Hardware Management Console Readme For use with Version 8 Release 8.6.0 Service Pack 2 Updated: 25 January 2018 (C) Copyright International Business Machines Corp., 2018 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01731 <#MH01731> * Package information <#package> * List of fixes <#fixes> * Installation <#install> PTF MH01731 This package includes fixes for HMC Version 8 Release 8.6.0 Service Pack 2. You can reference this package by APAR MB04118 and PTF MH01731. This image must be installed on top of HMC Version 8 Release 8.6.0 Service Pack 2 (PTF MH01690) with or without additional fixes. *Note*: This PTF supersedes MH01716 and MH01722. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01731.iso 1646215168 9e9be751dc6dd75acc79e5551672862db0aa0132 MB04118 MH01731 Splash Panel information (or lshmc -V output) "version= Version: 8 ?Release: 8.6.0 ?Service Pack: 2 HMC Build level 20171211.1 MH01731: Fix for HMC V8R8.6.0 SP2 (12-11-2017) ","base_version=V8R8.6.0 " List of fixes *Security Fixes* * Fixed?HTTPD vulnerabilities: CVE-2017-9798, CVE-2017-9788, CVE-2017-7679, CVE-2017-3169, CVE-2017-7668 and CVE-2017-3167 * Fixed NSS vulnerabilities: CVE-2017-7805 * Fixed Open SSH vulnerabilities: CVE-2016-6210, CVE-2016-6515, CVE-2016-10012, CVE-2016-10009 and CVE-2016-10011 * Fixed GnuTLS vulnerabilities: CVE-2017-7869 CVE-2017-7507 CVE-2017-5337 CVE-2017-5336 CVE-2017-5335 CVE-2017-5334 CVE-2016-7444 * Fixed OGNL Expression Injection vulnerability. * Fixed cross frame scripting vulnerability. *General fixes* * Allow the HMC local console session to start after the certificate has expired. * Fixed an issue where update customer information for call home results in a scheduled operation producing SRC E3D46FFF due to errors when attempting to fetch call home related CEC credentials. * Prevent the call home of SRC E212E306. * Fixed an issue with the enhanced GUI Add Virtual Network task where clicking the Next button when creating a new network bridge with load balancing enabled has no effect, preventing the user from being able to finish the task. * Fixed an issue that can cause the /var/log/btmp file to keep growing, which can lead to serviceable event E212E134 and the /var filesystem becoming full. This problem only occurs on HMCs that have large numbers of commands being run via ssh. * Corrected the label for "Active Memory Expansion" in properties menus to remove the Power7 only part. Enabled the ability to change the AME factor in the partition properties advanced settings panel when AME was enabled prior to lpar activation. * Fixed an HMC performance issue with the PCM dashboard where if the user closes the window without using the "close button" (i.e. by closing or terminating the browser window instead) leads to symptoms such as: multiple reports of E332FFFF, hang of CLI commands, slow HMC response and eventual hang requiring a reboot. *Previously released fixes also included in this PTF: * * MH01722* 10/26/17 * Fixed reflected cross-site scripting vulnerabilities. * Fixed gnutls vulnerabilities: CVE-2017-7869, CVE-2017-7507, CVE-2017-5337, CVE-2017-5336, CVE-2017-5335, CVE-2017-5334, and CVE-2016-7444 * Fixed an issue with the retention of call home data in the /opt/ccfw/data/vr directory to prevent call home SRC E212E136. * Fixed an issue resulting in empty file when downloading HMC performance data using non-English browser. * Added new chhmcldap option, --authsearch, to modify post-authentication search behavior. See chhmcldap man page for additional details. * Fixed an issue that caused false reports of call home serviceable events E212E30x. * Fixed another occurrence of the generation and call home of SRC E3D46FFF due to a scheduled change credential password task that no longer is needed. This occurred after updating the customer information on the HMC . * Fixed a problem where attempting to launch the ASM interface for a frame returned error "/HTTP Status Code: 408/". * Fixed an issue where the classic GUI hangs and user is eventually disconnected from the session during the install of HMC updates. * Fixed an issue with the enhanced UI that prevented the user from changing "Partition Start Policy" when the system is in Power off state. * MH01716* 08/24/17 * Fixed HTTPD vulnerabilities: CVE-2016-0736, CVE-2016-2161 and CVE-2016-8743 * Fixed libtirpc vulnerability: CVE-2017-8779 * Fixed kernel vulnerabilities: CVE-2015-8374, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2117, CVE-2016-2847, CVE-2016-3156, CVE-2016-5828, and CVE-2016-10229 * Fixed BIND vulnerabilities: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138, CVE-2017-3139, CVE-2017-3142 and CVE-2017-3143 * Fixed IBM WebSphere Application Server vulnerability: CVE-2017-1194 * Eabled support for redundant MSPs for partition migration and validation operations and for virtual NIC failover. These functions were disabled after installing SP2 (PTF MH01690). Symptoms include: o vNIC adapters existing prior to update are not displayed in the GUI if they are defined with more than one backing device. o The ability to add additional backing devices to new vNIC adapters created after update is missing in the GUI. o Activation of partition(s) fail with the following error: "/HSCLAB30 The managed system does not support virtual NIC failover./" if the profile contains vNICs that have multiple backing devices defined. o Redundant MSP usage for partition migration and validation operations is not possible. * Enabled support for JNLP based VTERMs. This function was disabled after installing SP2 (PTF MH01690). Without this fix newer browsers may not launch the legacy vterm applet. * Fixed an issue that caused the enhanced GUI to fail with a 500 "/Unknown internal error/" when displaying partitions with virtual NIC adapters and can cause some options for modifying or deleting virtual NIC adapters to be grayed out or missing. This issue only occurs when one of the virtual NIC backing devices has an invalid Virtual I/O Server ID of 65,535. * Prevent the generation and call home of SRC E3550800 due to a timing issue. * Corrected the feature code and CCIN shown on the HMC for the adapter with feature code 57D8 (IBM PCIe3 x8 Cache SAS RAID Internal Adapter 6Gb). * Fixed an issue that caused the updhmc -t nfs command to fail intermittently with the error "/An error was detected while mounting the remote server. Verify the parameters have been entered correctly and try the operation again/." * Fixed a problem that always caused the mkauthkeys command to silently fail when the -u option was specified. This issue prevents users from adding SSH keys for other users but does not prevent a user from adding an SSH key for the user they are currently logged in as. * Fixed reference code links in the enhanced GUI to open a window containing reference code details when clicked. * Fixed a problem preventing the Recover Partition Data task from restoring the maximum and reserved processing unit settings for shared processor pools. * Fixed an issue where enabling inbound VPN connections on the HMC always fails. * Fixed an issue causing the generation and call home of SRC E3321007 after updating the HMC. This issue also can cause data collection for other call home events to fail, preventing the events from being called home or from sending the necessary data. * Updated the certificate expiration date for the vterm applet. Installation Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions