Hardware Management Console Readme

For use with Version 8 Release 8.1.0 Service Pack 2

 


      Contents

The information in this Readme contains fix list and other package
information about the Hardware Management Console.

  * PTF MH01580 <#MH01580>
  * Package information <#package>
  * List of fixes <#fixes>
  * Installation <#install>
  * Additional information <#additional>


    PTF MH01580

This package includes fixes for HMC Version 8 Release 8.1.0 Service Pack
2.  You can reference this package by APAR# MB03975 and PTF MH01580.
This image must be installed on top of HMC Version 8 Release 8.1.0
Service Pack 2 (PTF MH01452) with or without additional fixes.

*NOTE:* This PTF is cumulative and supersedes MH01528, MH01532, MH01550,
MH01567, and MH01572.


/Package information/ Package name 	Size 	Checksum (sha1sum) 	APAR# 	PTF#
MH01580.iso 	1236586496 	5f824ed42dcaabe33b34d2087e21c2b0773cc14b
	MB03975 	MH01580
Splash Panel information (or lshmc -V output)

"version= Version: 8
Release: 8.1.0
Service Pack: 2
HMC Build level 20151102.1
MH01580: various updates (11-05-2015)
","base_version=V8R8.1.0
"


    Known Issues

The HMC may encounter loss of remote web browser access to the HMC after
application of this PTF. Users should verify the HMC Certificate
Signature Algorithm and update the certificate if needed prior to
installing this PTF.  For further information see
http://www.ibm.com/support/docview.wss?uid=nas8N1020801 
<http://www.ibm.com/support/docview.wss?uid=nas8N1020801>


    List of fixes

*Security Fixes*

  * Fixed multiple security vulnerabilites in curl : CVE-2014-3613,
    CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148, and
    CVE-2015-3153
  * Fixed openssh vulnerability: CVE-2015-5600
  * Fixed NTP vulnerabilities: CVE-2015-1799 and CVE-2015-3405

*Previously released fixes also included in this PTF: *

*









MH01572*
10/19/15
	*Security Fixes*

  * Miscellaneous security updates including:
      o Timezone 2015f update
      o httpd/mod_ssl updates
      o krb5 updates: CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422
      o ntp updates: CVE-2014-9297, CVE-2014-9298, and CVE-2015-1798
      o strongswan updates: CVE-2015-4171
      o autofs update: CVE-2014-8169
      o gnutls updates:  CVE-2014-8155, CVE-2015-0282, and CVE-2015-0294 
  * Fixed vulnerability for glibc libraries: CVE-2013-7424
  * Fixed libuser vulnerabilities: CVE-2015-3245 and CVE-2015-3246
  * Fixed net-snmp vulnerabilities: CVE-2015-5621 and CVE-2014-3565

*General Fixes*

  * Fixed an issue where deploy system plan may fail with unknown error.
  * Fixed an issue that caused duplicate MAC addresses after the system
    went to Recovery and a Recover Partition Data -> Restore task was
    executed.
  * Fixed an issue where the keyboard setting may be reset to default
    values after reboot.
  * Fixed an issue with data replication to prevent an error during
    configuration resulting in message "/The Hardware Management Console
    at the specified address could not be reached or is not at the
    appropriate level of code to be used as a data source/"
  * Added additional pedbg collections for field issues

*
MH01567
*09/25/15*
* 	


  * Fixed an issue that could potentially cause a certificate chain error.

*


MH01550
*08/12/15*
* 	*Security Fixes*

  * Fixed multiple Java vulnerabilities: CVE-2015-4733, CVE-2015-4732,
    CVE-2015-2590, CVE-2015-4731, CVE-2015-4748, CVE-2015-2664,
    CVE-2015-2621, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, and
    CVE-2015-1931
  * Fixed Kerberos vulnerabilities: CVE-2014-5353 and CVE-2014-5355
  * Fixed multiple openssl vulnerability: CVE-2014-8176, CVE-2015-1788,
    CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and
    CVE-2015-3216
  * Fixed NTP vulnerabilities: CVE-2015-1799 and CVE-2015-3405
  * Fixed Strongswan vulnerabilities: CVE-2014-9221, CVE-2014-2891,
    CVE-2014-2338, and CVE-2013-5018

*

**









MH01532*
07/14/15
	*Known Issues:
*

  * The install may fail on HMCs that have been multi-step upgraded from
    Version 7.  Users can verify the HMC Certificate Signature Algorithm
    and update the certificate if needed prior to installing this PTF.
    For further information and instructions on preventing or resolving
    the issue see:
    http://www.ibm.com/support/docview.wss?uid=nas8N1020801

  * Beginning June 30, 2015, a new server is required for customers
    using Electronic Service Agent on the HMC to Call Home to IBM. 
    Ensure any external firewall allows https connection to new server
    IP 129.42.50.224.  For a list of all required IP addresses and ports
    see the whitepaper "/ESA for HMC Connectivity Security for IBM
    POWER6, POWER7 and POWER8 Processor-Based Systems and IBM Storage
    Systems DS8000/" available at:
    http://www-01.ibm.com/support/esa/security.htm

*Security Fixes*

  * Fixed multiple Java vulnerabilities: CVE-2015-0480, CVE-2015-0486,
    CVE-2015-0488, CVE-2015-0478, CVE-2015-0477, CVE-2015-1916
  * Fixed httpd and openssl "Logjam" vulnerability:CVE-2015-4000
  * Fixed glibc vulnerabilities: CVE-2013-7423, CVE-2015-1781   
  * Fixed multiple Unzip Heap Buffer Overflows, "Zero Day",
    Vulnerabilities: CVE-2014-8139, CVE-2014-8140, CVE-2014-8141,
    CVE-2014-9636
  * Fixed a potential security issue with viosvrcmd

*General fixes*

  * Fixed a problem where after an upgrade of dual HMCs, activating the
    first partition may cause the other HMC to incorrectly show a
    recovery state until the next rebuild.      
  * Fixed an issue where the server will go to an incomplete state if a
    user creates a new virtual network with a name that conflicts with
    auto-generated network names.
  * Fixed an issue where login with a user profile that does not have an
    all resource role was slow.
  * Updated the code signing certificate for the vterm applet.
      

*
MH01528*
05/22/2015 	*General Fixes*

  * Fixed an issue where logging stops after log rotation  runs for
    syslog impacting system files in /var/log

Back to top <#ibm-content>


    Installation

Installation instructions for HMC Version 8 upgrades and corrective
service can be found at these locations:

Upgrading or restoring HMC Version 8
<http://www-01.ibm.com/support/docview.wss?uid=nas8N1020109>

Installation methods for HMC Version 8 fixes
<http://www-01.ibm.com/support/docview.wss?uid=nas8N1020134>

Instructions and images for upgrading via a remote network install can
be found here:

HMC V8 network installation images and installation instructions
<http://www-01.ibm.com/support/docview.wss?uid=nas8N1020108>


    Additional information


      Notes:

 1. The Install Corrective Service task now allows you to install
    corrective service updates from the ISO image files of these
    updates. You can download these ISO image files for the HMC, and
    then use the ISO image file to install the corrective service
    update. You no longer need to burn CD-R or DVD-R media to use the
    ISO image file to install corrective service.
 2. This image requires DVD -R media.
 3. To install updates over the network, select the *.iso file on the
    "Select Service Package" panel of the Install Corrective Service
    task. The HMC application extracts the files needed to install the
    corrective service. If you are using USB flash media, copy the *.iso
    file to the flash media, and then select the file when prompted.
 4. The *updhmc* command line command has also been modified to use the
    *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f
    </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install
the corrective service.

Back to top <#ibm-content>