Hardware Management Console Readme

For use with Version 8 Release 8.1.0 Service Pack 3

Date: 19 August 2016

Contents

The information in this Readme contains fix list and other package
information about the Hardware Management Console.

  * PTF MH01645 <#MH01645>
  * Package information <#package>
  * List of fixes <#fixes>
  * Installation <#install>
  * Additional information <#additional>


    PTF MH01645

This package includes fixes for HMC Version 8 Release 8.1.0 Service Pack
3.  You can reference this package by APAR# MB04030 and PTF MH01645.
This image must be installed on top of HMC Version 8 Release 8.1.0
Service Pack 3 (PTF MH01545) with or without additional fixes.

*Note*: This PTF supersedes PTF MH01598, MH01606, MH01611, MH01623, and
MH01636.

/Package information/ Package name 	Size 	Checksum (sha1sum) 	APAR# 	PTF#
MH01645.iso 	1319426048 	9477c22a0769ffb8f451f5eabed608f41afc6ca6
	MB04030 	MH01645
Splash Panel information (or lshmc -V output)

"version= Version: 8
Release: 8.1.0
Service Pack: 3
HMC Build level 20160807.1
MH01645: security updates (08-07-2016)
","base_version=V8R8.1.0
"


    List of fixes

*Security Fixes*

  * Fixed Apache Tomcat Vulnerability: CVE-2016-3092.
  * Fixed multiple NTP vulnerabilities: CVE-2015-7703, CVE-2016-1547,
    CVE-2016-1548, CVE-2016-1550, and CVE-2016-2518.
  * Fixed multiple OpenSSH vulnerabilities: CVE-2015-6563,
    CVE-2015-6564, CVE-2016-3115 and CVE-2016-1908.
  * Fixed IBM Websphere Application Server (WAS) vulnerability:
    CVE-2016-2923


*General Fixes*

  * Updated the expiration date for the vterm applet. The current
    certificate expires August 25th 2016.
  * Fixed an issue where after installing a PTF the security mode could
    not be changed due to an "Invalid Parameter" error from chhmc command.

*Previously released fixes also included in this PTF: *
*



MH01636*
06/23/16
	

  * Added functionality to the chhmc command to allow an admin to set a
    grub password at bootup.
  * Fixed openSSL vulnerabilities:  CVE-2016-2105, CVE-2016-2106,
    CVE-2016-2107, CVE-2016-2108, and CVE-2016-2109
  * Fixed security scan vulnerability by enabling TLSv1.2 by default for
    HMC vterm port (9960) when HMC is in Legacy mode.
  * Fixed Java  vulnerability: CVE-2016-3426
  * Fixed Power Hardware Management Console: CVE-2016-0230
  * Fixed an issue where backing up the HMC included PCM data even
    though the user did not select to include PCM data.
  * Fixed issue where restoring HMC backup data from USB is failing with
    error /"//The media device is not functioning correctly. Contact
    your service representative./"
  * Fixed an issue where a newly added usb device did not get an entry
    in the /etc/fstab table impacting lshw calls.













*MH01623*
05/15/16
	

  * Fixed the following OpenSSL security vulnerabilities: CVE-2015-3197,
    CVE-2016-0702, CVE-2016-0705, CVE-2016-0797
  * Fixed Tomcat vulnerabilities:  CVE 2015-5174,CVE-2015-5345, 
    CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714,
    CVE-2016-0763
  * Fixed Vulnerabilities in bind: CVE-2016-1285 and CVE-2016-1286
  * Fixed security vulnerability with Strongswan: CVE-2015-8023        
         
  * Fixed the following Httpd security vulnerabilities; CVE-2013-5704
    CVE-2015-3183
  * Fixed libssh2 security vulnerability: CVE-2016-0787
  * Fixed NTP security vulnerabilities: CVE-2015-5300, CVE-2015-7704,
    CVE-2015-8138
  * Fixed a security issue with HMC restricted shell

  * Fixed a Repair & Verify issue on systems utilizing the 24 inch frame
    with a power  subsystem where users can experience a failure of
    concurrent service  maintenance activities on power components
    within the CEC enclosure, the Power Subsystem enclosure, and any
    installed I/O devices within the frame.  Servers impacted include
    the  POWER 575, 590, 595, 795: Models 9125-F2A,F2B,F2C; 9118-575;
    9119-590,595,FHA,FHB; 9406-595.

    Errors include: 
    "/An internal error occurred when the management console //attempted
    to validate the service network. Some or all of the //required
    network resources may not be available. Contact your //next level of
    support for problem determination/." 

    and

    "/Redundancy status could not be determined for the FRU in
    //location:  //U5791.001.XXXXXXX-Ex" (example)//
    //The FRU cannot be exchanged concurrently. The IO Drawer must be
    powered off and partitions may need to be shut down to continue the
    repair. /"

  * Fixed a rare deadlock issue that required a HMC reboot to recover. 
    Symptoms include unable to login GUI remotely; CLI commands fail
    with "/command server failed/" errors;  partition mobility failing
    with /HSCLA200 An unknown error occurred during the partition
    migration/.     
  * Fixed an issue where attempting to remove NTP entries using chhmc
    command fails with "/Server not found in configuration file/" when
    there is a space at the end of the entry in the underlying xntp
    configuration file.   
  * Fixed issue where lshmc -r command returned incorrect results when
    displaying the altdiskboot setting.
  * Fixed an error obtaining credentials that resulted in call home SRC
    E3D4310A.

*

MH01611*
03/15/16
	

  * Fixed a Java security issue: CVE-2016-0448
  * Fixed a security vulnerability in glibc: CVE-2015-7547
  * Fixed a security issue with HMC restricted shell.
  * Fixed an issue where /var/log/slpd.log is not under log rotation
    control which can lead to serviceable event E212E134 and the /var
    filesystem becoming full.

*
MH01606*
02/17/16
	

  * Fixed multiple OpenSSH vulnerabilities involving the ssh client
    "Roaming" feature: CVE-2016-0777 and CVE-2016-0778

*
MH01598*
1/25/16
	


  * Fixed multiple OpenSSL Vulnerabilities: CVE-2015-3193,
    CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794
  * Fixed multiple Java Vulnerabilities: CVE-2015-4843, CVE-2015-4868,
    CVE-2015-4806, CVE-2015-4872, CVE-2015-4911, CVE-2015-4893,
    CVE-2015-4842, and CVE-2015-4803



Back to top <#ibm-content>


    Installation

Installation instructions for HMC Version 8 upgrades and corrective
service can be found at these locations:

Upgrading or restoring HMC Version 8
<http://www-01.ibm.com/support/docview.wss?uid=nas8N1020109>

Installation methods for HMC Version 8 fixes
<http://www-01.ibm.com/support/docview.wss?uid=nas8N1020134>

Instructions and images for upgrading via a remote network install can
be found here:

HMC V8 network installation images and installation instructions
<http://www-01.ibm.com/support/docview.wss?uid=nas8N1020108>


    Additional information


      Notes:

 1. The Install Corrective Service task now allows you to install
    corrective service updates from the ISO image files of these
    updates. You can download these ISO image files for the HMC, and
    then use the ISO image file to install the corrective service
    update. You no longer need to burn CD-R or DVD-R media to use the
    ISO image file to install corrective service.
 2. This image requires DVD -R media.
 3. To install updates over the network, select the *.iso file on the
    "Select Service Package" panel of the Install Corrective Service
    task. The HMC application extracts the files needed to install the
    corrective service. If you are using USB flash media, copy the *.iso
    file to the flash media, and then select the file when prompted.
 4. The *updhmc* command line command has also been modified to use the
    *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f
    </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install
the corrective service.

Back to top <#ibm-content>