Hardware Management Console Readme For use with HMC Version 7 Release 7.8.0 Service Pack 1 Contents The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01423 <#MH01423> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01423 This package includes a fix for HMC Version 7 Release 7.8.0 Service Pack 1. You can reference this package by APAR# MB03797. This image can be installed on top of HMC HMC V7 Release 7.8.0 Service Pack 1 with/without additional PTFs installed. This PTF is not cumulative and it does not supersede any previous PTFs. Note: After applying the fix, additional instructions are needed for CVE-2014-0160. See *Security Bulletin: Power Hardware Management Console is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)* at http://www-01.ibm.com/support/docview.wss?uid=nas8N1020021 /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01423.iso 4538368 1b20cdfa6b168315abbad04b23ecf0c0043f7795 MB03797 MH01423 Splash Panel information (or lshmc -V output) Without MH01416 (Mandatory efix for HMC V7R780 SP1) installed: "version= Version: 7 Release: 7.8.0 Service Pack: 1 HMC Build level 20140303.1 MH01423: Fix for openssl CVE-2014-0160 CVE-2014-0076 (04-10-2014) ","base_version=V7R7.8.0.0 " With MH01416 installed: "version= Version: 7 Release: 7.8.0 Service Pack: 1 HMC Build level 20140324.1 MH01416: Fix for HMC V7R7.8.0 SP1 (03-24-2014) MH01423: Fix for openssl CVE-2014-0160 CVE-2014-0076 (04-10-2014) ","base_version=V7R7.8.0 " List of fixes This package includes the following fix: * Fixed openssl security vulnerability CVE-2014-0160 and CVE-2014-0076 ("Heartbleed" problem). Back to top <#ibm-content> Installation *Notes:* 1. After installing the fix, additional instructions are needed for CVE-2014-0160. See *Security Bulletin: Power Hardware Management Console is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)* at http://www-01.ibm.com/support/docview.wss?uid=nas8N1020021 2. This PTF should be applied last, after any other fixes. If another fix is installed after MH01423, the MH01423 splash screen information will be removed. The fix is still applied and active however the PTF needs to be re-installed to restore the splash screen information. Installation instructions for HMC Version 7 upgrades, updates and corrective service can be found at these locations: Installation methods for HMC Version 7 updates and fixes Upgrading or restoring HMC Version 7 Instructions and images for upgrading via a remote network install can be found here (for all HMC releases): HMC network installation images Additional information Notes: 1. This PTF resolves the vulnerability by back porting the fix onto the HMCs current version of openssl. The release level on the package has been updated to reflect the fix. 2. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 3. This image requires DVD -R media. 4. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 5. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i Back to top <#ibm-content>