Hardware Management Console Readme For use with Version 8 Release 8.3.0 Service Pack 3 Date: 22 March 2017 Contents The information in this Readme contains fix list and other package information about the Hardware Management Console. * PTF MH01683 <#MH01683> * Package information <#package> * List of fixes <#fixes> * Installation (Please read special instructions.) <#install> * Additional information <#additional> PTF MH01683 This package includes a fix for HMC Version 8 Release 8.3.0 Service Pack 3. You can reference this package by APAR MB04063 and PTF MH01683. This image must be installed on top of HMC Version 8 Release 8.3.0 Service Pack 3 (PTF MH01619) with or without additional fixes. Note 1 : This PTF supersedes MH01679. Note 2 : An HMC backup created after installing PTF MH01683 must be restored on HMC Version 8 Release 8.3.0 with Service Pack 3 (MH01619) or later installed. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01683.iso 1252702208 b57171b1ee230792d70dcfc63122a15e5ecf9d08 MB04070 MH01683 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.3.0 Service Pack: 3 HMC Build level 20170302.1 MH01683: Fix for HMC V8R8.3.0 SP3 (03-08-2017) ","base_version=V8R8.3.0 " Known Issues:* * 1*._Special Install Instructions_* Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced+ GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, install this PTF using CLI. 2. After applying this PTF, a vterm console cannot be opened by the GUI on the local HMC console when the HMC is in NIST mode. You can use the mkvterm or vtmenu command on the local HMC console or use the GUI remotely to open a vterm. List of fixes *Security Fixes* * Fixed BIND vulnerability: CVE-2016-9147 * Fixed openSSH vulnerability: CVE-2015-8325 * Fixed multiple NTP vulnerabilities: CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, and CVE-2016-9311 * Fixed openSSL vulnerabilities: CVE-2016-8610 and CVE-2017-3731 *General **Fixes* * Fixed a rare timing issue that can cause the HMC to not report a serviceable event for a managed server. *Previously released fixes also included in this PTF: * * MH01679* 1/30/17 * Fixed Apache Tomcat vulnerabilities: CVE-2016-6816, CVE-2016-6817 and CVE-2016-0762 * Fixed BIND vulnerability: CVE-2016-8864 * Disabled HTTP compression for the necessary URIs and data types to fix vulnerability: CVE-2013-3587 * Removed support for all Triple DES ciphers from the Web UI (HMC ports 443 and 12443) to address vulnerability: CVE-2016-2183 * Fixed an issue where HMC performance degrades over time until the command server and/or web servers hang requiring a reboot to resolve. Logs will show a large number of blocked threads for the unified JRE and may include an error of "too many open files". The issue is typically seen on HMCs where external scripts are running dozens or hundreds of commands. * Fixed a problem causing a blank window to be opened when the ASM interface for a server is launched when the server is in Failed Authentication state. * Prevent another occurrence of the generation and call home of SRC E3550925. This SRC is generated when creating a Kerberos user and no remote user ID is specified or the remote user ID specified is not valid. * Fixed a problem that caused the lpar_netboot command to fail with the error "/The system has no more ptys. Ask your system administrator to create more./" * Fixed an issue where email notifications for HMC reported service events were not sent when the failing machine type and model differs from the underlying model type of the POWER server (for example the 5146-GL6 Elastic Storage Server systems). Back to top <#ibm-content> Installation *_Special Install Instructions_* Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced+ GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, install this PTF using CLI. Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service. Back to top <#ibm-content>