Hardware Management Console Readme For use with Version 8 Release 8.5.0 SP2 Date: 22 August 2017 (C) Copyright International Business Machines Corp., 2017 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01714 <#MH01072> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01714 This package includes fixes for HMC Version 8 Release 8.5.0 Service Pack 2. You can also reference this package by PTF MH01714 and APAR MB04100. This image must be installed on top of HMC Version 8 Release 8.5.0 Service Pack 2 (PTF MH01657) with or without additional fixes. *Note1*: This PTF supersedes MH01685, MH01694 and MH01702. *Note2*: An HMC backup created after installing PTF MH01714 must only be restored on V8 R8.5.0 with Service Pack 2 (PTF MH01657) installed. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01714.iso 1386102784 d5c01fe772bfcc5b640a27e0a7bf4a9c3f977774 MB04100 MH01714 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.5.0 Service Pack: 2 HMC Build level 20170817.1 MH01714: Fix for HMC V8R8.5.0 SP2 (08-18-2017) ","base_version=V8R8.5.0 " List of fixes *Security fixes* * Fixed libtirpc vulnerability: CVE-2017-8779 * Fixed HTTPD vulnerability: CVE-2016-8743 * Fixed BIND vulnerabilities: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138, CVE-2017-3139, CVE-2017-3142 and CVE-2017-3143 * Fixed IBM WebSphere Application Server vulnerability: CVE-2017-1194 *General fix* * Fixed a rare issue that can cause a server to go into Incomplete state after installing the HMC due to missing virtual Switch IDs in a partition profile. * Fixed an issue that caused the updhmc –t nfs command to fail intermittently with the error "An error was detected while mounting the remote server. Verify the parameters have been entered correctly and try the operation again." * Fixed a problem that always caused the mkauthkeys command to silently fail when the -u option was specified. This issue prevents users from adding SSH keys for other users but does not prevent a user from adding an SSH key for the user they are currently logged in as. * Corrected the feature code and CCIN shown on the HMC for the adapter with feature code 57D8 (IBM PCIe3 x8 Cache SAS RAID Internal Adapter 6Gb). * Updated the certificate expiration date for the vterm applet. * Fixed an issue causing the generation and call home of SRC E3321007 after updating the HMC. This issue also can cause data collection for other call home events to fail, preventing the events from being called home or from sending the necessary data. *Previously released fixes also included in this PTF: * * MH01702* 06/19/17 * Fixed glibc vulnerabilities: CVE-2014-9761, CVE-2015-8776, CVE-2015-8778 and CVE-2015-8779 * Disabled client-initiated renegotiation for HMC port 9960 * Fixed a problem causing the HMC backup critical console data operation to fail with one of the following errors: "/HSCLA500 An internal error occurred. Try the operation again. If the operation continues to fail, contact your service representative./" or "/Backup of table data from database has failed. HSCP0108/". With this fix, if the user requested to include Performance and Capacity Monitoring (PCM) data in the backup and the backup of that data fails, the GUI will display a warning message, and if the user ran the bkconsdata command to perform the backup, the command will fail. If the user requested to not include PCM data in the backup, failures to connect to the PCM database will not cause the backup operation to fail. * Fixed another problem that resulted in the false report of SRC E2FF1800 when transmitting performance management information from an HMC that was managing a large number of partitions. * Fixed an issue with the pedbg command that can result in serviceable event E212E136. * Fixed a remote restart validation issue that caused the remote restart partition being validated to lose contact with its configured virtual fibre channel device and hang. This problem only occurs if the partition has virtual fibre channel adapters and the remote restart validation is done while the partition is running. With this fix, virtual fibre channel configuration is no longer validated during remote restart validation when the partition is running. To validate a partition's virtual fibre channel configuration, you must perform the remote restart validation when the partition is shutdown. * Fixed a rare issue where HMC performance degrades over time until the command server and/or web servers hang requiring an HMC reboot to resolve. Logs will show a large number of partition surveillance events and blocked threads and may also include out of memory errors. This issue can occur when network connectivity issues repeatedly occur between the HMC and large numbers of partitions over a short period of time. * Fixed a problem where the search by managed system name REST API fails with error "/500 Unable to parse the remainder of the following expression: - /" if the managed system name contains a dash character ('-'). This issue may impact some IBM HA applications. * MH01694* 04/21/07 * Fixed a security issue with the Firefox browser on the local HMC console. * Fixed an occurrence of a password specified on a command from being logged in clear text. * Fixed a problem causing the HMC backup critical console data operation to fail with one of the following errors: "/HSCLA500 An internal error occurred. Try the operation again. If the operation continues to fail, contact your service representative/." or "/Backup of table data from database has failed. HSCP0108/". With this fix, the backup operation will continue and no error will be reported to the user if the performance monitoring data backup fails. * Fixed an issue that caused an exception during repair of the DCCA on bulk power systems. * Fixed a problem that prevented the Power enterprise pool sync operation and managed system rebuild operation from correcting the number of installed processors and memory shown in the Power enterprise pool data for a server. This problem only occurs after additional processors or memory is installed on a server in a Power enterprise pool. * Fixed an issue that caused the following error to be displayed when trying to open a vterm console window: "/Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running/". With this fix, vterm console windows can continue to be opened after the vterm applet certificate has expired. * Fixed an intermittent false report of SRC B3030007 during HMC reboots. * MH01685* 03/21/17 * Fixed BIND vulnerability: CVE-2016-9147 * Fixed openSSH vulnerability: CVE-2015-8325 * Fixed multiple NTP vulnerabilities: CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, and CVE-2016-9311 * Fixed openSSL vulnerabilities: CVE-2016-8610 and CVE-2017-3731 * Fixed a race condition to prevent the generation and call home of SRC E3551172. Installation Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service.