Hardware Management Console Readme For use with Version 8 Release 8.2.0 Service Pack 1 Contents The information in this Readme contains fix list and other package information about the Hardware Management Console. * PTF MH01521 <#MH01521> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> h PTF MH01521 This package includes a fix for HMC Version 8 Release 8.2.0 Service Pack 1. You can reference this package by APAR# MB03909 and PTF MH01521. This image must be installed on top of HMC Version 8 Release 8.2.0 SP1 (PTF MH01455) with or without additional PTFs . *NOTE*: This PTF supersedes MH01499 and MH01507. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01521.iso 571645952 521b8e98c04a5644b2bd3b4086831f8b66bfae6a MB03909 MH01521 Splash Panel information (or lshmc -V output) *Installed on top of SP1* "version= Version: 8 Release: 8.2.0 Service Pack: 1 HMC Build level 20150429.1 MH01521: Fix for HMC V8R8.2.0 SP1 (05-01-2015) ","base_version=V8R8.2.0 " *Installed on top of SP1 + MH01515* "version= Version: 8 Release: 8.2.0 Service Pack: 1 HMC Build level 20150429.1 MH01515: Fix for rsh vterm hang (04-15-2015) MH01521: Fix for HMC V8R8.2.0 SP1 (05-01-2015) ","base_version=V8R8.2.0 " List of fixes *Security Fixes* This PTF includes fixes for the following security vulnerabilities: * Fixed multiple vulnerabilities in OpenSSL: CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787 * Fixed multiple vulnerabilities in Tomcat: o CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119 o CVE-2014-0230 o CVE-2013-4444 o CVE-2014-0227 * Fix for RC4 stream cipher “Bar Mitzvah” vulnerability: CVE-2015-2808 *General fixes* * RC4 based ciphers have been disabled. *Previously released fixes also included in this PTF: * * MH01507* 04/06/2015 *Security Fixes* * CVE-2015-0204, CVE-2015-0138 (Freak) * CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345 *General fixes* * Fixed a problem where HMC was enabling weak ciphers that were not in the lshmcencr enabled cipher list. *MH01499* 03/17/2015 *Security Fixes* * Fixed multiple vulnerabilities in IBM Java SDK: (CVE-2015-0410, CVE-2014-6593) *General fixes* * Fixed a performance issue when working with Power Enterprise Pools on remote GUI * Fixed a performance issue that could cause delays when querying VIOS Back to top <#ibm-content> Installation Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service. Back to top <#ibm-content>