBM Cognos Business Intelligence 10.2, 10.2.1 and 10.2.1 Fix Pack 1 Download Description The following interim fixes provide important product corrections related to a security vulnerability affecting IBM Cognos Business Intelligence 10.2, 10.2.1 and 10.2.1 Fix Pack 1 (i.e. 10.2.1.1): IBM Cognos Business Intelligence 10.2 Interim Fix 9 IBM Cognos Business Intelligence 10.2.1 Interim Fix 6 IBM Cognos Business Intelligence 10.2.1 Fix Pack 1 Interim Fix 6 It is recommended that you apply the appropriate fix to all affected environments. After installing the IBM Cognos BI security updater, follow the instructions in Updating the IBM Cognos gateway after security kit installation. It is important to update the IBM Cognos BI gateway as there could be a potential mix of 32 bit and 64 bit libraries resulting in errors when accessing the gateway. Prerequisites These interim fixes require the following releases are installed as prerequisites: Cognos BI 10.2 Interim Fix 9 (10.2.0 IF9) requires that Cognos Business Intelligence 10.2 is already installed. Cognos BI 10.2.1 Interim Fix 6 (10.2.1 IF6) requires that Cognos Business Intelligence 10.2.1 is already installed. Cognos BI 10.2.1 Fix Pack 1 Interim Fix 6 (10.2.1.1 IF6) requires that Cognos Business Intelligence 10.2.1 Fix Pack 1 (10.2.1.1) is already installed. Installation Instructions To download an interim fix 1. Review the prerequisites. 2. Download the appropriate compressed tar file using the links in the Download package section. Some browsers might change the downloaded file type from .tar.gz to a file type not recognized by the operating system. To correct this, change the file type back to tar.gz. Use of Download Director will prevent inadvertent renaming of files at download. To install an interim fix on Linux or UNIX Copy the downloaded interim fix to the appropriate operating system. Change to the directory where you have copied the downloaded interim fix imagee Enter the following command: gunzip <filename> .tar.gz | tar xvf If you want to see the version of a component before you install it, unpack the tar file to disk, or read the table of contents of the tar file. Follow the installation instructions in the IBM Cognos Business Intelligence Installation and Configuration Guide. Apply the interim fix to all installations. Note: GNU Zip can be obtained from www.gzip.org and GNU tar can be obtained from www.gnu.org/software/tar . To install an interim fix on Windows Change to the directory where you have downloaded the interim fix. Using your file compress and decompress utility, decompress the .tar.gz file. If you are using WinZip, select the option "use folder names". If you want to see the version of a component before you install it, unpack the tar file to disk, or read the table of contents of the tar file. Follow the installation instructions in the IBM Cognos Business Intelligence Installation and Configuration Guide. Apply the interim fix to all installations. URL LANGUAGE SIZE(Bytes) Cognos BI Installation and Configuration Guide 10.2 Language Independent 7000 Cognos BI Installation and Configuration Guide 10.2.1 Language Independent 7000 Download package It is recommended that you install the latest generally available interim fix. Problems solved These interim fixes resolve Common Vulnerability and Exposure CVE-2014-0224. Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options What is Fix Central (FC)? Cognos BI Server 64-bit 10.2 IF9 AIX 04 Jul 2014 Language Independent 75810000 FC Cognos BI Server 64-bit 10.2 IF9 HP-UX Itanium 04 Jul 2014 Language Independent 87680000 FC Cognos BI Server 64-bit 10.2 IF9 Linux pSeries 04 Jul 2014 Language Independent 52570000 FC Cognos BI Server 64-bit 10.2 IF9 Linux x86 04 Jul 2014 Language Independent 56510000 FC Cognos BI Server 64-bit 10.2 IF9 Linux zSeries 04 Jul 2014 Language Independent 55460000 FC Cognos BI Server 64-bit 10.2 IF9 Solaris 04 Jul 2014 Language Independent 64480000 FC Cognos BI Server 32-bit 10.2 IF9 Windows 04 Jul 2014 Language Independent 46680000 FC Cognos BI Server 64-bit 10.2 IF9 Windows 04 Jul 2014 Language Independent 52900000 FC Cognos BI Server 64-bit 10.2.1 IF6 AIX 04 Jul 2014 Language Independent 80680000 FC Cognos BI Server 64-bit 10.2.1 IF6 HP-UX Itanium 04 Jul 2014 Language Independent 92590000 FC Cognos BI Server 64-bit 10.2.1 IF6 Linux pSeries 04 Jul 2014 Language Independent 57500000 FC Cognos BI Server 64-bit 10.2.1 IF6 Linux x86 04 Jul 2014 Language Independent 61420000 FC Cognos BI Server 64-bit 10.2.1 IF6 Linux zSeries 04 Jul 2014 Language Independent 60540000 FC Cognos BI Server 64-bit 10.2.1 IF6 Solaris 04 Jul 2014 Language Independent 69530000 FC Cognos BI Server 32-bit 10.2.1 IF6 Windows 04 Jul 2014 Language Independent 54370000 FC Cognos BI Server 64-bit 10.2.1 IF6 Windows 04 Jul 2014 Language Independent 60890000 FC Cognos BI Server 64-bit 10.2.1.1 IF6 AIX 04 Jul 2014 Language Independent 103820000 FC Cognos BI Server 64-bit 10.2.1.1 IF6 HP-UX Itanium 04 Jul 2014 Language Independent 107290000 FC Cognos BI Server 64-bit 10.2.1.1 IF6 Linux pSeries 04 Jul 2014 Language Independent 69170000 FC Cognos BI Server 64-bit 10.2.1.1 IF6 Linux x86 04 Jul 2014 Language Independent 133890000 FC Cognos BI Server 64-bit 10.2.1.1 IF6 Linux zSeries 04 Jul 2014 Language Independent 72540000 FC Cognos BI Server 64-bit 10.2.1.1 IF6 Solaris 04 Jul 2014 Language Independent 85170000 FC Cognos BI Server 32-bit 10.2.1.1 IF6 Windows 04 Jul 2014 Language Independent 127840000 FC Cognos BI Server 64-bit 10.2.1.1 IF6 Windows 04 Jul 2014 Language Independent 137350000 FC - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU7uBMBLndAQH1ShLAQJCBg//RzFPhraCMqVPd4Qbe40q9Geayw0YAg5f tB0sxarE7b6+Y0b1xEozGwztJ92AeB4KMer8TSdz9B//Pd4KPYHn/c38JwAZpjna J1kbTRbYgssmdb0h/Ywpo+BKhDm5Z1yKKSt/iP7thGZaw9SRrPPVH99KQ9P92mOB qevYYPxwA7xvwVeJ3arpTW34Ci2aMu/bg1eCjRCq96dFl+MkZepD60QZBmzIiyxU U7bdycvQXMhID7PsbS8b6aBIolfWOW9VGKkjQ0VYB9Hj8dlsqE5LLe1i2deev9Tr +JIVCD598VWFeoO4ASxS69Jb8WYsUkFDenVZLdMAB9qWt8B6wkrwM2/VnK+92r3n L+XRRSPNV/SMbQMnQJqZhzA/GVAKpaGuegCxrHjJ+H9goTf+sygoAu2q2VkIZW7J 4/KLSqY8miUtPY1ZC1sJcu5Chre6rObumYKnIXU1KS5j/IxohZJ6oliScIw9Kxxm kyLn7bk68XWs51pbpXwGM/wDzQKGZdSUwsMfM/lB6C9uRJtsxI/Jave5PX7+n8oU BxJRZUqJLFIjCiPK8dzcr+WpmKPy5OfkX0sIKi6fBUpxAgAuAOAJhclzRgabgY9F lTQjfLsy94aWSFoGBWXfjZNHkks6SHD/rv8hTPTBAVF/nAGgGVL5ErvSrEwXtTbQ gQN8TgxHa1k= =D/g5 -----END PGP SIGNATURE-----