Hardware Management Console Readme For use with Version 8 Release 8.7.0 Service Pack 2 Updated: 26 February 2019 (C) Copyright International Business Machines Corp., 2019 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01806 <#MH01806> * PTF MH01807 <#MH01807> * List of fixes <#fixes> * Known Issues <#known> * Installation <#install> PTF MH01806 This package includes a fix for HMC V8 R8.7.0 Service Pack 2. You can also reference this package by PTF MH01806 and APAR MB04192. This image can be installed on top of HMC Version 8 Release 8.7.0 Service Pack 2 with or without additional fixes. NOTE: This PTF supersedes MH01785 and MH01796. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01806_x86.iso 2640603136 95860078eed3200ef530d88d8e151315b300706d MB04192 MH01806 Splash Panel information (or lshmc -V output) version= Version: 8 Release: 8.7.0 Service Pack: 2 HMC Build level 1902190546 MH01754 - HMC 870 Service Pack 2 Release [x86_64] MH01806 - iFix for HMC V8R8.7.0 SP2 ","base_version=V8R8.7.0 " PTF MH01807 This package includes a fix for HMC V8 R8.7.0 Service Pack 2. You can also reference this package by PTF MH01807 and APAR MB04193. This image can be installed on top of HMC Version 8 Release 8.7.0 Service Pack 2 with or without additional fixes. NOTE: This PTF supersedes MH01786 and MH01797. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01807_ppc.iso 2597046272 0361856fdebdb265a25769c2c9a08f0b645c1154 MB04193 MH01807 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.7.0 Service Pack: 2 HMC Build level 1902190546 MH01755 - HMC 870 Service Pack 2 Release [ppc64le] MH01807 - iFix for HMC V8R8.7.0 SP2 ","base_version=V8R8.7.0 " * * *General fixes* * Fixed an issue that prevented users from adding additional VLAN to an existing load group using HMC GUI for systems that are not VSN (Virtual Server Network) capable. * Allow import of AIX 7.2 install resource. * Fixed an issue where 5250 console login panel for IBMi partition displays incorrect characters for zh_TW locale. *Security fixes* * Addressed krb5 vulnerabilities: CVE-2018-5730 and CVE-2018-5729 * Addressed GnuTLS vulnerabilities: CVE-2018-10845 and CVE-2018-10844 * Addressed openssl vulnerabilities: CVE-2018-0732, CVE-2018-0739 and CVE-2017-3735 * Addressed kernel vulnerability: CVE-2018-5391 * * *Known Issues:* * IE browser does not have default support of Promises. HMC symptoms include: 1. The Status of CEC being Powered On/OFF will not be updated automatically. 2. The Partition Activation status will sometimes fail to update automatically without a manual refresh. * The custom task role "hmcclientliveupdate" includes a sub-set of tasks from per-defined "hmcsuperadmin" task role. The "MigrateLPAR" task as listed in command line, "Migrate Partitions" in GUI, is missing by default in "hmcclientliveupdate" task role. To allow completion of Live Kernel Update (LKU), a HMC super administrator can add any missing required tasks such as "MigrateLPAR" using HMC GUI or command line chaccfg. Another circumvention is the following. 1. If "hmcclientliveupdate" task role is not currently used by any the users on the HMC, delete the "hmcclientliveupdate" task role. 2. Update the HMC with this PTF or service pack. Once the update mandatory reboot completes successfully the "hmcclientliveupdate" will be automatically re-created with "MigarteLPAR" included. *Previously released fixes also included in this PTF: * * * *MH01796/MH01797* 12/07/18 * Fixed an issue that caused / (root file system) to fill up due to heapdump collection E332FFFF while compressing a dump file resulting in the report of service event E212E136. * Fixed a problem that can generate service event E355092F when there are many LDAP users configured on the HMC. * Fixed an issue that caused a failure in modification of partition processor values in UI when the HMC locale uses a different decimal separator from the browser locale. * Fixed an issue that caused excessive logging for message "//opt/hsc/bin/backupLog: line 445: archiveCredMgrLogFile: command not found/". * Fixed a problem that caused the Server Adapter Id in "Edit connection panel" for virtual Fibre Channel to be created with "next available slot" even when the user specified the id information. This occurred only when the Server Adapter field was not in focus or user did not click "enter". * Added event descriptions for reference code B181BA24. * Fixed an issue where applying an HMC update would reset the lpar_rmc_comm_ifs value to default. * Fixed the system backplane image for System 9080-MHE in the system plan. * Addressed the BIND vulnerabilities: CVE-2018-5740. * Added login details such as IP address of SSH clients in secure logs. * MH01785/MH01786* 08/27/18 * Fixed an issue where opening multiple vterm applets intermittently fails after the first open. * Fixed an issue that can cause /var to fill up and report service event E212E134 when snmp is enabled. * Fixed an issue that can cause /var to fill up and report service event E212E134 when cloud connector process is running. * Fixed an issue that can cause /var to fill up and report service event due to a log rotation policy issue for ssl and httpd logs * Fixed an issue that can cause /var to fill up and report service event E212E13D under heavy use of REST APIs due to incorrect log rotation of credmgr.log. * Fixed an issue that can cause /var to fill and report service event E212E134 due to improper log rotation of journald logs. * Fixed issue with PCM dashboard showing "/no activity/" for network use when networking is configured but usage is very low. * Fixed an issue with 7063-CR1 where the HMC may fail to boot to the log on panel with "/error 1901/" and all network adapters disabled when one or more adapters are plugged into a dcbx capable switch that has dcbx enabled. * Fixed a persistence issue when the capacity field of SRIOV Adapter in Edit partition Template is reset by switching between use captured IO and do not use captured IO modes. * Added additional logic to check filesystem space during update. This prevents a potential failure in the post-reboot phase of the PTF install which can leave the HMC in an unbootable state. * Fixed an issue where non-hscroot users may experience significantly worse performance then hscroot user for the same tasks. * Fixed an issue where using the server/vios/partition "informational click-card" (/i/ icon) to turn off an attention indicator can cause unintended modifications to other properties. The unintended modifications may include deletion of in use virtual adapters resulting in an impact to running partitions/VIOS. * Apache Header fix for Qualys QID 11827 * Addressed Kerberos vulnerabilities: CVE-2017-11368 and CVE-2017-7562 * Added Security fix for openssh CVE-2017-15906 * Addressed Kernel vulnerabilities:CVE-2018-1000004, CVE-2018-6927, CVE-2017-1000410, CVE-2017-1000407, CVE-2017-18017, CVE-2017-15126, CVE-2017-15116, and CVE-2016-8633 * Addressed NTP vulnerabilities: CVE-2017-6464 and CVE-2017-6463 * Addressed OpenSSL vulnerabilities: CVE-2017-3737 and CVE-2017-3736 * Addressed glibc vulnerabilities:CVE-2017-15670, CVE-2017-12132, CVE-2015-5180, and CVE-2014-9402 Installation Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions