Back to Advisory

TIBCO Security Advisory: August 25, 2015 - TIBCO Rendezvous®

Frequently Asked Questions

General FAQ

Why is this advisory being issued?

Security vulnerabilities have been discovered in:

  • TIBCO Rendezvous® 8.4.3 and below (all distributions)
  • TIBCO Rendezvous® Network Server 1.1.0 and below
  • TIBCO Substation ES™ 2.8.1 and below
  • TIBCO Messaging Appliance™ 8.7.1 and below

 

What is the impact of these vulnerabilities?

For detailed information on the vulnerability, please see the security advisory.

Which customers are affected?

These issues affect all customers using the above product versions.

Where can I get software updates?

Customers with current maintenance can obtain product updates through their standard TIBCO fulfillment channel.

How will customers who receive TIBCO software via OEM partners be affected?

Customers of OEM partners can receive new versions and hot fixes from their OEM partners. Please contact your OEM partner for updates.

Can I get the software update if I am not current on maintenance, if I do not have access to the download site or access to TIBCO Support?

Please contact TIBCO Support by telephone. Please reference SR_ID: 609148 in your communication to indicate the context of your request.

What is TIBCO doing to prevent future security issues?

TIBCO takes security very seriously. We perform rigorous testing for every product release, as well as code audits, structured walkthroughs and peer reviews. TIBCO has identified security vulnerabilities in products during internal testing and reviews and corrected them prior to release. TIBCO constantly evaluates and augments its security measures and will continue to do so.

Where can I get more information?

Product advisories can be accessed from the Security Advisories for TIBCO Products web page.

Customers with a current maintenance contract with TIBCO can log a service request with TIBCO Global Support (please refer to the service request identifier listed above) and then call your support telephone number. Maintenance customers can also view product-specific Late Breaking News through the TIBCO Support Web.

TIBCO Rendezvous

Which product versions are affected?

  • TIBCO Rendezvous® 8.4.3 and below (all distributions)

Which components are affected?

  • TIBCO Rendezvous Daemon (rvd)
  • TIBCO Rendezvous Routing Daemon (rvrd)
  • TIBCO Rendezvous Secure Daemon (rvsd)
  • TIBCO Rendezvous Secure Routing Daemon (rvsrd)
  • TIBCO Rendezvous Daemon Adapter (rvda)
  • TIBCO Rendezvous Cache (rvcache)
  • TIBCO Rendezvous Agent (rva)
  • TIBCO Rendezvous Relay Agent (rvrad)

Which TIBCO Rendezvous packages include the affected components?

  • TIBCO Rendezvous® Enterprise Daemon for zLinux
  • TIBCO Rendezvous® Enterprise Daemon
  • TIBCO Rendezvous® for z/OS
  • TIBCO Rendezvous® Standard Daemon

How should customers handle these issues?

For each affected system, customers should update to:

  • TIBCO Rendezvous 8.4.4 or higher

Please follow the instructions in the product installation manual.

What is updated by this new product version?

Please see the readme, release notes and/or documentation for a complete list of changes.

Do I need to recompile or re-link my TIBCO Rendezvous applications?

TIBCO Rendezvous applications do not need to be recompiled or re-linked; the vulnerability is limited to the specified TIBCO Rendezvous daemons.

Which TIBCO products include TIBCO Rendezvous?

Products that include TIBCO Rendezvous include:

  • TIBCO ActiveMatrix® Adapter for Amdocs CRM
  • TIBCO ActiveMatrix® Adapter for Database
  • TIBCO ActiveMatrix® Adapter for Files for Unix/Win
  • TIBCO ActiveMatrix® Adapter for Files for zLinux
  • TIBCO ActiveMatrix® Adapter for JD Edwards EnterpriseOne
  • TIBCO ActiveMatrix® Adapter for Kenan/BP
  • TIBCO ActiveMatrix® Adapter for LDAP for zLinux
  • TIBCO ActiveMatrix® Adapter for Lotus Notes
  • TIBCO ActiveMatrix® Adapter for Oracle BRM
  • TIBCO ActiveMatrix® Adapter for OSIsoft PI
  • TIBCO ActiveMatrix Adapter for PeopleSoft
  • TIBCO ActiveMatrix® Adapter for SAP
  • TIBCO ActiveMatrix® Adapter for Siebel
  • TIBCO ActiveMatrix® Adapter for Tuxedo
  • TIBCO ActiveMatrix BusinessWorks™
  • TIBCO ActiveMatrix BusinessWorks™ for z/Linux
  • TIBCO ActiveSpaces® Enterprise Edition
  • TIBCO® Adapter for COM
  • TIBCO® Adapter for CORBA
  • TIBCO® Adapter for EJB
  • TIBCO® Adapter for Remedy
  • TIBCO® Adapter for Teradata
  • TIBCO® Adapter SDK
  • TIBCO® API Exchange
  • TIBCO® API Exchange Gateway
  • TIBCO BusinessConnect™
  • TIBCO BusinessWorks™ Workflow
  • TIBCO FTL Rendezvous® Network Server
  • TIBCO® Fulfillment Order Management
  • TIBCO Hawk®
  • TIBCO InConcert®
  • TIBCO iProcess® Engine
  • TIBCO RFID Interchange™

Silver Fabric distributions that include TIBCO Rendezvous include:

  • TIBCO ActiveMatrix BusinessWorks™ Distribution for TIBCO Silver® Fabric
  • TIBCO ActiveMatrix BusinessWorks™ Service Engine
  • Distribution for TIBCO Silver® Fabric
  • TIBCO ActiveMatrix® Service Grid Distribution for TIBCO Silver® Fabric
  • TIBCO® Adapter for Database Distribution for TIBCO Silver® Fabric
  • TIBCO® Adapter for Files (Unix/Win) Distribution for TIBCO Silver® Fabric
  • TIBCO® Adapter for LDAP Distribution for TIBCO Silver® Fabric
  • TIBCO® Adapter for SAP Distribution for TIBCO Silver® Fabric
  • TIBCO Administrator™ - Enterprise Edition Distribution for TIBCO Silver® Fabric
  • TIBCO® API Exchange Gateway Distribution for TIBCO Silver® Fabric
  • TIBCO BusinessConnect™ Distribution for TIBCO Silver® Fabric
  • TIBCO BusinessEvents® Distribution for TIBCO Silver® Fabric

TIBCO Rendezvous Network Server

Which product versions are affected?

  • TIBCO Rendezvous® Network Server 1.1.0 and below

Which components are affected?

  • TIBCO Rendezvous Daemon (rvd)
  • TIBCO Rendezvous Gateway Daemon (rvgd)

How should customers handle these issues?

For each affected system, customers should update to:

  • TIBCO Rendezvous Network Server 1.1.1 or higher

Please follow the instructions in the product installation manual.

What is updated by this new product version?

Please see the readme, release notes and/or documentation for a complete list of changes.

TIBCO Substation ES

Which product versions are affected?

  • TIBCO Substation ES™ 2.8.1 and below

Which components are affected?

  • TIBCO Rendezvous Daemon (rvd)
  • TIBCO Rendezvous Secure Daemon (rvsd)

How should customers handle these issues?

For each affected system, customers should update to:

  • TIBCO Substation ES 2.9.0 or higher

Please follow the instructions in the product installation manual.

What is updated by this new product version?

Please see the readme, release notes and/or documentation for a complete list of changes.

TIBCO Messaging Appliance

Which product versions are affected?

  • TIBCO Messaging Appliance™ 8.7.1 and below

Which components are affected?

  • TIBCO Rendezvous Gateway Daemon (rvgd)

How should customers handle these issues?

For each affected system, customers should update to:

  • TIBCO Messaging Appliance 8.7.2 or higher

Please follow the instructions in the product installation manual.

What is updated by this new product version?

Please see the readme, release notes and/or documentation for a complete list of changes.

---------------------

The information on this page is being provided to you on an "AS IS" and "AS-AVAILABLE" basis. The issues described on this page may or may not impact your system(s). TIBCO makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT TIBCO SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. The information on this page is being provided to you under the terms of your license and/or services agreement with TIBCO, and may be used only for the purposes contemplated by the agreement. If you do not have such an agreement with TIBCO, this information is provided under the TIBCO.com Terms of Use, and may be used only for the purposes contemplated by such Terms of Use.