IBM App Connect Enterprise Certified Container Updates: Fixes and Security Enhancements

By |Published On: October 8th, 2024|2 min read|
ACE Certified Containers

IBM App Connect Enterprise Certified Container Updates: Fixes and Security Enhancements

IBM® has released several key updates for App Connect Enterprise (ACE) Certified Containers, targeting vulnerabilities and improving security. These updates are crucial for businesses using ACE containers in mission-critical environments. Below, we summarize the major updates, their implications, and how to apply them.

1. Certified Container Version Updates: Continuous Delivery and Long-Term Support

IBM has outlined the latest certified container versions for ACE, including both Continuous Delivery (CD) and Long-Term Support (LTS) models. These updates ensure businesses stay current with new features, functionalities, and critical fixes. Notably, starting in June 2024, the CD version begins at 12.1.0, while the LTS versions are updated through 5.0.0 and 12.0.0.

To maintain these fixes across all models, users must upgrade to the latest “operand” versions. All ACE containers should be deployed on supported Red Hat OpenShift Container Platform or Kubernetes versions.

For detailed versioning information, refer to IBM’s official container release page.

2. Security Bulletin: Universal Base Image (UBI) Vulnerabilities Fixed

IBM has addressed several critical security vulnerabilities within ACE Certified Container, which stemmed from issues in the Red Hat Universal Base Image (UBI). These vulnerabilities, ranging from stack-based buffer overflows to denial of service attacks, have been patched in versions 5.0.21 (LTS), 12.0.4 (LTS), and 12.4.0. Some of the key vulnerabilities include:

  • CVE-2024-40897: Stack-based buffer overflow in GStreamer ORC.
  • CVE-2024-37371: Denial of service in MIT Kerberos 5.
  • CVE-2024-38428: Security bypass in GNU Wget.

To mitigate these issues, IBM strongly recommends upgrading ACE Certified Containers to the following versions:

  • 5.0 LTS: Upgrade to version 5.0.21 or higher.
  • 12.0 LTS: Upgrade to version 12.0.4 or higher.
  • CD stream: Upgrade to version 12.4.0 or higher.

For detailed remediation steps and documentation, visit the official Security Bulletin page.

3. Vulnerability in Apache Commons IO for IntegrationServer and IntegrationRuntime

A vulnerability (CVE-2024-47554) in the Apache Commons IO library, used by ACE’s IntegrationServer and IntegrationRuntime, could lead to a denial-of-service attack. The flaw allows attackers to send specially crafted input that exhausts system resources, potentially crashing services.

IBM recommends upgrading to the following versions to address this vulnerability:

  • 5.0 LTS: Upgrade to version 5.0.20 or higher.
  • 12.0 LTS: Upgrade to version 12.0.1 or higher.
  • CD stream: Upgrade to version 12.2.0 or higher.

More information can be found in IBM’s Security Bulletin for Apache Commons IO.

Conclusion

These updates are critical for maintaining the security and performance of IBM App Connect Enterprise in containerized environments. Make sure to review the documentation, upgrade your systems, and stay informed on future patches. For ongoing notifications about security bulletins, subscribe to IBM’s My Notifications service.

Infrared360

To further optimize the security and performance of your IBM App Connect Enterprise (ACE) environment, consider integrating Infrared360 from Avada Software. This robust tool provides advanced management and monitoring capabilities for your ACE infrastructure to ensure secure and optimized operations whether in a traditional deployment or deployed in containers. Learn more about how Infrared360 can enhance your App Connect Enterprise environment here.

More Infrared360® Resources

About the Author: Scott Treggiari

Go to Top