It is a little more current (very little) on my 7.6.04 SP2 Windows server. \PathToInstall\BMC Software\AtriumCore\BMCAtriumCoreInstallJVM\bin>java -version java version "1.5.0_11" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03) Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode)
Jason On Thu, Dec 15, 2011 at 9:32 AM, Axton <[email protected]> wrote: > ** Does anyone know why certain components of ITSM come bundled with an > ancient version of the Sun JRE? > > Atrium Core comes bundled with this JVM: > > [user@server bin]$ pwd > /path/to/AtriumCore/server/BMCAtriumCoreInstallJVM/bin > > [user@server bin]$ ./java -version > java version "1.5.0_09" > Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03) > Java HotSpot(TM) Server VM (build 1.5.0_09-b03, mixed mode) > > > The following security issues are not addressed in the bundled JVM: > > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the following names to the security issues fixed in > JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, > CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, > CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, > CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the following names to the security issues fixed in > JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, > CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, > CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, > CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the following names to the security issues fixed in > JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, > CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, > CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, > CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, > CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, > CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885. > > > There are many more issues that exist with the bundled JVM that are not > listed above. See here for a more comprehensive list, which unfortunately > only goes back to 2007, so updates to the bundled JVM between it's release > date and 2007 are not outlined on the following pages: > > http://blogs.oracle.com/sunsecurity/tags/java > > http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html#AppendixJAVA > > > Of particular concern are the following: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557 > > > I don't understand why the JVM is bundled with the product. Flashboards, > email engine, and the main ARServer Java plugin server do not have a > bundled JVM, but these particular components do. > > This applies to the plugin server used to load the following plugins: > > DSM.FILTER (dsm.jar) > BMC.ARDBC.ATRIUM.API (atrium-ar-kit.jar) > AIS.FILTERAPI (ais.jar) > RMDY.ITSM.RLE (rle.jar) > > > And also to another plugin server used to load the following plugins: > > BMC.FILTERAPI.NORM.ENGINE (neplugin75.jar) > > > Applicable Environment Information: > > - ARServer 7.5 Patch 3 > - CMDB 7.5.00 Patch 005 > - Platform: Solaris 10 > > > Questions I have for anyone willing to answer: > > - Is the JVM bundled with later versions of the CMDB the same version or > has it been updated? > - Is it possible to use a different JVM for these 2 plugin servers without > impacting the stability of the plugins or is there some > inherent dependency on that specific JVM? I can easily re-point the plugin > server to a later release of Java in these files: > > /path/to/AtriumCore/server/cmdb/server/bin/normeng.sh > /path/to/AtriumCore/server/cmdb/server/bin/atriumplugin.sh > > > Axton Grams > _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
