Public Notice

Meltdown and Spectre Vulnerability Update

31 January 2018

TIBCO has investigated and identified mitigations for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities. The table below contains the current status of the remediations for TIBCO offerings that were affected by the Meltdown and Spectre vulnerabilities and not addressed in previous updates.

TIBCO Offering Mitigation status
Virtual Machine images

TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS
TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS (BYOL)

TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS and TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS (BYOL) 2.3.3 will be available on the AWS Marketplace by February 28, 2018. This release will use CentOS 7 x86_64 AMI version 1801_1 with kernel version 3.10.0-693.11.6.el7.x86_64 as per RedHat Security Advisory https://access.redhat.com/errata/RHSA-2018:0007

TIBCO Clarity

An update for TIBCO Clarity AMI has been available as of January 29, 2018 on the AWS Marketplace. TIBCO encourages its users to ensure they are using this latest version.

TIBCO Jaspersoft for AWS with Multi-Tenancy

An update for this virtual image will be available by February, 28 2018 on AWS Marketplace.

TIBCO Jaspersoft Reporting and Analytics for AWS (Hourly)
TIBCO Jaspersoft Reporting and Analytics for AWS (BOYL)

An update for these virtual images will be available by February, 28 2018 on AWS Marketplace.

TIBCO LogLogic Enterprise Virtual Appliance Software

TIBCO continues to monitor its upstream vendors to determine the best solution to address these vulnerabilities. See https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL.

TIBCO Mashery Local

TIBCO Mashery Local 4.3.0 will be available by February 28, 2018 on the AWS Marketplace. This OVA release will include CentOS 2.6.32-696.18.7.el6.x86_64. This is the version announced by Redhat Security Advisory to address Meltdown/Spectre: https://access.redhat.com/errata/RHSA-2018:0008

TIBCO Spotfire® Analytics Platform for AWS Marketplace

An update for this virtual image will be available by March, 15 2018 on the AWS Marketplace.

Hardware appliances

TIBCO FTL® Message Switch

An update for the TIBCO FTL® Message Switch appliance to address these vulnerabilities will be available by April, 30 2018 through TIBCO’s eDelivery.

TIBCO LogLogic® Log Management Intelligence (LMI)

TIBCO continues to monitor its upstream vendors to determine the best solution to address these vulnerabilities. See https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL.

TIBCO-hosted services

TIBCO Mashery

The Mashery service is being updated to address these vulnerabilities and will have completed updates by March 9, 2018.

TIBCO Reward

The Reward service has identified the updates that are required to mitigate Meltdown and Spectre. TIBCO is currently testing to determine the operational and performance impacts these updates will have on the Reward service. Testing will be completed no later than February 28, 2018. At this point TIBCO will contact customers to schedule upgrades to their Reward service.

All other hosted services

As of January 29, 2018, as reported in the previous update, all TIBCO hosted services with the exception of TIBCO Mashery and TIBCO Reward have been upgraded to address these vulnerabilities.