Hardware Management Console Readme For use with HMC Version 9 Release 2 M953 Date: 26 May 2023 (C) Copyright International Business Machines Corp., 2023 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01958 <#MH01958> * PTF MH01959 <#MH01959> * Package information <#package> * Security fix <#fixes> * Known issues and limitations <#known> * Installation <#install> Terminology *x86* - This term is used to reference the legacy HMC that runs on x86/Intel/AMD hardware for both the 7042 Machine Type appliances and the Virtual HMC that can run on the Intel hypervisors (KVM, VMWare, Xen). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MH01958 - HMC V9 R2 953.5 for 7042-CR9 Hardware or vHMC for x86_64 hypervisors (5765-HMW) This package represents an interim fix for the HMC V9 R2 M953 release for 7042-CR9 hardware or vHMC for x86_64 hypervisors. You can also reference this package by PTF MH01958 and APAR MB04409. This PTF can be installed on HMC Version 9 Release 2 M953. *Note*: This PTF supersedes MH01937, MH01943, MH01948, and MH01953. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01958_x86.iso 3794298880 2fb2a4bd6dc1562a026a87c9e3eb19edcb454836 MB04409 MH01958 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 2 Service Pack: 953 HMC Build level 2305230214 MH01933 - HMC V9R2 M953 MH01958 - iFix for HMC V9R2 M953 ","base_version=V9R2 " PTF MH01959 - HMC V9 R2 953.5 for 7063 Machine Types or vHMC for PowerVM (5765-HMB) This package represents an interim fix for the HMC V9 R2 M953 release on the 7063-machine type or vHMC for PowerVM. You can also reference this package by PTF MH01959 and APAR MB04410. This PTF can be installed on HMC Version 9 Release 2 M953. *Note*: This PTF supersedes MH01938, MH01944, MH01949, and MH01954. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01959_ppc.iso 3786713088 0e954676d2e9f08ed7bafe90767a0940472df1a1 MB04410 MH01959 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 2 Service Pack: 953 HMC Build level 2305230214 MH01934 - HMC V9R2 M953 MH01959 - iFix for HMC V9R2 M953 ","base_version=V9R2 " *Security fix* * Fixed httpd vulnerability: CVE-2023-25690. Known issues and limitations * The reset of an expired password of a Kerberos user is not supported in multi-realm configuration setups since release V9 R2 950. When such users try to login using GUI, they will get message as /Invalid credential/. Upon login from CLI, users may see below or similar messages. /Password:// //Password expired. Change your password now.// //Current password:// //Current Password:// //Password change failed. Server message: Old password not accepted.// //Current Password:// //Password change failed. Server message: Old password not accepted.// //Current Password:// //New password:// //Retype new password:// //Password change failed. Server message: Old password not accepted. / *Circumvention*: Change or reset the password first, then log into HMC. ** Previously released fixes also included in this PTF: * * *MH01953/MH01954* 4/21/23 * Fixed another issue causing Firefox on the local HMC console to make background connection calls to Amazon and Google Cloud. * Fixed another issue causing the generation and call home of SRCs E2FF4600, E2FF1409 and E2FF4406. * Added support for PowerSC 2.1.0.4. * Fixed another issue that can still cause the save upgrade data process to continue to fail due to lack of space when run after the previous attempt also failed due to lack of space when the space requirements were reduced. * Fixed an issue that causes in-band BMC communication on a Power HMC to fail after restoring HMC upgrade data that was migrated with network configuration data from a CR9 HMC. * Increased timeout when trying to arbitrate primary monitoring HMC for managed server in dual-HMC environment to avoid repeated call home SRC E3325009. * Fixed an issue that caused some scheduled operations, and some transmit service information operations to run much more frequently than scheduled. This issue occurs if the HMC time zone is changed after the scheduled operation or transmit service information operation is initially scheduled. * Fixed an issue causing the following harmless message to be logged in /var/log/messages: "/rsyslogd[678959]: command 'SystemLogSocketName' is currently not permitted/". * Fixed an issue that caused SRC E212E136 to be generated and called home when collecting hardware VPD inventory from a system with a large inventory. * Fixed an issue that causes PCM aggregated metrics to no longer be generated after the HMC time is moved forward or when Daylight Saving Time starts. * Fixed Java vulnerability: CVE-2022-21426. * Fixed CVE vulnerabilities: CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286. * Fixed libXpm vulnerabilities: CVE-2022-4883, CVE-2022-44617 and CVE-2022-46285. * Fixed expat vulnerability: CVE-2022-43680. * Fixed D-Bus vulnerabilities: CVE-2022-42010, CVE-2022-42011 and CVE-2022-42012. * Fixed Libtasn1 vulnerability: CVE-2021-46848. * Fixed Apache Tomcat vulnerability: CVE-2023-24998. * Fixed a security issue on the HMC. *MH01948/MH01949* 2/03/23 * Fixed an HMC performance issue causing general slowness across HMCs that have Performance and Capacity Monitoring (PCM) enabled. * Fixed an issue that causes HMC GUI to stop responding and generate SRC E35A0053. * Fixed an issue to prevent reporting SRC E3325009 arbitration error. * Fixed a timing issue that caused the HMC to lose its network settings when it was restarted. * Fixed an issue that caused SRCs E35A0083 and E332FFFF to be reported and PCM aggregated metrics to no longer be generated after DST ended. * Fix for SRC E23D0503 being called home after a reboot due to a core dump * Fixed an issue that causes /0x0314 error/ with the message /"Return code type: Failure (hard stop or user intervention required).// //Message:// //The partition does not support a required management console capability level.// //Corrective action:// //Update the partition to the latest PTF level."/ This happens when RV CM operation is performed on a machine with a MEX attached and the MEX resources are in use by IBMi partitions the first time after the system has been powered up, they will be blocked from proceeding. * Fixed an issue that causes SRC E3326701 * Fixed an issue that caused HMC GUI to display empty managed systems list with the following error: "/The HMC information could not be displayed because of an error while retrieving the information./" * Update serviceable event processing to allow for events to be processed that have invalid date strings. * Fix to prevent hdwr_svr from crashing and recovering automatically, resulting in call home SRC E23D040A. * Addressed Java vulnerabilities CVE-2022-3676 , CVE-2022-21628, CVE-2022-21626, CVE-2022-21624 and CVE-2022-21619. * Addressed vulnerability: CVE-2022-43926. * Fixed an issue with running the sed command. **MH01943/**MH01944** 11/17/22 * Fixed an issue that prevented call home from working successfully. Symptoms included test call home displaying attempts at trying additional IP addresses. * Fixed a call home connection issue when a proxy is configured causing intermittent connection drop. * Fixed an an issue that prevented connection surveillance call home reporting for eBMC systems for SRCs such as B3030001, etc... * Fixed a rare timing issue where the *updlic *command would stop producing output and would display the following message, even though the updlic task is still running: /Unknown output type: from message (0x7f)./ * Fixed the ping command failing to execute after restore CCD resulting in error message: "/operation not permitted/". * Fixed an issue of reporting call home SRC E35F0013 during installation of HMC Service Pack 953. * Fixed an issue that prevented login for any Kerberos user . * Fixed an issue with LDAP automanage setting not updating correctly after reconfiguration of LDAP. * Addressed Kernel vulnerabilities: CVE-2022-1012 and CVE-2021-45485 * Addressed bind vulnerability: CVE-2021-25219 * Addressed httpd vulnerabilities: CVE-2021-33193, CVE-2021-44224 and CVE-2020-13950 * Fixed a security issue with the HMC. **MH01937/**MH01983** 9/27/22 * Fixed an issue that causes "Add Virtual Network" operation to fail while modifying load balance field. * Fixed an issue that causes an /error code 500/, while opening full Tasklog and shows nothing in the tasklog widget. * Increased timeout of firmware update from 2 to 4 hours to handle timeout issues that caused code update to fail. * Fixed an issue during serviceable event data sync between HMCs where an initial failure syncing data would prevent further data in that attempt to sync. * Fixed an issue causing Call Home to fail from some countries when specified as part of the Customer Information panel. * Fixed an issue preventing local console events from being serviced by a 7063-CR2. * Obscured the password logged by the *chsacfg -t ftp -o test* command and the Transmit Service Information -> Configure FTP Connections -> Enable FTP -> Perform Test action on the GUI. * Addressed Java SDK security vulnerabilities: CVE-2022-21496, CVE-2022-21434 and CVE-2021-41041 Installation Installation instructions for HMC Version 9 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 9 Updating,upgrading, and migrating your HMC machine code Instructions and images for upgrading via a remote network install can be found here: HMC V9 network installation images and installation instructions