Fix (APAR):  PI12926

Status:  Fix

Release:  8.5.5.1,8.5.5,8.5.0.2

Operating System:  AIX,HP-UX,IBM i,Linux,Solaris,Windows

Supersedes Fixes:  

CMVC Defect:  xxxxxx

Byte size of APAR:  5183611

Date: 2014-03-27

Abstract:  Confidential for Security Integrity ifix CVE-2014-0050

Description/symptom of problem:  
PI12926 resolves the following problem:CVE-2014-0050

ERROR DESCRIPTION:
Confidential for Security Integrity ifix. CVE-2014-0050

LOCAL FIX:                                                      
none                                                            

PROBLEM SUMMARY:
Confidential for Security Integrity ifix.

PROBLEM CONCLUSION:
Confidential for Security Integrity ifix. Fixes CVE-2014-0050


Directions to apply fix:  
1. Open a console and direct it to the location of your iFix jar
2. Run the command "java -jar 8551-wlp-archive-IFPI12926.jar". 
or
Run the command "java -jar 8550-wlp-archive-IFPI12926.jar".
or
Run the command "java -jar 8.5.0.2-WS-WASProd_WLPArchive-IFPI12926.jar"

The following launch options are available for the jar:

--installLocation [LibertyRootDir] by default the jar will look for a "wlp" directory in its current location. If your Liberty profile install location is different to "wlp" and/or is not in the same directory as the jar then you can use this option to change where the jar will patch. [LibertyRootDir] can either be
relative to the location of the jar or an absolute file path.

--suppressInfo hides all messages other than confirming the
        patch has completed or error messages.

3. Stop your Liberty profile server(s).
4. When you next start your Liberty profile server(s), use the --clean option on the server start command (server start myServerName --clean) and the fix will become fully active in your runtime.



Directions to remove fix:  1. Stop your Liberty profile server(s).
2. You will need to delete the following files (file locations are
relative to your Liberty profile install root):

For 8.5.0.2

 - lib/com.ibm.ws.org.apache.commons.fileupload.1.2.1_1.0.0.20140319-1028.jar
 - lib/fixes/8.5.0.2-WS-WASProd_WLPArchive-IFPI12926_8.5.2.20140319_1028.xml 


For 8.5.5

- lib/com.ibm.ws.org.apache.commons.fileupload.1.2.1_1.0.1.cl50020140312-1305.jar
- lib/fixes/8550-wlp-archive-IFPI12926_8.5.5000.20140312_1305.xml


for 8.5.5.1 

- lib/com.ibm.ws.org.apache.commons.fileupload.1.2.1_1.0.2.cl50120140313-1324.jar
 - lib/fixes/8551-wlp-archive-IFPI12926_8.5.5001.20140313_1324.xml

 3. When you next start your Liberty profile server(s), use the --clean option. The fix will then become inactive in your runtime.

Directions to re-apply fix:  
1. Follow the instructions to apply the fix.


Additional Information: