Hardware Management Console Readme For use with Version 8 Release 8.6.0 Service Pack 2 Updated: 12 December 2017 (C) Copyright International Business Machines Corp., 2017 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01722 <#MH01722> * Package information <#package> * Known Issues <#known> * List of fixes <#fixes> * Installation <#install> PTF MH01722 This package includes fixes for HMC Version 8 Release 8.6.0 Service Pack 2. You can reference this package by APAR MB04106 and PTF MH01722. This image must be installed on top of HMC Version 8 Release 8.6.0 Service Pack 2 (PTF MH01690) with or without additional fixes. *Note*: This PTF supersedes MH01716. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01722.iso 1642825728 14af1c0339810f073bc105a6495d8be46e57b0a7 MB04106 MH01722 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.6.0 Service Pack: 2 HMC Build level 20171016.2 MH01722: Fix for HMC V8R8.6.0 SP2 (10-16-2017) ","base_version=V8R8.6.0 " List of fixes *Security Fixes* * Fixed reflected cross-site scripting vulnerabilities. * Fixed gnutls vulnerabilities: CVE-2017-7869, CVE-2017-7507, CVE-2017-5337, CVE-2017-5336, CVE-2017-5335, CVE-2017-5334, and CVE-2016-7444 *General fixes* * Fixed an issue with the retention of call home data in the /opt/ccfw/data/vr directory to prevent call home SRC E212E136. * Fixed an issue resulting in empty file when downloading HMC performance data using non-English browser. * Added new chhmcldap option, --authsearch, to modify post-authentication search behavior. See chhmcldap man page for additional details. * Fixed an issue that caused false reports of call home serviceable events E212E30x. * Fixed another occurrence of the generation and call home of SRC E3D46FFF due to a scheduled change credential password task that no longer is needed. This occurred after updating the customer information on the HMC . * Fixed a problem where attempting to launch the ASM interface for a frame returned error "/HTTP Status Code: 408/". * Fixed an issue where the classic GUI hangs and user is eventually disconnected from the session during the install of HMC updates. * Fixed an issue with the enhanced UI that prevented the user from changing "Partition Start Policy" when the system is in Power off state. *Previously released fixes also included in this PTF: * * MH01716* 08/24/17 * Fixed HTTPD vulnerabilities: CVE-2016-0736, CVE-2016-2161 and CVE-2016-8743 * Fixed libtirpc vulnerability: CVE-2017-8779 * Fixed kernel vulnerabilities: CVE-2015-8374, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2117, CVE-2016-2847, CVE-2016-3156, CVE-2016-5828, and CVE-2016-10229 * Fixed BIND vulnerabilities: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138, CVE-2017-3139, CVE-2017-3142 and CVE-2017-3143 * Fixed IBM WebSphere Application Server vulnerability: CVE-2017-1194 * Eabled support for redundant MSPs for partition migration and validation operations and for virtual NIC failover. These functions were disabled after installing SP2 (PTF MH01690). Symptoms include: o vNIC adapters existing prior to update are not displayed in the GUI if they are defined with more than one backing device. o The ability to add additional backing devices to new vNIC adapters created after update is missing in the GUI. o Activation of partition(s) fail with the following error: "/HSCLAB30 The managed system does not support virtual NIC failover./" if the profile contains vNICs that have multiple backing devices defined. o Redundant MSP usage for partition migration and validation operations is not possible. * Enabled support for JNLP based VTERMs. This function was disabled after installing SP2 (PTF MH01690). Without this fix newer browsers may not launch the legacy vterm applet. * Fixed an issue that caused the enhanced GUI to fail with a 500 "/Unknown internal error/" when displaying partitions with virtual NIC adapters and can cause some options for modifying or deleting virtual NIC adapters to be grayed out or missing. This issue only occurs when one of the virtual NIC backing devices has an invalid Virtual I/O Server ID of 65,535. * Prevent the generation and call home of SRC E3550800 due to a timing issue. * Corrected the feature code and CCIN shown on the HMC for the adapter with feature code 57D8 (IBM PCIe3 x8 Cache SAS RAID Internal Adapter 6Gb). * Fixed an issue that caused the updhmc –t nfs command to fail intermittently with the error "/An error was detected while mounting the remote server. Verify the parameters have been entered correctly and try the operation again/." * Fixed a problem that always caused the mkauthkeys command to silently fail when the -u option was specified. This issue prevents users from adding SSH keys for other users but does not prevent a user from adding an SSH key for the user they are currently logged in as. * Fixed reference code links in the enhanced GUI to open a window containing reference code details when clicked. * Fixed a problem preventing the Recover Partition Data task from restoring the maximum and reserved processing unit settings for shared processor pools. * Fixed an issue where enabling inbound VPN connections on the HMC always fails. * Fixed an issue causing the generation and call home of SRC E3321007 after updating the HMC. This issue also can cause data collection for other call home events to fail, preventing the events from being called home or from sending the necessary data. * Updated the certificate expiration date for the vterm applet. Installation Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions