For use with Version 8 Release 8.2.0 Service Pack 1

 

Contents

The information in this Readme contains fix list and other package information about the Hardware Management Console.

• PTF MH01538
• Package information
• List of fixes
• Installation
• Additional information

This package includes a fix for HMC Version 8 Release 8.2.0 Service Pack 1.  You can reference this package by APAR# MB03926 and PTF MH01538. This image must be installed on top of HMC Version 8 Release 8.2.0 SP1 (PTF MH01455) with or without additional PTFs .

NOTE: This PTF supersedes MH01499, MH01507, and MH01521.

Known Issues:

• The install may fail on HMCs that have been multi-step upgraded from Version 7.  Users can verify the HMC Certificate Signature Algorithm and update the certificate if needed prior to installing this PTF. For further information and instructions on preventing or resolving the issue see:
  http://www.ibm.com/support/docview.wss?uid=nas8N1020801

• Beginning June 30, 2015, a new server is required for customers using Electronic Service Agent on the HMC to Call Home to IBM.  Ensure any external firewall allows https connection to new server IP 129.42.50.224.  For a list of all required IP addresses and ports see the whitepaper "ESA for HMC Connectivity Security for IBM POWER6, POWER7 and POWER8 Processor-Based Systems and IBM Storage Systems DS8000" available at:
  http://www-01.ibm.com/support/esa/security.htm

Security Fixes

This PTF includes fixes for the following security vulnerabilities:

• Fixed multiple Java vulnerabilities: CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0478, CVE-2015-0477, CVE-2015-1916
  
• Fixed httpd and openssl "Logjam" vulnerability: CVE-2015-4000
  
• Fixed glibc vulnerabilities: CVE-2013-7423, CVE-2015-1781
• Fixed multiple Unzip Heap Buffer Overflows, "Zero Day", Vulnerabilities: CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636

General fixes

• Fixed an issue where after a network configuration change and reboot the network configuration may revert to the prior configuration       
  
• Fixed an issue where utilization data collection for a CEC that was enabled earlier is disabled after an HMC update   
  
• Fixed an issue where the server will go to an incomplete state if a user creates a new virtual network with a name that conflicts with auto-generated network names.
  
• Fixed an issue where login with a user profile that does not have an all resource role was slow.
• Fixed issue when heartbeat transmission takes place, error messages are seen in the log files.
  
• Updated the code signing certificate for the vterm applet.
• Fixed an issue where PowerVC deploys may fail with an "Unknown internal error", details are one or more logical partitions have not been assigned UUID values.
• Fixed an issue where SRC E35A000D was reported frequently on the  HMC.
• Fixed an issue where logging stops after log rotation runs for syslog impacting system files in /var/log
  
• Fixed an issue to rotate httpd logs correctly and prevent a /var full condition
  
  

Previously released fixes also included in this PTF:

MH01521 05/07/2015	Security fixes Fixed multiple vulnerabilities in OpenSSL: CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787 Fixed multiple vulnerabilities in Tomcat: CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119 CVE-2014-0230 CVE-2013-4444 CVE-2014-0227 Fix for RC4 stream cipher “Bar Mitzvah” vulnerability: CVE-2015-2808 General fixes RC4 based ciphers have been disabled.
MH01507 04/06/2015	Security Fixes CVE-2015-0204, CVE-2015-0138 (Freak) CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345 General fixes Fixed a problem where HMC was enabling weak ciphers that were not in the lshmcencr enabled cipher list.
MH01499 03/17/2015	Security Fixes Fixed multiple vulnerabilities in IBM Java SDK: (CVE-2015-0410, CVE-2014-6593) General fixes Fixed  a performance issue when working with Power Enterprise Pools on remote GUI Fixed a performance issue that could cause delays when querying VIOS

Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Upgrading or restoring HMC Version 8

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Notes:

1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
2. This image requires DVD -R media.
3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
   updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.