Hardware Management Console Readme For use with Version 8 Release 8.5.0 SP2 Date: 19 June 2017 Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01702 <#MH01072> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01702 This package includes fixes for HMC Version 8 Release 8.5.0 Service Pack 2. You can also reference this package MH01702 by PTF and APAR MB04088. This image must be installed on top of HMC Version 8 Release 8.5.0 Service Pack 2 (PTF MH01657) with or without additional fixes. *Note1*: This PTF supersedes MH01685 and MH01694. *Note2*: An HMC backup created after installing PTF MH01702 must only be restored on V8 R8.5.0 with Service Pack 2 (PTF MH01657) installed. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01072.iso 1379899392 6a28f390a90c4f1016d7abd5df61eb05cd7d00de MB04088 MH01072 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.5.0 Service Pack: 2 HMC Build level 20170526.1 MH01702: Fix for HMC V8R8.5.0 SP2 (05-31-2017) ","base_version=V8R8.5.0 " List of fixes *Security fixes* * Fixed glibc vulnerabilities: CVE-2014-9761, CVE-2015-8776, CVE-2015-8778 and CVE-2015-8779 * Disabled client-initiated renegotiation for HMC port 9960 *General fix* * Fixed a problem causing the HMC backup critical console data operation to fail with one of the following errors: "/HSCLA500 An internal error occurred. Try the operation again. If the operation continues to fail, contact your service representative./" or "/Backup of table data from database has failed. HSCP0108/". With this fix, if the user requested to include Performance and Capacity Monitoring (PCM) data in the backup and the backup of that data fails, the GUI will display a warning message, and if the user ran the bkconsdata command to perform the backup, the command will fail. If the user requested to not include PCM data in the backup, failures to connect to the PCM database will not cause the backup operation to fail. * Fixed another problem that resulted in the false report of SRC E2FF1800 when transmitting performance management information from an HMC that was managing a large number of partitions. * Fixed an issue with the pedbg command that can result in serviceable event E212E136. * Fixed a remote restart validation issue that caused the remote restart partition being validated to lose contact with its configured virtual fibre channel device and hang. This problem only occurs if the partition has virtual fibre channel adapters and the remote restart validation is done while the partition is running. With this fix, virtual fibre channel configuration is no longer validated during remote restart validation when the partition is running. To validate a partition's virtual fibre channel configuration, you must perform the remote restart validation when the partition is shutdown. * Fixed a rare issue where HMC performance degrades over time until the command server and/or web servers hang requiring an HMC reboot to resolve. Logs will show a large number of partition surveillance events and blocked threads and may also include out of memory errors. This issue can occur when network connectivity issues repeatedly occur between the HMC and large numbers of partitions over a short period of time. * Fixed a problem where the search by managed system name REST API fails with error "/500 Unable to parse the remainder of the following expression: - /" if the managed system name contains a dash character ('-'). This issue may impact some IBM HA applications. *Previously released fixes also included in this PTF: * * MH01694* 04/21/07 * Fixed a security issue with the Firefox browser on the local HMC console. * Fixed an occurrence of a password specified on a command from being logged in clear text. * Fixed a problem causing the HMC backup critical console data operation to fail with one of the following errors: "/HSCLA500 An internal error occurred. Try the operation again. If the operation continues to fail, contact your service representative/." or "/Backup of table data from database has failed. HSCP0108/". With this fix, the backup operation will continue and no error will be reported to the user if the performance monitoring data backup fails. * Fixed an issue that caused an exception during repair of the DCCA on bulk power systems. * Fixed a problem that prevented the Power enterprise pool sync operation and managed system rebuild operation from correcting the number of installed processors and memory shown in the Power enterprise pool data for a server. This problem only occurs after additional processors or memory is installed on a server in a Power enterprise pool. * Fixed an issue that caused the following error to be displayed when trying to open a vterm console window: "/Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running/". With this fix, vterm console windows can continue to be opened after the vterm applet certificate has expired. * Fixed an intermittent false report of SRC B3030007 during HMC reboots. * MH01685* 03/21/17 * Fixed BIND vulnerability: CVE-2016-9147 * Fixed openSSH vulnerability: CVE-2015-8325 * Fixed multiple NTP vulnerabilities: CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, and CVE-2016-9311 * Fixed openSSL vulnerabilities: CVE-2016-8610 and CVE-2017-3731 * Fixed a race condition to prevent the generation and call home of SRC E3551172. Installation Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service.