Hardware Management Console Readme

For use with Version 8 Release 8.3.0 Service Pack 2

Updated: 28 June 2016 

Contents

The information in this Readme contains fix list and other package information about the Hardware Management Console.

PTF MH01638

This package includes a fix for HMC Version 8 Release 8.3.0 Service Pack 2.  You can reference this package by APAR MB04025 and PTF MH01638. This image must be installed on top of HMC Version 8 Release 8.3.0 Service Pack 2 (PTF MH01540) with or without additional fixes.

Note: This PTF supersedes PTF MH01625 and MH01631.


Package information
Package name Size Checksum (sha1sum) APAR# PTF#
MH01638.iso 991295488 8808838205acfceb47ee7a7f1e73eec32323b3eb
MB04025 MH01638
Splash Panel information (or lshmc -V output)

"version= Version: 8
 Release: 8.3.0
 Service Pack: 2
HMC Build level 20160610.1
MH01638: Fix for HMC V8R8.3.0 SP2 (06-11-2016)
","base_version=V8R8.3.0
"

Known Issues:

1. Special Install Instructions
Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:
  1. Log in again selecting the Log In option of "Classic".
  2. If already logged in to the HMC using Enhanced+ GUI, log off the HMC.
  3. Install using the normal installation instructions.
  Alternatively, install this PTF using CLI.

2. After installing this PTF, the security mode cannot be changed. The chhmc -c security -s modify --mode nist_sp800_131a command will fail with "Invalid Parameter".

3. The  Console Window > Open Terminal Window task may fail with "javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name" in Java console output.   The circumvention is to use ssh vtmenu/mkvterm command.  A fix is planned for a future PTF.

Command line changes

This PTF adds a new option to the chhmc command to allow an admin to set a grub password at bootup.  To resolve this security vulnerability, users apply the PTF (with mandatory reboot) then set a password.

Syntax:
chhmc -c grubpasswd
                  -s {enable | disable | modify}
                  [--passwd password]

List of fixes

Security Fixes

General Fixes

Previously released fixes also included in this PTF:






MH01631

05/15/16

  • Fixed a Repair & Verify issue on systems utilizing the 24 inch frame with a power subsystem where users can experience a failure of concurrent service maintenance activities on power components within the CEC enclosure, the Power Subsystem enclosure, and any installed I/O devices within the frame.     
    Servers impacted include the  POWER 575, 590, 595, 795:  models 9125-F2A,F2B,F2C; 9118-575; 9119-590,595,FHA,FHB; 9406-595.
    Errors include:  
    "An internal error occurred when the management console attempted to validate the service network. Some or all of the required network resources may not be available. Contact your next level of support for problem determination."  
    and
    "Redundancy status could not be determined for the FRU in location:    U5791.001.XXXXXXX-Ex"(example)
    The FRU cannot be exchanged concurrently. The IO Drawer must be powered off and partitions may need to be shut down to continue the repair.


  • Fixed an issue where call home was attempting to establish a connection to the old (pre HMC V8R8.3) callhome servers even when not using legacy callhome. If the legacy callhome addresses were blocked by a firewall, call home may fail.








MH01625

04/25/16

  • Fixed OpenSSL security vulnerabilities; CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797
  • Fixed Tomcat vulnerabilities:  CVE 2015-5174,CVE-2015-5345,  CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
  • Fixed vulnerabilities in bind: CVE-2016-1285 and CVE-2016-1286
  • Fixed security vulnerability with Strongswan: CVE-2015-8023          
  • Fixed the following Httpd security vulnerabilities: CVE-2013-5704 CVE-2015-3183
  • Fixed libssh2 security vulnerability CVE-2016-0787
  • Fixed ntp security vulnerabilities; CVE-2015-5300, CVE-2015-7704, CVE-2015-8138
  • Fixed a security issue with HMC restricted shell.
  • Fixed issue where lshmc -r command returned incorrect results when displaying the altdiskboot setting.
  • Fixed a rare deadlock condition that can cause the HMC to hang within several days of encountering the deadlock.  Symptoms include HMC no longer allowing GUI logins, CLI failing with "command server failed" errors.
  • Fixed a problem where serviceable event E3690102 may be incorrectly reported during the install of a HMC PTF.
  • Fixed a problem where attempting to restore a HMC backup from USB flash will fail with error "The media device is not functioning correctly. Contact your service representative." if the backup is less than 3GB in size. 
  • Fixed a problem where attempting to deploy an AIX image using PowerVC to a HMC that manages multiple servers, some of which support only linux only, may fail due to the Linux only server being selected for deploy.
  • Fixed a rare issue where serviceable event E355092F may be incorrectly reported.
  • Fixed an error obtaining credentials that resulted in call home SRC E3D4310A.



Back to top

Installation

Special Install Instructions
Installing this PTF using the Enhanced+ interface may hang.  Prior to installing this PTF using the web browser graphical interface perform the following:

  1. Log in again selecting the Log In option of "Classic".
  2. If already logged in to the HMC using Enhanced+ GUI, log off the HMC.
  3. Install using the normal installation instructions.
Alternatively, install this PTF using CLI.


Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations:

Installation methods for HMC Version 8 fixes

Instructions and images for upgrading via a remote network install can be found here:

HMC V8 network installation images and installation instructions

Additional information

Notes:

  1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
  2. This image requires DVD -R media.
  3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
  4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.