PTF MH01537 Readme

The information in this Readme contains fix list and other package information about the Hardware Management Console.

PTF MH01537

This package includes fixes for HMC Version 7 Release 7.9.0 Service Pack 2. You can reference this package by APAR# MB03925 and PTF MH01537. This image must be installed on top of HMC Version 7 Release 7.9.0 Service Pack 2 (MH01451) with or without additional fixes.

Note: This PTF supersedes MH01505 and MH01519.

*Package information*
Package name	Size	Checksum (sha1sum)	APAR#	PTF#
MH01537.iso	1364975616	26dcf7fd406a8d6d348ce59d5e693c7f5ba0a4c0	MB03925	MH01537
Splash Panel information (or lshmc -V output)
"version= Version: 7 Release: 7.9.0 Service Pack: 2 HMC Build level 20150629.1 MH01537: Fix for security updates (07-06-2015) ","base_version=V7R7.9.0 "

List of fixes

Known Issues:

The install may fail on HMCs that have a certificate signed with a weak signature algorithm. Users can verify the HMC Certificate Signature Algorithm and update the certificate if needed prior to installing this PTF. For further information and instructions on preventing or resolving the issue see:
http://www.ibm.com/support/docview.wss?uid=nas8N1020801

Beginning June 30, 2015, a new server is required for customers using Electronic Service Agent on the HMC to Call Home to IBM. Ensure any external firewall allows https connection to new server IP 129.42.50.224. For a list of all required IP addresses and ports see the whitepaper "ESA for HMC Connectivity Security for IBM POWER6, POWER7 and POWER8 Processor-Based Systems and IBM Storage Systems DS8000" available at:
http://www-01.ibm.com/support/esa/security.htm

Security Fixes

This PTF includes fixes for the following security vulnerabilities:

Fixed multiple Java vulnerabilities: CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0478, CVE-2015-0477, CVE-2015-1916
Fixed httpd and openssl "Logjam" vulnerability: CVE-2015-4000
Fixed Multiple Heap Buffer Overflow, "Zero Day", Vulnerabilities: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141, CVE-2014-9636
Fixed a potential security issue with viosvrcmd.

General fixes

Updated the code signing certificate for the vterm applet.
Fixed an issue where the server will go to an incomplete state if a user creates a new virtual network with a name that conflicts with auto-generated network names.

Previously released fixes also included in this PTF:

MH01519
05/07/2015

Security Fixes

Fixed multiple vulnerabilities in OpenSSL: CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
Fixed multiple vulnerabilities in Tomcat:

CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119

CVE-2014-0230

CVE-2013-4444

CVE-2014-0227

Fixed multiple vulnerabilities in glibc: CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472
Fix for RC4 stream cipher "Bar Mitzvah" vulnerability: CVE-2015-2808

Includes CVEs fixed earlier:

CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205, CVE-2015-0206

General fixes

Fixed an issue with Leap Second, where HMC could encounter a system hang or performance degradation after the leap second is added at the end of June 30th 2015.
RC4 based ciphers have been disabled.

MH01505
04/06/2015

Security Fixes

CVE-2015-0204 (Freak)

Includes CVEs fixed earlier:

CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205, CVE-2015-0206

General fixes

Fixed a problem where HMC was enabling weak ciphers that were not in the lshmcencr enabled cipher list.

Installation

Installation instructions for HMC Version 7 upgrades, updates and corrective service can be found at these locations:

Installation methods for HMC Version 7 updates and fixes

Upgrading or restoring HMC Version 7

Instructions and images for upgrading via a remote network install can be found here (for all HMC releases):

HMC network installation images

Additional information

Notes:

The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
This image requires DVD -R media.
To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.

Hardware Management Console Readme

Contents

PTF MH01537

List of fixes

Installation

Additional information

Notes: