Hardware Management Console Readme

For use withVersion 7 Release 7.9.0 Service Pack 3
Last updated: 13 June 2016


      Contents

The information in this Readme contains fix list and other package
information about the Hardware Management Console.

  * PTF MH01610 <#MH01610>
  * Package information <#package>
  * List of fixes <#fixes>
  * Installation <#install>
  * Additional information <#additional>


    PTF MH01610

This package includes fixes for HMC Version 7 Release 7.9.0 Service Pack
3. You can reference this package by APAR MB03898 and PTF MH01610. This
image must be installed on top of HMC Version 7 Release 7.9.0 Service
Pack 3 (MH01546).

Note: This PTF supersedes MH01597 and MH01605.

/Package information/ Package name 	Size 	Checksum (sha1sum) 	APAR# 	PTF#
MH01610.iso 	1926496256 	4136744da93839582e30da2f55bc0da5824818ef
	MB03898 	MH01610
Splash Panel information (or lshmc -V output)
*
*"version= Version: 7
 Release: 7.9.0
 Service Pack: 3
HMC Build level 20160311.2
MH01597: security updates (01-19-2016)
MH01605: security updates (02-08-2016)
MH01610: security updates (03-12-2016)
","base_version=V7R7.9.0
"


    List of fixes

*Security Fixes*

  * Fixed a Java security issue: CVE-2016-0448
  * Fixed security vulnerabilities in glibc: CVE-2015-7547,
    CVE-2014-9761, CVE-2015-8776, CVE-2015-8777, CVE-2015-8778 and CVE-2015-8779


*General Fixes*

  * Enabled all TLS protocols on vterm(9960), FCS(9920) and remote web
    access(12443) ports.
  * Fixed an issue during Remote Restart to prevent the lpars going into
    open firmware state on the target managed system because storage
    mappings/adapters were missing. The HMC will now report a valid
    error when an exception is hit and will display the correct Remote
    Restart status.

*Previously released fixes also included in this PTF: *
*

MH01605*
02/17/16
	


  * Fixed multiple OpenSSH vulnerabilities involving the ssh client
    "Roaming" feature: CVE-2016-0777 and CVE-2016-0778
  * Fixed multiple Vulnerabilities in NTP : CVE-2015-7691,
    CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703,
    CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849,
    CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853,
    CVE-2015-7854, CVE-2015-7855, and CVE-2015-7871
  * Fixed an issue where the managed servers go to an Incomplete state
    when the RMC interface has a blank (null) ipv4 or ipv6 value.
  * Fixed an issue where /var may fill up with core dumps when Pegasus
    server is enabled and in use by a remote client.

*

MH01597*
1/25/16
	


  * Fixed multiple OpenSSL Vulnerabilities: CVE-2015-3193,
    CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794
  * Fixed multiple Java Vulnerabilities: CVE-2015-4843, CVE-2015-4868,
    CVE-2015-4806, CVE-2015-4872, CVE-2015-4911, CVE-2015-4893,
    CVE-2015-4842, and  CVE-2015-4803
  * Fixed an issue where the HMC web server may intermittently
    deadlock.  Symptoms include one or more of the following: unable to
    connect using a browser; browser error "Service Temporarily
    Unavailable"'; multiple serviceable events for E35A0016 and/or
    E35A0017; unable to restart  due to / file system full from repeated
    diagnostic dumps.




Back to top <#ibm-content>


    Installation

Installation instructions for HMC Version 7 upgrades, updates and
corrective service can be found at these locations:

Installation methods for HMC Version 7 updates and fixes
<http://www.ibm.com/support/docview.wss?uid=isg3T1012427>

Upgrading or restoring HMC Version 7
<http://www.ibm.com/support/docview.wss?uid=isg3T1012390>

Instructions and images for upgrading via a remote network install can
be found here (for all HMC releases):

HMC network installation images
<http://www14.software.ibm.com/webapp/set2/sas/f/netinstall/home.html>



    Additional information


      Notes:

 1. The Install Corrective Service task now allows you to install
    corrective service updates from the ISO image files of these
    updates. You can download these ISO image files for the HMC, and
    then use the ISO image file to install the corrective service
    update. You no longer need to burn CD-R or DVD-R media to use the
    ISO image file to install corrective service.
 2. This image requires DVD -R media.
 3. To install updates over the network, select the *.iso file on the
    "Select Service Package" panel of the Install Corrective Service
    task. The HMC application extracts the files needed to install the
    corrective service. If you are using USB flash media, copy the *.iso
    file to the flash media, and then select the file when prompted.
 4. The *updhmc* command line command has also been modified to use the
    *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f
    </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install
the corrective service.

Back to top <#ibm-content>