Hardware Management Console Readme

For use with HMC Version 7 Release 7.3.0 Service Pack 7

Date: August 12, 2016

Contents

The information in this Readme contains the fix list and other package information about the Hardware Management Console.

PTF MH01643

This package includes a fix for HMC Version 7 Release 7.3.0 Service Pack 7.  You can reference this package by APAR# MB04021 and PTF MH01643. This image can be installed on top of HMC Version 7 Release 7.3.0 Service Pack 7 (MH01456) with or without additional fixes.

Note: This PTF supersedes PTF MH01500, MH01503, MH01517, MH01535, MH01547, MH01569, MH01577, MH01596, MH01604, MH01613, MH01621, and MH01634.
Package information
Package name Size Checksum (sha1sum) APAR# PTF#
MH01643.iso  843165696 c369670b2951b5ea40d9a0d3b62e754e078d34fb
 MB04028 MH01643
Splash Panel information (or lshmc -V output)
"version= Version: 7
 Release: 7.3.0
 Service Pack: 7
HMC Build level 20160804.1
MH01621: security updates (04-15-2016)
MH01634: security updates (06-16-2016) 
MH01643: security updates (08-05-2016)
","base_version=V7R7.3.0
"

Known Issues

List of fixes

Security Fix
General Fixes

Previously released fixes also included in this PTF:





MH01634
06/23/16
  • Added functionality to the chhmc command to allow an admin to set a grub password at bootup.
  • Fixed openSSL vulnerabilities:  CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, and CVE-2016-2109
  • Fixed Java vulnerability: CVE-2016-3426
  • Fixed Power Hardware Management Console vulnerability: CVE-2016-0230
  • Fixed a data capture issue when the call home SRC may not present when a merge occurs.
  • Fixed an issue where tracepipe crashed.
  • Fixed an issue with chhmc where adding a name server failed silently.


MH01621
05/16/16
  • Fixed OpenSSL security vulnerabilities: CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797
  • Fixed Tomcat vulnerabilities: CVE 2015-5174,CVE-2015-5345,  CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
  • Fixed a security issue with HMC restricted shell

MH01613
03/15/16

  • Fixed Java vulnerability: CVE-2016-0448
  • Enhanced memory useage to improve performance and avoid  a possible out of memory condition that results in serviceable event E332FFFF.
  • Fixed an issue where HMC calls home serviceable event E212E112 that the DSIZE of the getInterfaceTSO process had gone over threshold.
MH01604
02/17/16

  • Fixed multiple OpenSSH vulnerabilities involving the ssh client "Roaming" feature: CVE-2016-0777 and CVE-2016-0778


MH01596
01/25/16
  • Fixed multiple OpenSSL Vulnerabilities: CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794
  • Fixed multiple Java Vulnerabilities: CVE-2015-4843, CVE-2015-4868, CVE-2015-4806, CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4842, and CVE-2015-4803

MH01577
  12/04/15

  • Enhanced Repair & Verify DCCA exchange procedures for IBM POWER 775 systems
  • Enhanced Repair & Verify exchange/remove procedures for the WCU control valve for IBM POWER 775 systems
  • Fixed  openssh vulnerability: CVE-2015-5600

MH01569
10/16/15

  • Fixed net-snmp vulnerability: CVE-2014-3565
  • Fixed glibc vulnerability: CVE-2014-8121   


MH01547
08/12/15
  • Fixed multiple Java vulnerabilities: CVE-2015-4733, CVE-2015-4732, CVE-2015-2590, CVE-2015-4731, CVE-2015-4748, CVE-2015-2664, CVE-2015-2621, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, and CVE-2015-1931
  • Fixed multiple openssl vulnerability: CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-3216
  • Fixed NTP vulnerabilities: CVE-2015-1799 and CVE-2015-3405








MH01535
07/14/15
 Known Issues:
  • The install may fail on HMCs that have a certificate signed with a weak signature algorithm.  Users can verify the HMC Certificate Signature Algorithm and update the certificate if needed prior to installing this PTF. For further information and instructions on preventing or resolving the issue see: 
    http://www.ibm.com/support/docview.wss?uid=nas8N1020801
  • Beginning June 30, 2015, a new server is required for customers using Electronic Service Agent on the HMC to Call Home to IBM.  Ensure any external firewall allows https connection to new server IP 129.42.50.224.  For a list of all required IP addresses and ports see the whitepaper "ESA for HMC Connectivity Security for IBM POWER6, POWER7 and POWER8 Processor-Based Systems and IBM Storage Systems DS8000" available at:
    http://www-01.ibm.com/support/esa/security.htm
Security Fixes
  • Fixed multiple Java vulnerabilities: CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0478, CVE-2015-0477, CVE-2015-1916
  • Fixed multiple Heap Buffer Overflow, “Zero Day”, Vulnerabilities:  CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636
  • Fixed httpd and openssl “Logjam” vulnerability: CVE-2015-4000
General Fixes
  • Updated the code signing certificate for the vterm applet






MH01517
05/11/2015

Security Fixes

  • Fixed multiple vulnerabilities in OpenSSL: CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
  • Fixed multiple vulnerabilities in Tomcat:
    • CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
    • CVE-2014-0230
    • CVE-2013-4444
    • CVE-2014-0227
  • Fixed multiple vulnerabilities in glibc: CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472

General fixes

  • RC4 based ciphers have been disabled.

MH01503
04/11/2015
  • CVE-2015-0204 (Freak)



MH01500
03/09/2015

Security Fixes

  • Fixed multiple vulnerabilities in Network Time Protocol (NTP): (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9297, CVE-2014-9298)
  • Fixed multiple vulnerabilities in IBM Java SDK: (CVE-2015-0410, CVE-2014-6593)

General fixes

  • Fixed an issue where the java applet causes the HMC console to stop responding to input when a vterm is open for a long time and/or when F10 is pressed in the vterm

Back to top

Installation

Installation instructions for HMC Version 7 upgrades, updates and corrective service can be found at these locations:

Installation methods for HMC Version 7 updates and fixes

Upgrading or restoring HMC Version 7

Instructions and images for upgrading via a remote network install can be found here (for all HMC releases):

HMC network installation images

Additional information

Notes:

  1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service.
  2. This image requires DVD -R media.
  3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted.
  4. The updhmc command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example:
    updhmc -t s -h <myservername> -f </home/updates/corrrective_service.iso> -u <HMC_username> -i

In all cases, the HMC application extracts the files needed to install the corrective service.

Back to top