Hardware Management Console Readme For use with Version 8 Release 8.6.0 Updated: 1 February 2017 Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01674 <#MH01674> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01674 This package includes fixes for HMC Version 8 Release 8.6.0. You can reference this package by APAR MB04060 and PTF MH01674. This image must be installed on top of HMC Version 8 Release 8.6.0 Recovery DVD (PTF MH01654) with mandatory PTF MH01655 installed. Note: This PTF supersedes MH01671. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01674.iso 1348599808 64c47e1ced8e0be7522efc89a6e2d07d31d141a7 MB04060 MH01674 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.6.0 Service Pack: 0 HMC Build level 20170124.1 MH01655: Required fix for HMC V8R8.6.0 (11-01-2016) MH01674: Fix for HMC V8R8.6.0 (01-24-2017) ","base_version=V8R8.6.0 " " Known Issues 1. *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, Install this PTF using the CLI updhmc command. List of fixes ***Security fixes* * * * Fixed kernel vulnerabilities: CVE-2016-3134 and CVE-2016-5195 * Fixed Apache Tomcat vulnerabilities: CVE-2016-6816, CVE-2016-6817 and CVE-2016-0762 * Fixed BIND vulnerability: CVE-2016-8864 * Fixed multiple NTP vulnerabilities: CVE-2015-5196, CVE-2015-5219, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7974, CVE-2015-7979, and CVE-2015-8158 * Fixed DHCP vulnerability: CVE-2016-2774 * Fixed Kerberos vulnerability: CVE-2016-3120 * Fixed Util-linux vulnerability: CVE-2016-5011 * Disabled HTTP compression for the necessary URIs and data types to fix vulnerability: CVE-2013-3587 * Removed support for all Triple DES ciphers from the Web UI (HMC ports 443 and 12443) to address vulnerability: CVE-2016-2183 *General fixes* * Fixed an issue where HMC performance degrades over time until the command server and/or web servers hang requiring a reboot to resolve. Logs will show a large number of blocked threads for the unified JRE and may include an error of "too many open files". The issue is typically seen on HMCs where external scripts are running dozens or hundreds of commands. * Fixed a problem causing a blank window to be opened when the ASM interface for a server is launched when the server is in Failed Authentication state. * Improved the performance of the Enhanced GUI, REST API interface and HMC command line for non-hscroot custom HMC users that have a task role of hmcsuperadmin and a resource role of AllSystemResources. * Fixed an issue causing call-home to fail if the HMC that opened the problem could not connect to IBM, even if another call-home server console was configured. * Corrected the functioning of the F13 through F24 (shift+F1 through shift+F12) keys on non-US keyboards. * Fixed a problem that caused many PowerVC deploy operations to fail. The PowerVC error messages may include "/PC-F162C70 Error creating////storage adapters/" and "/PC-5169BFD Unable to create virtual adapters on Virtual I/O Server/". The underlying HMC error is "/HSCL025A Service processor lock failed./" This problem only occurs if redundant HMCs are in use and the virtual machines being deployed are enabled for simplified remote restart. To circumvent this issue, disconnect the redundant HMC. * Fixed an intermittent problem that caused IBM.LparCmdRMd to terminate abnormally and cause various operations that use RMC to fail. This problem only occurs on HMCs that are managing servers in a Power enterprise pool, and only if the HMCs has multiple network adapters. If IBM.LparCmdRMd terminates abnormally, an error will be logged in /var/log/messages such as "0513-020 The IBM.LparCmdRM Subsystem did not end normally." * Fixed an issue where email notifications for HMC reported service events were not sent when the failing machine type and model differs from the underlying model type of the POWER server (for example the 5146-GL6 Elastic Storage Server systems). *Previously released fixes also included in this PTF: * * MH01671* 12/19/16 * Added a fix to reduce the possibility of various intermittent PowerVC failures due to an HMC REST API "ChunkedEncodingError". With this fix the user may still see these failures. The recovery is to remove the server from the HMC then add it back, or reboot the HMC. * Fixed a problem causing partition migration operations to fail with the error "/HSCLA284 The request issued to the source mover service partition to start the migration has failed/". This problem only occurs if the same IP address is configured on both the source and destination MSPs and the user did not specify which MSP IP addresses to use for the partition migration operation. Installation *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, Install this PTF using the CLI updhmc command. Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service.