TIBCO Security Advisory: April 8, 2014 - TIBCO Rendezvous®

Frequently Asked Questions

General FAQ

Why is this advisory being issued?

Security vulnerabilities have been discovered in:

  • TIBCO Rendezvous® 8.4.1 and below
  • TIBCO Messaging Appliance™ 8.7.0 and below
  • TIBCO Substation ES™ 2.8.0 and below

What is the impact of these vulnerabilities?

For detailed information on the vulnerability, please see the security advisory.

Which customers are affected?

These issues affect all customers using the above product versions.

Where can I get software updates?

Customers with current maintenance can obtain product updates through their standard TIBCO fulfillment channel.

How will customers who receive TIBCO software via OEM partners be affected?

Customers of OEM partners can receive new versions and hot fixes from their OEM partners. Please contact your OEM partner for updates.

Can I get the software update if I am not current on maintenance, if I do not have access to the download site or access to TIBCO Support?

Please contact TIBCO Support by telephone. Please reference SR_ID: 423648 in your communication to indicate the context of your request.

What is TIBCO doing to prevent future security issues?

TIBCO takes security very seriously. We perform rigorous testing for every product release, as well as code audits, structured walkthroughs and peer reviews. TIBCO has identified security vulnerabilities in products during internal testing and reviews and corrected them prior to release. TIBCO constantly evaluates and augments its security measures and will continue to do so.

Where can I get more information?

Product advisories can be accessed from the Security Advisories for TIBCO Products web page.

Customers with a current maintenance contract with TIBCO can log a service request with TIBCO Global Support (please refer to the service request identifiers listed above) and then call your support telephone number. Maintenance customers can also view product-specific Late Breaking News through the TIBCO Support Web.

TIBCO Rendezvous FAQ

Which product versions are affected?

  • TIBCO Rendezvous 8.4.1 and below

What components are affected?

  • TIBCO Rendezvous® Daemon (rvd)
  • TIBCO Rendezvous® Routing Daemon (rvrd)
  • TIBCO Rendezvous® Secure Daemon (rvsd)
  • TIBCO Rendezvous® Secure Routing Daemon (rvsrd)

Which TIBCO Rendezvous packages include the affected components?

  • TIBCO Rendezvous® Enterprise Daemon for zLinux
  • TIBCO Rendezvous® Enterprise Daemon
  • TIBCO Rendezvous® for z/OS
  • TIBCO Rendezvous® Standard Daemon

How should customers handle these issues?

For each affected system, customers should update to:

  • TIBCO Rendezvous 8.4.2 or higher

Please follow the instructions in the product installation manual.

What is updated by this new product version?

Please see the readme, release notes and/or documentation for a complete list of changes.

Do I need to recompile or re-link my TIBCO Rendezvous applications?

TIBCO Rendezvous applications do not need to be recompiled or re-linked; the vulnerability is limited to the specified TIBCO Rendezvous daemons.

Which TIBCO products include TIBCO Rendezvous?

  • TIBCO ActiveMatrix® Adapter for Amdocs CRM
  • TIBCO ActiveMatrix® Adapter for Database
  • TIBCO ActiveMatrix® Adapter for Files for Unix-Win
  • TIBCO ActiveMatrix® Adapter for Files for zLinux
  • TIBCO ActiveMatrix® Adapter for IBM i
  • TIBCO ActiveMatrix® Adapter for JD Edwards EnterpriseOne
  • TIBCO ActiveMatrix® Adapter for Kenan/BP
  • TIBCO ActiveMatrix® Adapter for LDAP
  • TIBCO ActiveMatrix® Adapter for LDAP for zLinux
  • TIBCO ActiveMatrix® Adapter for Lotus Notes
  • TIBCO ActiveMatrix® Adapter for Oracle BRM
  • TIBCO ActiveMatrix® Adapter for OSIsoft PI
  • TIBCO ActiveMatrix Adapter for PeopleSoft
  • TIBCO ActiveMatrix® Adapter for SAP
  • TIBCO ActiveMatrix® Adapter for Siebel
  • TIBCO ActiveMatrix® Adapter for SWIFT
  • TIBCO ActiveMatrix® Adapter for Tuxedo
  • TIBCO ActiveMatrix BusinessWorks™
  • TIBCO ActiveMatrix BusinessWorks™ for z/Linux
  • TIBCO ActiveSpaces® Enterprise Edition
  • TIBCO ActiveSpaces® Enterprise Edition for zLinux
  • TIBCO® Adapter for COM
  • TIBCO® Adapter for CORBA
  • TIBCO® Adapter for EJB
  • TIBCO® Adapter for Remedy
  • TIBCO® Adapter for Teradata
  • TIBCO® Adapter SDK
  • TIBCO® API Exchange
  • TIBCO BusinessConnect™
  • TIBCO BusinessWorks™ Workflow
  • TIBCO® Cloud API Exchange
  • TIBCO Enterprise Management Advisor™
  • TIBCO® Fulfillment Order Management
  • TIBCO Hawk®
  • TIBCO InConcert®
  • TIBCO iProcess® Engine
  • TIBCO PortalBuilder®
  • TIBCO RFID Interchange™

Silver Fabric distributions that include TIBCO Rendezvous include:

  • TIBCO ActiveMatrix BusinessWorks™ Distribution for TIBCO Silver® Fabric
  • TIBCO ActiveMatrix BusinessWorks™ Service Engine Distribution for TIBCO Silver® Fabric
  • TIBCO ActiveMatrix® Service Grid Distribution for TIBCO Silver® Fabric
  • TIBCO® Adapter for Database Distribution for TIBCO Silver® Fabric
  • TIBCO® Adapter for Files (Unix/Win) Distribution for TIBCO Silver® Fabric
  • TIBCO® Adapter for LDAP Distribution for TIBCO Silver® Fabric
  • TIBCO® Adapter for SAP Distribution for TIBCO Silver® Fabric
  • TIBCO® API Exchange Gateway Distribution for TIBCO Silver® Fabric
  • TIBCO BusinessEvents® Distribution for TIBCO Silver® Fabric

Do I need to take additional steps to use the updated TIBCO Rendezvous with TIBCO ActiveMatrix?

Yes. The following TIBCO ActiveMatrix® products must be updated with the TIBCO Rendezvous® Updater for ActiveMatrix® to make them compatible with the update of TIBCO Rendezvous:

  • TIBCO ActiveMatrix® BPM
  • TIBCO ActiveMatrix® Service Bus
  • TIBCO ActiveMatrix® Service Grid

How do I update TIBCO ActiveMatrix products to be compatible with the update of TIBCO Rendezvous?

TIBCO Rendezvous Updater for ActiveMatrix is supplied with the latest version of each of the ActiveMatrix products listed above. This tool will update your ActiveMatrix installation to make it compatible with the updated installation of TIBCO Rendezvous. Please see the README delivered with the TIBCO Rendezvous Updater for ActiveMatrix for detailed usage instructions.

What is updated by the TIBCO Rendezvous Updater for ActiveMatrix?

The TIBCO Rendezvous Updater for ActiveMatrix updates the TIBCO Rendezvous® Java client library used by the named TIBCO ActiveMatrix products. The Java client library is copied from your updated TIBCO Rendezvous installation into your TIBCO ActiveMatrix installation.

TIBCO Messaging Appliance FAQ

Which product versions are affected?

  • TIBCO Messaging Appliance 8.7.0 and below

What components are affected?

  • TIBCO Messaging Appliance

How should customers handle these issues?

For each affected system, customers should update to:

  • TIBCO Messaging Appliance 8.7.1 or higher

Please follow the instructions in the product installation manual.

What is updated by this new product version?

Please see the readme, release notes and/or documentation for a complete list of changes.

TIBCO Substation ES FAQ

Which product versions are affected?

  • TIBCO Substation ES 2.8.0 and below

Which components are affected?

  • TIBCO Rendezvous Daemon (rvd)
  • TIBCO Rendezvous Secure Daemon (rvsd)

How should customers handle these issues?

For each affected system, customers should update to:

  • TIBCO Substation ES 2.8.1 or higher

Please follow the instructions in the product installation manual.

What is updated by this new product version?

Please see the readme, release notes and/or documentation for a complete list of changes.

---------------------