Public Notice

Meltdown and Spectre Vulnerability Update

30 March 2018

TIBCO has investigated and identified applicable mitigation measures recommended by microprocessor and operating system vendors (“the Vendors”) for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) microprocessor vulnerabilities. The table below contains the current status of the Vendor-recommended mitigations for TIBCO offerings.

TIBCO Offering Mitigation status
Virtual Machine images

TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS
TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS (BYOL)

TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS 2.3.3 and TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS (BYOL) 2.3.3 are now available on AWS Marketplace. These releases use CentOS 7 x86_64 AMI version 1801_1 with kernel version 3.10.0-693.11.6.el7.x86_64, as recommended by a RedHat Security Advisory https://access.redhat.com/errata/RHSA-2018:0007

TIBCO Clarity

An update of TIBCO Clarity with appropriate Vendor-recommended mitigation updates is now available as on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version.

TIBCO Jaspersoft for AWS with Multi-Tenancy

An update for this virtual image with appropriate Vendor-recommended mitigation updates is now available on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version.

TIBCO Jaspersoft Reporting and Analytics for AWS (Hourly)
TIBCO Jaspersoft Reporting and Analytics for AWS (BOYL)

An update for these virtual images with appropriate Vendor-recommended mitigation updates is now available on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version.

TIBCO LogLogic Enterprise Virtual Appliance Software

TIBCO continues to monitor recommendations of its upstream vendors to determine the best solution to address these vulnerabilities. See https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL.

TIBCO Mashery Local

TIBCO Mashery Local 4.3.0, which is now available, includes CentOS 2.6.32-696.18.7.el6.x86_64. This is the version of CentOS announced by a Redhat Security Advisory to address Meltdown/Spectre: https://access.redhat.com/errata/RHSA-2018:0008

TIBCO Spotfire® Analytics Platform for AWS Marketplace

An update for this virtual image with appropriate Vendor-recommended mitigation updates is available on AWS Marketplace.

Hardware appliances

TIBCO FTL® Message Switch

A software and/or firmware update for the TIBCO FTL® Message Switch appliance with appropriate Vendor-recommended mitigation updates is scheduled to be available by April 30, 2018 on the TIBCO eDelivery site.

TIBCO LogLogic® Log Management Intelligence (LMI)

TIBCO continues to monitor its upstream vendors to determine the best solution to address these vulnerabilities. Please see https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL.

TIBCO-hosted services

TIBCO Mashery

Mashery® has been updated to include appropriate patches recommended by the Vendors to mitigate these vulnerabilities in externally accessible systems.

TIBCO® Reward

TIBCO is currently testing appropriate Vendor-recommended mitigation updates for TIBCO Reward. Following completion of testing, TIBCO will contact customers to schedule upgrades to TIBCO Reward.

All other hosted services

TIBCO hosted services other than TIBCO Mashery and TIBCO Reward, have been upgraded to include appropriate Vendor-recommended mitigation updates.