Hardware Management Console Readme For use with HMC Version 10 Release 2 M1023 Date: 09 May 2024 (C) Copyright International Business Machines Corp., 2024 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MF71691 <#MF71691> * PTF MF71692 <#MF71692> * Package information <#package> * Fixes Included <#fixes> * Installation <#install> Terminology *x86* - This term is used to reference the Intel hypervisors (KVM, VMWare, Xen) on which Virtual HMC can be installed. *Note*: HMC V10R1 release for x86 is not supported on bare metal (7042 hardware appliances). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MF71691 HMC V10 R1 M1023.2 - for vHMC for x86_64 hypervisors (5765-VHX) This package represents an interim fix for the HMC V10 R1 M1023 for vHMC on x86_64 hypervisors. You can also reference this package by APAR MB04456 and PTF MF71691.This PTF can be installed on HMC V10 R2 M1023. Note: This PTF supersedes MF71681. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MF71691_x86.iso 4583440384 820d27e940aa4eca2f923ef8c098f92d42c36d2d MB04456 MF71691 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 1 Service Pack: 1023 HMC Build level 2404290525 MF69186 - Restore fix for HMC V10R1 M1010+ MF71508 - HMC V10R1 M1023 MF71691 - iFix for HMC V10R1 M1023 ","base_version=V10R1 " PTF MF71692 HMC V10 R1 M1023.2 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) This package represents an interim fix for the HMC V10 R1 M1023 on 7063 machine type or vHMC for PowerVM. You can reference this package by APAR MB04457 and PTF MF71692. This image can be installed on top of HMC V10 R1 M1023. Note: This PTF supersedes MF71682. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MF71692_ppc.iso 4573280256 0a47596bb0bf396b0e81d806342ddf9921c5dc96 MB04457 MF71692 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 1 Service Pack: 1023 HMC Build level 2404290525 MF69187 - Restore fix for HMC V10R1 M1010+ MF71509 - HMC V10R1 M1023 MF71692 - iFix for HMC V10R1 M1023 ","base_version=V10R1 " *Security fix* * Fixed an Information and Stack Trace disclosure for GET requests with malformed parameters to an API endpoint. Best Practices * Use Kerberos realm name that follow the standard naming structure. For example, DNS domain name in uppercase. * User sessions - The following best practices helps avoid performance degradations gradually over a period of time due to increased login sessions as well as security vulnerabilities such as unauthorized access to the active HMC sessions. o It is a best practice to logoff from HMC UI and then close the browser tab instead of directly closing the tab o Set Idle session timeout for all the users and not leave the timeout as '0' which leaves it as no timeout. **Previously released fixes also included in this PTF: * * *MF71681/**MF71682* 04/12/24 * Fixed the Call home management Outbound connectivity test to show the IP addresses using DNS resolution of esupport.ibm.com. * Fixed an issue causing the sed command to fail when a command argument contains a dash. * Fixed SSH vulnerability: CVE-2023-48795 * Fixed nghttp2 vulnerability: CVE-2023-44487 * Fixed libssh vulnerabilities: CVE-2023-1667 and CVE-2023-2283 * Fixed libxml2 vulnerabilities: CVE-2023-28484 and CVE-2023-29469 * Fixed Java vulnerabilities: CVE-2023-33850, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, and CVE-2024-20952 * Fixed Apache Tomcat vulnerabilities: CVE-2024-23672 and CVE-2024-24549 Installation Installation instructions for HMC Version 10 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 10 Updating, upgrading, and migrating your HMC machine code Update(s) for HMC V10R1M1010