Hardware Management Console Readme

For use with HMC Version 7 Release 7.3.0 Service Pack 7

 


      Contents

The information in this Readme contains the fix list and other package
information about the Hardware Management Console.

  * PTF MH01604 <#MH01604>
  * Package information <#package>
  * List of fixes <#fixes>
  * Installation <#install>
  * Additional information <#additional>


    PTF MH01604

This package includes a fix for HMC Version 7 Release 7.3.0 Service Pack
7.  You can reference this package by APAR# MB03733 and PTF MH01604.
This image can be installed on top of HMC Version 7 Release 7.3.0
Service Pack 7 (MH01456) with or without additional fixes.

*Note:* This PTF supersedes PTF MH01500, MH01503, MH01517, MH01535,
MH01547, MH01569, MH01577, and MH01596.


/Package information/ Package name 	Size 	Checksum (sha1sum) 	APAR# 	PTF#
MH01604.iso 	 643422208 	8a86e52748f91fce319df4c9140d813d192e5017
	MB03733 	MH01604
Splash Panel information (or lshmc -V output)
"version= Version: 7
 Release: 7.3.0
 Service Pack: 7
 HMC Build level 20160205.1
 MH01604: security updates (02-06-2016)
","base_version=V7R7.3.0
"


    Known Issues

  * While performing DCCA exchange for IBM POWER 775 systems, the image
    showing the MAC address is missing. The correct MAC address can be
    seen from the side of the DCCA.


    List of fixes

  * Fixed multiple OpenSSH vulnerabilities involving the ssh client
    "Roaming" feature: CVE-2016-0777 and CVE-2016-0778


*Previously released fixes also included in this PTF: *

*

MH01596*
01/25/16
	

  * Fixed multiple OpenSSL Vulnerabilities: CVE-2015-3193,
    CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794
  * Fixed multiple Java Vulnerabilities: CVE-2015-4843, CVE-2015-4868,
    CVE-2015-4806, CVE-2015-4872, CVE-2015-4911, CVE-2015-4893,
    CVE-2015-4842, and CVE-2015-4803

*
MH01577*
  12/04/15
	


  * Enhanced Repair & Verify DCCA exchange procedures for IBM POWER 775
    systems
  * Enhanced Repair & Verify exchange/remove procedures for the WCU
    control valve for IBM POWER 775 systems
  * Fixed  openssh vulnerability: CVE-2015-5600

*
MH01569*
10/16/15
	


  * Fixed net-snmp vulnerability: CVE-2014-3565
  * Fixed glibc vulnerability: CVE-2014-8121   



*MH01547*
08/12/15
	

  * Fixed multiple Java vulnerabilities: CVE-2015-4733, CVE-2015-4732,
    CVE-2015-2590, CVE-2015-4731, CVE-2015-4748, CVE-2015-2664,
    CVE-2015-2621, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, and
    CVE-2015-1931
  * Fixed multiple openssl vulnerability: CVE-2014-8176, CVE-2015-1788,
    CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and
    CVE-2015-3216
  * Fixed NTP vulnerabilities: CVE-2015-1799 and CVE-2015-3405









*MH01535*
07/14/15
	**Known Issues:
* *

  * The install may fail on HMCs that have a certificate signed with a
    weak signature algorithm.  Users can verify the HMC Certificate
    Signature Algorithm and update the certificate if needed prior to
    installing this PTF. For further information and instructions on
    preventing or resolving the issue see: 
    http://www.ibm.com/support/docview.wss?uid=nas8N1020801

  * Beginning June 30, 2015, a new server is required for customers
    using Electronic Service Agent on the HMC to Call Home to IBM. 
    Ensure any external firewall allows https connection to new server
    IP 129.42.50.224.  For a list of all required IP addresses and ports
    see the whitepaper "/ESA for HMC Connectivity Security for IBM
    POWER6, POWER7 and POWER8 Processor-Based Systems and IBM Storage
    Systems DS8000/" available at:
    http://www-01.ibm.com/support/esa/security.htm

*Security Fixes*

  * Fixed multiple Java vulnerabilities: CVE-2015-0480, CVE-2015-0486,
    CVE-2015-0488, CVE-2015-0478, CVE-2015-0477, CVE-2015-1916
  * Fixed multiple Heap Buffer Overflow, “Zero Day”, Vulnerabilities: 
    CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636
  * Fixed httpd and openssl “Logjam” vulnerability: CVE-2015-4000

*General Fixes*

  * Updated the code signing certificate for the vterm applet

*





MH01517*
05/11/2015 	

*Security Fixes*

  * Fixed multiple vulnerabilities in OpenSSL: CVE-2015-0207,
    CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286,
    CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,
    CVE-2015-0293, CVE-2015-1787
  * Fixed multiple vulnerabilities in Tomcat:
      o CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099,
        CVE-2014-0119
      o CVE-2014-0230
      o CVE-2013-4444
      o CVE-2014-0227
  * Fixed multiple vulnerabilities in glibc: CVE-2013-7423,
    CVE-2014-7817, CVE-2014-9402, CVE-2015-1472

*General fixes*

  * RC4 based ciphers have been disabled.

*
MH01503*
04/11/2015
	

  * CVE-2015-0204 (Freak)




*MH01500*
03/09/2015
	

*Security Fixes*

  * Fixed multiple vulnerabilities in Network Time Protocol (NTP):
    (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9297,
    CVE-2014-9298)
  * Fixed multiple vulnerabilities in IBM Java SDK: (CVE-2015-0410,
    CVE-2014-6593)

*General fixes*

  * Fixed an issue where the java applet causes the HMC console to stop
    responding to input when a vterm is open for a long time and/or when
    F10 is pressed in the vterm

Back to top <#ibm-content>


    Installation

Installation instructions for HMC Version 7 upgrades, updates and
corrective service can be found at these locations:

Installation methods for HMC Version 7 updates and fixes
<http://www.ibm.com/support/docview.wss?uid=isg3T1012427>

Upgrading or restoring HMC Version 7
<http://www.ibm.com/support/docview.wss?uid=isg3T1012390>

Instructions and images for upgrading via a remote network install can
be found here (for all HMC releases):

HMC network installation images
<http://www14.software.ibm.com/webapp/set2/sas/f/netinstall/home.html>


    Additional information


      Notes:

 1. The Install Corrective Service task now allows you to install
    corrective service updates from the ISO image files of these
    updates. You can download these ISO image files for the HMC, and
    then use the ISO image file to install the corrective service
    update. You no longer need to burn CD-R or DVD-R media to use the
    ISO image file to install corrective service.
 2. This image requires DVD -R media.
 3. To install updates over the network, select the *.iso file on the
    "Select Service Package" panel of the Install Corrective Service
    task. The HMC application extracts the files needed to install the
    corrective service. If you are using USB flash media, copy the *.iso
    file to the flash media, and then select the file when prompted.
 4. The *updhmc* command line command has also been modified to use the
    *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f
    </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install
the corrective service.

Back to top <#MH01604>