For use with Version 8 Release 8.2.0 Service Pack 2

Updated: 28 June 2016 

Contents

The information in this Readme contains fix list and other package information about the Hardware Management Console.

• PTF MH01637
• Package information
• List of fixes
• Installation
• Additional information

This package includes a fix for HMC Version 8 Release 8.2.0 Service Pack 2.  You can reference this package by APAR# MB04024 and PTF MH01637. This image must be installed on top of HMC Version 8 Release 8.2.0 SP2 (PTF MH01488) with or without additional fixes .

Note: This PTF supersedes MH01573, MH01581, MH01590, MH01599, MH01607, MH01612, and MH01624.

• Fixed an issue where backing up the HMC included PCM data even though the user did not select to include PCM data.
  
• Fixed issue where restoring HMC backup data from USB is failing with error "The media device is not functioning correctly. Contact your service representative.".
  
• Fixed an issue where a newly added usb device did not get an entry in the /etc/fstab table impacting lshw calls.

Previously released fixes also included in this PTF:

MH01624 04/22/16	Fixed multiple OpenSSL security vulnerabilities: CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797 Fixed multiple Tomcat vulnerabilities: CVE 2015-5174,CVE-2015-5345,  CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763 Fixed Vulnerabilities in bind: CVE-2016-1285 and CVE-2016-1286 Fixed security vulnerability with Strongswan: CVE-2015-8023       Fixed Httpd security vulnerabilities: CVE-2013-5704, CVE-2015-3183 Fixed libssh2 security vulnerability: CVE-2016-0787 Fixed NTP security vulnerabilities: CVE-2015-5300, CVE-2015-7704, CVE-2015-8138 Fixed a security issue with HMC restricted shell. Fixed issue where lshmc -r command returned incorrect results when displaying the altdiskboot setting. Fixed an error obtaining credentials that resulted in call home SRC E3D4310A.
MH01612 03/15/16	Fixed a Java security issue: CVE-2016-0448 Fixed a security vulnerability in glibc: CVE-2015-7547 Fixed an issue where /var/log/slpd.log is not under log rotation control which can lead to serviceable event E212E134 and the /var filesystem becoming full.
MH01607 02/17/16	Fixed multiple OpenSSH vulnerabilities involving the ssh client "Roaming" feature: CVE-2016-0777 and CVE-2016-0778
MH01599 01/25/16	Fixed multiple OpenSSL Vulnerabilities: CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794 Fixed multiple Java Vulnerabilities:  CVE-2015-4843, CVE-2015-4868, CVE-2015-4806, CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4842, and CVE-2015-4803 Fixed a security issue with HMC restricted shell Fixed an issue where the HMC web server may intermittently deadlock.  Symptoms include one or more of the following: unable to connect using a browser; browser error "Service Temporarily Unavailable"'; multiple serviceable events for E35A0016 and/or E35A0017; unable to restart  due to / file system full from repeated diagnostic dumps.
MH01590 12/22/15	Fixed Pluggable Authentication Module (PAM) vulnerability: CVE-2015-3238 Fixed multiple vulnerabilites in Websphere Liberty Profile (WLP): CVE-2015-2017, CVE-2015-1927, and CVE-2015-4938
MH01581 11/24/15	Security Fixes Fixed multiple security vulnerabilites in curl: CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148, and CVE-2015-3153 Fixed openssh vulnerability: CVE-2015-5600 Fixed multiple NTP vulnerabilities: CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405 General fixes Enhanced the error handling and reporting if a deadlock should occur. Fixed a problem where an unsuccessful call home of a serviceable event incorrectly prevents the customer notification from being sent. Fixed an issue where creating a sysplan fails may fail with error “System plan formatting is not valid for the following reasons: Inventory Gathering” when virtual fibre channel adapters are configured. Fixed Repair and Verify procedure for serviceable event BA15D001 when the slot contains a 4 port Ethernet adapter.  Fixed an issue where the HMC Format media task may not detect a working USB flash drive as a possible target for the format operation. Updated safety instructions for non-concurrent system planar and other exchanges that require part of the system to be disassembled, for POWER 8 servers. Enhanced diagnostics for HMC Performance and Capacity Monitor related issues. Fixed an issue where  rrstartlpar command could only be executed by a user with hmcsuperadmin user role.  Users with hmcoperator and hscpe roles can now execute the command; consistent with the roles required for other migration operations. Fixed an issue where displaying server utilization snapshot data incorrectly included hourly data. Fixed an issue where the user specified utilization data sample rate is ignored and a sample rate of 30 seconds was used instead. Fixed an issue with a Power Supply Exchange procedure that may incorrectly cause serviceable event B1602A33 to be reported during the repair. HMC will now display incomplete (and not save area version mismatch) if a HMC with this PTF is connected to a server that was previously managed by a HMC at a later version such as V8 R8.4.0. Fixed an issue of where enabling “remote operation” in the GUI does not persist the  firewall change to open ports 443, 12443, and 9960 (remote web access).   The firewall will be disabled the next time a user changes another setting via "Change Network Settings" panel. Updated the error message returned by lslic command when  the server is not in a connected state.  Old message: “An unknown error occurred while trying to perform this command.  Retry the command.  If the error persists, contact your software support representative.”  New message: “HSCF0004E An error occurred trying to survey the target <managed system> FSP-P. Please verify the connection to the managed system.”. Enhanced HMC diagnostics for serviceable events E2FF1801. Fixed a problem that can result in multiple reports of serviceable events E35A0016 AND E35A0017 Fixed a rare, intermittent problem that can cause RMC to hang; requiring an HMC reboot to recover. Fixed an issue where after an upgrade to HMC V8 R8.2.0 Service Pack 2 (MH01488), ldap users are no longer able to login to the HMC, and lshmcldap -r user throws an exception: “The command lshmcldap failed. Details: … Create LDAP Context <-> initLdapContext getting exception! ERROR: Can't initialize LdapContext! javax.naming.CommunicationException: exception is java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ] com.sun.jndi.ldap.Connection.<init>(Connection.java:213) com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:128) … Fixed an issue where the dhcpd lease files may grow indefinitely leading to /var disk full errors.
MH01573 10/19/15	Security Fixes Miscellaneous security updates including: Timezone 2015f update httpd/mod_ssl updates krb5 updates: CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422 ntp updates: CVE-2014-9297 and CVE-2014-9298 strongswan updates: CVE-2015-4171 autofs update: CVE-2014-8169 gnutls updates:  CVE-2014-8155, CVE-2015-0282, and CVE-2015-0294  Security fix for glibc libraries (CVE-2013-7424) Security fix for libuser library (CVE-2015-3245, CVE-2015-3246) Security fix for net-snmp (CVE-2014-3565) General fixes Fixed an issue where deploy system plan may fail with unknown error. Fixed an issue where a serviceable event customer notification is not sent when the callhome fails.  Fixed issue with problem callhome with some blades and Flex ITEs. Fix to include the Alternate phone (Phone2) field in the problem (PMH) contact information. Fixed an issue where the keyboard setting may be reset to default values after reboot. Fixed a problem where HMC may stop responding on port 12443 impacting applications such as PowerVC. Fixed an issue with data replication to prevent an error during configuration resulting in message "The Hardware Management Console at the specified address could not be reached or is not at the appropriate level of code to be used as a data source" Added additional pedbg collections for field issues

Back to top

Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:

1. If already logged in to the HMC using Enhanced+ GUI, log off the HMC.
2. Log in again selecting the Log In option of "Classic".
3. Install using the normal installation instructions.
   

Alternatively, install this PTF using CLI.

Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Upgrading or restoring HMC Version 8

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Notes:

1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
2. This image requires DVD -R media.
3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
   updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.