LiveCycle ES4 SP1 |Signatures | Quick Fix 1137-011

Posted on April 22, 2016

Note:

This QF may not be the latest Signatures QF for LiveCycle ES4 SP1 (11.0.1). For a complete and latest list of LiveCycle ES4 SP1 (11.0.1) QFs, see LiveCycle ES4 SP1 Quick FixesContact Support for more information or to obtain the QF.

Issues fixed in the QF

    • Deserializing byte code into objects could be manipulated into executing custom code, which lead to a possibility of Remote Code Execution (RCE) without authentication. (Ref #NPR-10186)
    Note:

    To learn more about the vulnerability and obtain application server-specific patches, see Deserialization vulnerability in the Apache commons-collections library.

    Prerequisites to installing the QF

    Installing and configuring the QF

    1. Take a backup of the <LiveCycle_root>/deploy folder. It is required if you decide to uninstall the quick fix.
    2. Stop your application server.
    3. Extract the QF archive file to your hard drive.
    4. In the directory named according to the operating system that you are using:
      • Windows
        Navigate to the appropriate directory on the installation media or folder on your hard disk where you copied the installer, and double-click the install.exe file.
        • (Windows 32-bit) CDROM_Installers\Windows\Disk1\InstData\VM
        • (Windows 64-bit) CDROM_Installers\Windows_64Bit\Disk1\InstData\VM
      • Linux, Solaris, AIX
        Navigate to the appropriate directory, and from a command prompt, type ./install.bin.
        • (Linux) CDROM_Installers/Disk1/InstData/NoVM
        • (Solaris) CDROM_Installers/Disk1/InstData/NoVM
        • (AIX) CDROM_Installers/Disk1/InstData/VM

      This launches an install wizard that guides you through the installation.

    5. On the Introduction panel, click Next.
    6. On the Choose Install Folder screen, verify that the default location displayed is correct for your existing installation, or click Browse to select the alternate folder where LiveCycle ES4 SP1 is currently installed, and click Next.
    7. Read the Quick Fix Patch Summary information and click Next.
    8. Read the Pre-Installation Summary information and click Install.
    9. When the installation is complete, click Next to apply the quick fix updates to your installed files.
    10. The Start Configuration Manager checkbox is selected by default. Click Done to run the Configuration Manager.

      To run Configuration Manager later, deselect the Start Configuration Manager option before you click Done. You can start Configuration Manager later using the appropriate script in the [LiveCycle root]/configurationManager/bin directory.

    11. Depending on your application server, choose one of the following documents and follow the instructions in the Configuring and Deploying LiveCycle section.
    12. Restart the server machine.

    Impacted LiveCycle modules

    • LiveCycle Digital Signatures

    Uninstalling the QF

    1. Create a backup of the [LiveCycle root]\deploy\adobe-signatures-dsc.jar file.
    2. Copy the file [LiveCycle root]\patch\<QF_Patch_ID>\backup_<QF_Patch_ID>\deploy\adobe-signatures-dsc.jar to the [LiveCycle root]\deploy directory. 
    3. Depending on your application server, choose one of the following documents and follow the instructions in the Configuring and Deploying LiveCycle section.

    Get help faster and easier

    New user?