Hardware Management Console Readme

For use with Version 7 Release 7.8.0 Service Pack 2

Contents

The information in this Readme contains fix list and other package information about the Hardware Management Console.

PTF MH01548

This package includes fixes for HMC Version 7 Release 7.8.0 Service Pack 2.  You can reference this package by APAR# MB03936 and PTF MH01548.  This image must be installed on top of  HMC Version 7 Release 7.8.0 SP2 (MH01432) with or without additional PTFs.

Note: This PTF supersedes MH01458, MH01511, MH01504, and MH01518, and MH01536.

 


Package information
Package name Size Checksum (sha1sum) APAR# PTF#
MH01548.iso 1446004736
a60f8688108bb2e3ce681472b2ad25c15c423f66
MB03936 MH01548
Splash Panel information (or lshmc -V output)

"version= Version: 7
Release: 7.8.0
Service Pack: 2
HMC Build level 20150729.2
MH01548: Fix for security updates (07-30-2015)
","base_version=V7R7.8.0
"

List of fixes

Known Issues:

Security Fixes

This PTF includes fixes for the following security vulnerabilities:

General fixes
  • Updated description for 5767 incorrect on HMC SX instead of TX.
  • Fixed issue of Backup CCD failed with HSCP0200.
  • Fixed issue of bkconsdata over nfs to NFSv4 server fails.
  • Fixed issue of CEC going in recovery due to IOR lpar not defined in save area.

Previously released fixes also included in this PTF:









MH01536

07/14/15

Known Issues:

  • The install may fail on HMCs that have a certificate signed with a weak signature algorithm.  Users can verify the HMC Certificate Signature Algorithm and update the certificate if needed prior to installing this PTF. For further information and instructions on preventing or resolving the issue see:   
    http://www.ibm.com/support/docview.wss?uid=nas8N1020801

  • Beginning June 30, 2015, a new server is required for customers using Electronic Service Agent on the HMC to Call Home to IBM.  Ensure any external firewall allows https connection to new server IP 129.42.50.224.  For a list of all required IP addresses and ports see the whitepaper "ESA for HMC Connectivity Security for IBM POWER6, POWER7 and POWER8 Processor-Based Systems and IBM Storage Systems DS8000" available at:   
    http://www-01.ibm.com/support/esa/security.htm
Security Fixes

  • Fixed multiple Java vulnerabilities: CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0478, CVE-2015-0477, CVE-2015-1916
  • Fixed httpd and openssl "Logjam" vulnerability: CVE-2015-4000
  • Fixed Multiple Heap Buffer Overflow, "Zero Day", Vulnerabilities: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141, CVE-2014-9636
  • Fixed a potential security issue with viosvrcmd.
General fixes
  • Updated the code signing certificate for the vterm applet.






MH01518

05/07/2015

Security Fixes

  • Fixed multiple vulnerabilities in OpenSSL: CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
  • Fixed multiple vulnerabilities in Tomcat:
    • CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
    • CVE-2014-0230
    • CVE-2013-4444
    • CVE-2014-0227
  • Fixed multiple vulnerabilities in glibc: CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472
  • Fix for RC4 stream cipher "Bar Mitzvah" vulnerability: CVE-2015-2808
General fixes
  • Fixed an issue with Leap Second, where HMC could encounter a system hang or performance degradation after the leap second is added at the end of June 30th 2015.
  • RC4 based ciphers have been disabled.


MH01504

04/06/2015

Security Fixes

  • CVE-2015-0204, CVE-2015-0138 (Freak)
General fixes
  • Fixed a problem where HMC was enabling weak ciphers that were not in the lshmcencr enabled cipher list.

MH01511

03/17/2015

  • Fixed a problem that can cause errors with PowerVC and the enhanced GUI tasks.



MH01502
03/09/2015

Security fixes

  • Fixed multiple vulnerabilities in Network Time Protocol (NTP): (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9297, CVE-2014-9298)
  • Fixed multiple vulnerabilities in IBM Java SDK: (CVE-2015-0410, CVE-2014-6593)

General fixes

  • Fixed an issue where the java applet causes the HMC console to stop responding to input when a vterm is open for a long time and/or when F10 is pressed in the vterm
  • Fixed an issue where launching ASM to POWER5 systems in failed authentication state would result in a blank screen.

MH01458

02/12/2015
Security Fixes
  • NTP security fix for CVE-2014-9295
  • Fixed a problem where the HMC local login’s browser session attempts to connect to external, non-IBM IP addresses.  
  • Fix for GNU C library (glibc) vulnerability that has been referred to as GHOST: CVE-2015-0235
  • openssl security fixes for: CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2014-3569, CVE-2015-0205, CVE-2015-0206
General Fixes
  • Updated  mkprofdata manpages
  • Fixed a problem where custom groups may be removed when HMC is rebooted.  
  • Fixed a problem where mkprofdata command was unable to recover partition data successfully leaving system in recovery.
  • Fixed a problem where chlparutil -s command has no effect on sample rate
  • Fixed a problem where HMC Master/Slave replication may fail.
  • Fixed a problem where problem analysis for a server or frame may stop causing service events to not be reported
  • Fixed a problem where ASM task failed to connect to POWER5 servers.
  • Corrected wording for IBM i partitions on performance panel.
  • Fixed a problem where HMC incorrectly allowed 8205-E6C to upgrade to an unsupported firmware level.
  • Fixed a problem where HMC reboot hangs at initializing or boots but fails to list any servers
  • Fixed an issue where after an HMC upgrade, lshmcencr may list no active ciphers with weak ciphers enabled on the web GUI.


Installation

Installation instructions for HMC Version 7 upgrades, updates and corrective service can be found at these locations:

Instructions and images for upgrading via a remote network install can be found here (for all HMC releases):



Additional information

Notes:

  1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
  2. This image requires DVD -R media.
  3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
  4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.