Hardware Management Console Readme For use with Version 7 Release 7.7.0 Service Pack 4 Contents The information in this Readme contains fix list and other package information about the Hardware Management Console. * PTF MH01516 <#MH01516> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01516 This package includes fixes for HMC Version 7 Release 7.7.0 Service Pack 4. You can reference this package by APAR# MB03904 and PTF MH01516. This image must be installed on top of HMC Version 7 Release 7.7.0 SP4 (PTF MH01415) with or without additional fixes. Note: This PTF supersedes MH01471, MH01482, MH01489, MH01501. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01516.iso 1006059520 4b14f37d549e77d57d071954dff116d9731b8ee1 MB03904 MH01516 Splash Panel information (or lshmc -V output) "version= Version: 7 Release: 7.7.0 Service Pack: 4 HMC Build level 20150402.1 MH01516: Fix for various updates (04-03-2015) ","base_version=V7R7.7.0 " List of fixes *Security Fixes* This PTF includes fixes for the following security vulnerabilities: * CVE-2015-0204 (Freak) *General fixes* * Fixed a problem where HMC was enabling weak ciphers that were not in the lshmcencr enabled cipher list. * Fixed an issue with Leap Second, where HMC could encounter a system hang or performance degradation after the leap second is added at the end of June 30th 2015. *Previously released fixes also included in this PTF: * *MH01501* 03/09/15 *Security Fixes* * Fixed multiple vulnerabilities in Network Time Protocol (NTP): (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298) * Fixed multiple vulnerabilities in IBM Java SDK: (CVE-2015-0410, CVE-2014-6593) *General fixes* * Fixed an issue where the java applet causes the HMC console to stop responding to input when a vterm is open for a long time and/or when F10 is pressed in the vterm * MH01489* 02/06/15 *Enhancements* * This PTF disables SSLv3 on the HMC user interfaces. After applying this PTF, remote access to the HMC (Browser, ASM, GUI vterm, and pegasus) will require clients that support TLSv1.0. IBM i secure remote 5250 console will require TLSv1.1 or higher. This PTF also disables all ciphers except TLSv1.2 on HMC/FSP connections where the server firmware level supports it. *Security Fixes* * Fixed CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-6512, CVE-2014-6457, CVE-2014-6558 * Fixed a problem where the HMC local login's browser session attempts to connect to external, non-IBM IP addresses. * Fixed CVE-2015-0235, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2014-3569, CVE-2015-0205, CVE-2015-0206 * NTP security fix for CVE-2014-9295 *General fixes* * Fixed a problem where authentication to the HMC Pegasus server fails if the user profile is configured to authenticate using LDAP * Fixed multiple issues in MH01482 including: o No connection to POWER5 servers; o HMC reboot hangs at initializing or boots but fails to list any servers; o lshmcencr lists no active ciphers; weak ciphers are enabled on the web GUI. * Fixed a problem where HMC Master/Slave replication may fail. * Fixed a problem where problem analysis for a server or frame may stop causing service events to not be reported. * Fixed a problem where HMC incorrectly allowed 8205-#6C systems to upgrade to an unsupported firmware level. * Fixed call home issues by reducing the amount of memory used. This may correct "out of memory" errors such as serviceable event E355004C as well as /var full on some HMCs serviceable event E212E134; particularly on HMCs with the minimum amount of memory. * Fixed the description of a PCIe2 Graphics adapter being reported as a PCI-to-PCI bridge. *Restrictions : * Currently in legacy security mode of HMC, it supports TLSv1.0 Protocol only, not TLSv1.1 nor TLSv1.2. * MH01482* 12/18/14 *Security Fixes* * CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-6512, CVE-2014-3566, CVE-2014-6457, CVE-2014-6558 *General fixes* * Fixed a problem where authentication to the HMC Pegasus server fails if the user profile is configured to authenticate using LDAP. *MH01471* 10/01/14 * Fix for the following bash security vulnerabilities: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278 Back to top <#ibm-content> Installation Installation instructions for HMC Version 7 upgrades, updates and corrective service can be found at these locations: Installation methods for HMC Version 7 updates and fixes Upgrading or restoring HMC Version 7 Instructions and images for upgrading via a remote network install can be found here (for all HMC releases): HMC network installation images Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service. Back to top <#ibm-content>