PTF MH01758 Readme

Hardware Management Console Readme

For use with Version 8 Release 8.5.0 Service Pack 3

Date: 22 March 2018
(C) Copyright International Business Machines Corp., 2017 All rights reserved.

The information in this Readme contains the fix list and other package information about the Hardware Management Console.

PTF MH01758
Package information
List of fixes
Installation

PTF MH01758

This package includes fix for HMC V8 R8.5.0 or any subsequent service packs. You can also reference this package by PTF MH01758 and APAR MB04145. This image must be installed on top of HMC Version 8 Release 8.5.0 (PTF MH01616) with Service Pack 3 (PTF MH01689) with or without additional fixes.

Note: This PTF supersedes MH01746 (vHMC only) and MH01721.

*Package information*
Package name	Size	Checksum (sha1sum)	APAR#	PTF#
MH01758.iso	1444921344	8f133a9a4cc01ea8b8789f04dd65ee6f5cdd2f50	MB04145	MH01758
Splash Panel information (or lshmc -V output)
"version= Version: 8  Release: 8.5.0  Service Pack: 3 HMC Build level 20180223.1 MH01758: Fix for HMC V8R8.5.0 SP3 (02-23-2018) ","base_version=V8R8.5.0 "

List of fixes

Security Fixes

Addressed an issue where Webserver version is disclosed in response message.
Added X-XSS-Protection to response header of all the URI on exposed ports to prevent cross-site scripting attacks
Addressed Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754.
Note: For vHMC, mitigation may require additional hypervisor and firmware updates; customers should consult their hypervisor and x86 system vendors for information
Fixed a security issue in hmc logging.

General fixes

Allow the HMC local console session to start after the certificate has expired.
Fixed an issue where update customer information for call home results in a scheduled operation producing SRC E3D46FFF due to errors when attempting to fetch call home related CEC credentials.
Prevent the call home of SRC E212E306.
Fixed high CPU usage by IBM.LparCmdRM process resulting in call home SRC E212E151.
Fixed an HMC performance issue with the PCM dashboard where if the user closes the window without using the "close button" (i.e. by closing or terminating the browser window instead) leads to symptoms such as: multiple reports of E332FFFF, hang of CLI commands, slow HMC response and eventual hang requiring a reboot.

Previously released fixes also included in this PTF:

MH01721
12/27/17

Fixed HTTPD vulnerabilities CVE-2017-9798, CVE-2017-12171, CVE-2017-9788, CVE-2017-7679, CVE-2017-3169 and CVE-2017-3167
Fixed NSS vulnerabilities CVE-2017-7805
Fixed Open SSH vulnerabilities CVE-2016-6210, CVE-2016-6515, CVE-2016-10009 and CVE-2016-10011
Fixed OGNL Expression Injection vulnerability.
Fixed cross frame scripting vulnerability.
Allow the HMC local console session to start after the certificate has expired.
Fixed an issue where update customer information for call home results in a scheduled operation producing SRC E3D46FFF due to errors when attempting to fetch call home related CEC credentials.
Prevent the call home of SRC E212E306.
Fixed high CPU usage by IBM.LparCmdRM process resulting in call home SRC E212E151.
Fixed an HMC performance issue with the PCM dashboard where if the user closes the window without using the "close button" (i.e. by closing or terminating the browser window instead) leads to symptoms such as: multiple reports of E332FFFF, hang of CLI commands, slow HMC response and eventual hang requiring a reboot.

Installation

Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Upgrading or restoring HMC Version 8

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Hardware Management Console Readme

Contents

PTF MH01758

List of fixes

Previously released fixes also included in this PTF:

Installation