Hardware Management Console Readme

For use with Version 8 Release 8.4.0 SP2

Date: 19 June 2017
(C) Copyright International Business Machines Corp., 2017 All rights reserved.

Contents

The information in this Readme contains fix list and other package information about the Hardware Management Console.


PTF MH01701

This package includes fixes for HMC V8 R8.4.0 Service Pack 2.  You can also reference this package by PTF MH01701 and APAR MB04087.  This image can be installed on top of HMC Version 8 Release 8.4.0 Service Pack 2 (PTF MH01620) with or without additional fixes.

Note 1: This PTF supersedes MH01662, MH01665, MH01668, MH01680, MH01684 and MH01693.
Note 2: An HMC backup created after installing PTF MH01701 must only be restored on V8 R8.4.0 with Service Pack 2 plus PTF MH01665 or later installed.
Package information
Package name Size Checksum (sha1sum) APAR# PTF#
MH01701.iso 1779128320 c20570c8bb1b92abf364c13fc9753cab615ef247
 MB04087 MH01701
Splash Panel information (or lshmc -V output)

"version= Version: 8
Release: 8.4.0
Service Pack: 2
HMC Build level 20170525.1
MH01701: Fix for HMC V8R8.4.0 SP2 (05-31-2017)
","base_version=V8R8.4.0
 "

Install Notes

Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:
1.    Log in again selecting the Log In option of "Classic".
2.    If already logged in to the HMC using Enhanced GUI, log off the HMC.
3.    Install using the normal installation instructions.
Alternatively, install this PTF using the CLI updhmc command.

List of fixes

Security fixes
General fix

Previously released fixes also included in this PTF:






MH01693
04/20/17
  • Fixed a security issue with the Firefox browser on the local HMC console. 
  • Fixed a problem that caused the right parenthesis character ")" to look the same as the right curly brace character "}" in vterm console windows on the local HMC console.
  • Fixed a problem causing a successful heartbeat transmission to include one or more unsuccessful heartbeat transmissions.  This problem always occurs after a previous heartbeat transmission fails.  
  • Fixed an issue where serviceable event problem data upload would fail and generate SRC E3550421 when HMC A tries to callhome a problem through HMC B and the HMCs were at different fix levels. Applying this fix to the originating HMC (HMC A) allows successful transmission of problem data even if the callhome HMC (HMC B) is downlevel. Note that IBM recommends all HMCs participating as a callhome server be at the same fix level.
  • Fixed an occurrence of a password specified on a command from being logged in clear text.
  • Fixed an issue that caused the following error to be displayed when trying to open a vterm console window: "Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running". With this fix, vterm console windows can continue to be opened after the vterm applet certificate has expired. 


MH01684
03/21/17
  • Fixed BIND vulnerability: CVE-2016-9147
  • Fixed openSSH vulnerability:  CVE-2015-8325
  • Fixed multiple NTP vulnerabilities: CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, and CVE-2016-9311
  • Fixed openSSL vulnerabilities: CVE-2016-8610 and CVE-2017-3731
  • Fixed a race condition to prevent the generation and call home of SRC E3551172.






MH01680
01/30/17
  • Fixed Apache Tomcat vulnerabilities: CVE-2016-6816, CVE-2016-6817 and CVE-2016-0762
  • Fixed BIND vulnerability: CVE-2016-8864
  • Disabled HTTP compression for the necessary URIs and data types to fix vulnerability: CVE-2013-3587
  • Removed support for all Triple DES ciphers from the Web UI (HMC ports 443 and 12443) to address vulnerability: CVE-2016-2183
  • Fixed an issue where HMC performance degrades over time until the command server and/or web servers hang requiring a reboot to resolve.  Logs will show a large number of blocked threads for the unified JRE and may include an error of "too many open files".  The issue is typically seen on HMCs where external scripts are running dozens or hundreds of commands.
  • Fixed a problem causing a blank window to be opened when the ASM interface for a server is launched when the server is in Failed Authentication state.
  • Improved the performance of the Enhanced GUI, REST API interface and HMC command line for non-hscroot custom HMC users that have a task role of hmcsuperadmin and a resource role of AllSystemResources.
  • Fixed an issue causing call-home to fail if the HMC that opened the problem could not connect to IBM, even if another call-home server console was configured.
  • Fixed an issue where email notifications for HMC reported service events were not sent when the failing machine type and model differs from the underlying model type of the POWER server (for example the 5146-GL6 Elastic Storage Server systems). 



MH01668
11/21/16
  • Added DST timezone changes for Turkey, leap second to 31 Dec 2016.
  • Changed the HMC install process to report the error SRC E3558801 when the installation of a service pack or iFix fails due to a rare RPM installation failure.  Prior to this fix, the service pack or iFix installation appeared to finish successfully.
  • Fixed another issue to prevent call home SRC E3D46FFF combined with System_Auth SRC E3D43104 due to a scheduled change credential password task that no longer is needed.
  • Fixed a problem that caused a blank window to be opened when the ASM interface for a server is launched.  This problem only occurs for servers which have newer versions of POWER 8 system firmware installed.
  • Fixed multiple OpenSSL vulnerabilities: CVE-2016-2180, CVE-2016-2182, and CVE-2016-6306

















MH01665
10/20/16
  • Fixed a problem with persisted service data that can impact HMC model CR9s.  Symptoms include: all dumps from the managed server being deleted immediately after offload; new serviceable events reported by the server being discarded without a serviceable event being opened on the HMC.
  • Fixed a problem that caused the wrong HMC machine type, model and serial number to be displayed on the following HMC GUI screens: Service Management -> Enable Electronic Service Agent and Service Management -> Manage Inbound Connectivity -> Prepare -> Remote Service Session.  This problem occurs on CR9 model HMCs only.
  • Fixed a problem with backup and restore tasks where after restoring a backup and rebooting the HMC users may not be able to login to the HMC GUI and all REST API connection requests are rejected.   After applying this fix,  perform a new HMC backup and discard any older backups.  After a scratch install of the HMC, this PTF should be applied prior to restoring the backup.
  • Fixed a rare timing issue that can cause a partition migration operation to incorrectly fail with error "HSCL2957 Either there is currently no RMC connection between the management console and the partition <target partition> or the partition does not support dynamic partitioning operations" even though the RMC connection is actually active. 
    Circumvention: Confirm that the HMC lssyscfg -r lpar -m <managed system name> -F rmc_state command shows the RMC connection is active then try the partition migration operation again.
  • Fixed an issue where system initiated System Dump files were not being automatically called home.
  • Fixed a problem where some GUI views of system firmware levels such as the Updates,  System Code Levels table incorrectly show a deferred level of none (or blank) when a deferred level exists.    
  • Fixed a problem that resulted in a false report of SRC E2FF1801 and SRC E2FF1800.  These SRCs typically occur when running the software or performance inventory tasks on an HMC that is managing a large number of servers even though the inventory tasks complete successfully.
  • Fixed an issue causing the update of I/O device microcode from IBM microcode CD/DVD to fail with "HSCF0179W Operation was partially successful for <target>.An error occurred while attempting to update I/O microcode on <target>:An error occurred copying a file from the CDROM.  First verify the correct media is inserted in the drive, that there is space available on the target system, then try the operation again."
  • Fixed a problem that caused E2FF4304 SRCs to be generated during HMC PTF installation.
  • Fixed a problem with the vterm console window on the local HMC console that prevented the window from resizing when the font size for the window was made larger.  This problem could prevent the user from being able to see the entire contents of the console window.
  • Fixed a rare error that can occur when the HMC is processing a property change event for a tree node representing a managed object or group while a managed system is being added to the HMC.  This error caused SRC E3551040 to be generated and called home.
  • Fixed a problem causing partition migration operations performed by PowerVC to fail when the ibmpowervm_mover_service_partitions attribute is specified in the nova.conf files.  This problem occurs only with Virtual I/O Server versions 2.2.4 and later.
  • Fixed IBM Websphere Application Server (WAS) vulnerabilities: CVE-2016-0378 and CVE-2016-5986.
  • Fixed Apache Tomcat vulnerability: CVE-2016-3092.
  • Set the X-Frame-Options HTTP response header from all HMC /dashboard URLs to instruct the browser to not allow framing from other domains. This change is intended to prevent Clickjacking attacks.
  • Disabled TLS 1.0 for HMC ports 443, 9920 and 9960 in legacy security mode.

MH01662
06/23/16

  • Fixed a problem causing the WLP server not to start after the HMC is rebooted, causing the REST API functions to not be available.  This impacts the enhanced GUI login, PowerVC, PCM and any other function that utilizes the REST API on the HMC.  This problem only occurs if the user runs the save upgrade data task and subsequently reboots the HMC without actually performing an HMC upgrade.  This fix repairs HMCs previously impacted.

Installation

Special Install Instructions: Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:
1.    Log in again selecting the Log In option of "Classic".
2.    If already logged in to the HMC using Enhanced GUI, log off the HMC.
3.    Install using the normal installation instructions.
Alternatively, install this PTF using the CLI updhmc command.

Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Upgrading or restoring HMC Version 8

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Additional information

Notes:

  1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
  2. This image requires DVD -R media.
  3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
  4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.