Hardware Management Console Readme

For use with Version 8 Release 8.1.0 Service Pack 1

 

Contents

The information in this Readme contains fix list and other package information about the Hardware Management Console.

PTF MH01506

This package includes fixes for HMC Version 8 Release 8.1.0 Service Pack 1.  You can reference this package by APAR# MB03894 and PTF MH01506. This image must be installed on top of HMC Version 8 Release 8.1.0 SP1 (MH01420) with or without additional fixes.

NOTE: This PTF is cumulative and supersedes MH01474, MH01465, MH01468, MH01481, MH01492, MH01494, and MH01498.


Package information
Package name Size Checksum (sha1sum) APAR# PTF#
MH01506.iso   1256355840 2646148d62ee0e5445cd23a5f6a693670435136a
MB03894 MH01506
Splash Panel information (or lshmc -V output)

"version= Version: 8
 Release: 8.1.0
 Service Pack: 1
HMC Build level 20150325.1
MH01506: Fix for various updates (03-30-2015)
","base_version=V8R8.1.0
"

List of fixes

Security Fixes

This PTF includes fixes for the following security vulnerabilities:
General Fixes

Previously released fixes also included in this PTF:


MH01498
03/17/2015
Security Fixes
  • Fixed multiple vulnerabilities in IBM Java SDK: CVE-2015-0410 and CVE-2014-6593
  • NTP security fix for CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296






MH01494

02/10/15

Enhancements

  • This PTF disables SSLv3 protocol on HMC user interfaces.  It uses only TLSv1.2 for HMC/FSP connections for server firmware levels that support TLSv1.2.  After applying this PTF, remote access to the HMC (Browser, ASM, vterm, 5250 console) will require clients that support TLSv1.0 or TLSv1.2.
Security Fixes
  • Fix for GNU C library (glibc) vulnerability that has been referred to as GHOST: CVE-2015-0235
  • openssl security fixes for: CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2014-3569, CVE-2015-0205, CVE-2015-0206
General fixes
  • Fixed an issue where after an HMC upgrade, lshmcencr may list no active ciphers with weak ciphers enabled on the web GUI.
  • Fixed a problem where the GUI and lshmc -V  output may not show PTF information correctly for all applied PTFs.
  • Fixed a problem where serviceable events E35A0017 and E35A0016  are reported.
  • Fixed a problem where intermittently, a POWER8 server with firmware EC level 01AF820 may go to a No Connection state with connection_error_code of  02FF-0003-008087E9 after a FSP restart.
Restrictions :
  • Currently in legacy security mode of HMC, it supports only TLSv1.0 Protocol only, not TLSv1.1 nor TLSv1.2. When moved to NIST SP800-131a security mode, it supports only TLSv1.2.
MH01492
01/23/15

  • Fixed an issue where pressing F10 in the vterm console Java window hangs the HMC GUI.









MH01481

12/17/14

Enhancements

  • This PTF disables SSLv3 on the HMC user interfaces.   After applying this PTF, remote access to the HMC (Browser, ASM, GUI vterm, and pegasus) will require clients  that support TLSv1.0 IBM i secure remote 5250 console will require TLSv1.1 or higher.  The PTF also disables all ciphers except TLSv1.2 on HMC/FSP connections where the server firmware level supports it.
  • For HMCs set to security mode  nist_sp800_131a, this PTF changes the HMC-Server FSP encryption mode to enforce TLS1.2.  This implies that all POWER6 and POWER7 servers must be upgraded to a firmware level that supports TLS1.2 prior to apply of this PTF when using nist_sp800_131a security mode.
Security Fixes
  • CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-6512, CVE-2014-3566, CVE-2014-6457, CVE-2014-6558
  • Fixed a problem where the HMC local login’s browser session attempts to connect to external, non-IBM IP addresses.
General fixes
  • Reduced the amount of memory used.  This may correct “out of memory” errors such as serviceable event E355004C as well as /var full on some HMCs; particularly on HMCs with the minimum amount of memory.  
  • Fixed a problem where the SRIOVLogicalPort configured on any Physical Port shows the location as associated with Physical Port T1 always.
  • Fixed a problem where activation of Partition Firmware (PFW) may fail during a concurrent server firmware update.
  • Fixed problem where HMC boot process can hang for hours during rotation of corrupted log file
  • Fixed a problem where creating or deploying a new partition as a user other than hscroot fails.  Errors include HSCL350B on the HMC and “Error creating instance: HTTP error for PUT /rest/api/uom/ManagedSystem/fbd55c40-4802-3d95-b165-b6111e47a3d2/LogicalParition: 500 (Internal Server Error)” from PowerVC.

MH01468

10/21/14

  • Fixed an issue where restore critical console data from USB flash drive fails.
  • Fixed an issue where  after applying Service Pack 1, some PowerVC and “enhanced” GUI tasks fail with the error "3003c 2610-366 The action array contains an undefined action name at index 0: VioService."
MH01465
10/09/14

  • Fix for  Russian Time Zone changes
MH01474
10/01/14

  • Fix for the following bash security vulnerabilities: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278

Installation

Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Additional information

Notes:

  1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
  2. This image requires DVD -R media.
  3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
  4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.