Hardware Management Console Readme For use with HMC Version 9 Release 1 M942 Updated: 13 October 2021 (C) Copyright International Business Machines Corp., 2021 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01898 <#MH01898> * PTF MH01899 <#MH01899> * Package information <#package> * General and Security fixes <#fixes> * Known Issues <#known> * Installation <#install> Terminology *x86* - This term is used to reference the legacy HMC that runs on x86/Intel/AMD hardware for both the 7042 Machine Type appliances and the Virtual HMC that can run on the Intel hypervisors (KVM, VMWare, Xen). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MH01898 HMC V9 R1.942.4 - for 7042 Machine Types or vHMC for x86 hypervisors (5765-HMW) This package includes an interim fix for the HMC V9 R1 M942 service pack. You can also reference this package by PTF MH01898 and APAR MB04289. This interim fix can be installed on an existing HMC Version 9 Release 1 M942 Service Pack (PTF MH01876) installation with or without additional fix packs. NOTE: This PTF supersedes MH01879, MH01886, and MH01895. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01898_x86.iso 4186636288 a35cb62797ee9a21545391c6e4d8d1655602e4ea MB04289 MH01898 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 1 Service Pack: 942 HMC Build level 2109060506 MH01876 - HMC V9R1 M942 MH01898 - iFix for HMC V9R1 M942 ","base_version=V9R1 " PTF MH01899 HMC V9 R1.942.4 - for 7063 Machine Types or vHMC for PowerVM (5765-HMB) This package includes an interim fix for the HMC V9 R1.942.0 service pack. You can also reference this package by PTF MH01899 and APAR MB042890. This image can be installed on an existing HMC Version 9 Release 1 M942 Service Pack (PTF MH01877) installation with or without additional fix packs. NOTE: This PTF supersedes MH01880, MH01887, and MH01896. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01899_ppc.iso 4167688192 f96645abe63a229157e1323b65a027eb6be1491a MB04290 MH01899 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 1 Service Pack: 942 HMC Build level 2109060506 MH01877 - HMC V9R1 M942 MH01899 - iFix for HMC V9R1 M942 ","base_version=V9R1 " *General fixes* * Fixed an issue where *sed *command did not work correctly after MH01895 install. * Fixed issue of Nessus reporting 11411 Backup Files Disclosure CGI abuses. * Fixed an issue that prevented hardware events from the x86 platform from being reported correctly with SRC E3551230. Components could fail with no notification to the user. * Fixed an issue that prevented Save Upgrade Data from collecting profile data backups for the systems. *Security fix* * Fixed Cross-Site Scripting issue with HMC legacy panels. *Known Issues * * A power enterprise pool may be deleted from the HMC during a restart of the HMC. This issue is very rare. To recover, set another HMC as primary and add the HMC back to the pool or use the *chcodpool –o recover* command . * Stale vNIC mapping data may be used during a remote restart, disaster recovery (DR) restart, or Simplified Remote Restart (SRR) if the respective vnic backing device has been modified using dlpar. To recover, issue rebuild server operation after performing dlpar on a vnic backing device. * If a Remote Restart (RR) operation fails validation on a dual HMC managed server, the HMCs may display an incorrect remote restart state of source remote restarting instead of remote restartable. Use the rrstartlpar –o recover command to recover the state. * When two UI DLPAR operations are performed on same partition, the second DLPAR operation may roll back changes of the first DLPAR operation. Circumvention: If multiple sessions are used, refresh the processor or memory panel prior to performing DLPAR. * If current encryption in webui cipher is set to only one cipher TLS_DHE_RSA_WITH_AES_128_GCM_SHA25, the HMC will not work with error diplayed as SSL_ERROR_NO_CYPHER_OVERLAP. Adding back the other removed ciphers manually will solve the problem. *Previously released fixes also included in this PTF: * *MH01895/MH01896* 07/16/21 * Fix to HMC startup resulting in the HMC GUI being inaccessible. Symptoms include the local console hanging at the grid screen and remote web access returning "Service Unavailable" when attempting to connect. * Fixed an issue that prevented the network busy dialog from closing at the local console. Clicking the upper right X would force close the window. * Fixed an issue that can cause the HMC to lose connections to all servers for a brief time with service events E2FF1409 and E23D040A being reported. This will cause all running server tasks such as server firmware upgrade to fail. * Fixed an issue where server hardware discovery information initiated by one HMC is not immediately available on a second HMC. * Fixed an issue that can cause SRC E212E161 to be reported for HmcRmc.properties. * Fixed an issue where Electronic Service Agent (ESA) files are not deleted after being transmitted to IBM causing root file system ("/") to exceed 85% used and E212E136 to be reported. * Fixed an issue where the HMC is unable to start up completely, instead hanging at the grey "grid screen" with no login, due to a bad read of a log file that occurred from an earlier abnormal termination. * Fixed an issue where saveupgdata or bkconsdata command may fail with rc 1 due to rpm database issue. * Fixed an issue to prevent re-reporting of old BMC events when a BMC reset occurs at runtime. * Fixed an issue where the external links on the HMC logon page do not suppress "referer" information. This may be reported by scan tools as CWE-200 or SI-11. * Addressed restricted shell vulnerability: CVE-2021-29707 * Addressed bind vulnerability: CVE-2021-25215 * After apply of this PTF, the webui cipher list is reset to the default values. Users that have modified the cipher list should record the ciphers prior to apply of the PTF, then restore the ciphers after the mandatory reboot. The commands *lshmcencr *and *chhmcecnr *can be used to record or modify ciphers. * The commands *alias *and *unalias *have been removed from restricted shell. * The restricted shell *sed *command has been modified to restrict certain escape characters. *MH01886/MH01887* 04/09/21 * Fixed issues with viewing PCM settings or dashboard due to incomplete installation of postgress with incorrect file permissions. * Fixed an issue that caused the lshwres command for listing SR-IOV logical ports to fail with "/HSCL8016 An unknown error occurred while trying to perform this command./" The command only failed when run with the -F option on Power9 systems with FW930 or earlier and on Power7 and Power8 systems. * Fixed additional rpm command hang issues in ppc HMC. Symptoms include hangs running pedbg collection and backup console data (*bkconsdata*). The workaround is to cancel the hung task (or reboot hmc) then log in as user hscpe with role hmcpe and execute "*runsig -s 700*" to clear the rpm lock. * The timeout value for the time allowed from launching the Open Terminal Window task to connecting the vterm application is increased to 2 minutes * Fixed an issue that caused the Create System Plan GUI task and the *mksysplan *command to fail with "/not a hexadecimal character/" when a virtual switch name contains a forward slash ‘/’ character. * Fixed an issue to prevent the HMC from calling home with SRC E212E161 * Fixed an issue that caused a startup failure of the postgres database everytime HMC was rebooted. Symptoms include call home reporting of SRC E35A0020 and error "/javax.ws.rs.ext.MessageBodyReader/” when navigating to the PCM GUI panels. * Fixed an issue with the REST call "//rest/api/uom/ManagedSystem?hwinventory=true/" that does not return the results of the PowerSupplies and FANs for servers at FW950. * Circumvented a rare issue that caused the GUI and command line to become unresponsive on an HMC that is the master HMC for a Power enterprise pool * IBM SDK, Java Technology Edition Quarterly update *MH01879/MH01880* 02/12/21 * Fixed an issue that caused call home SRCs E212E136 and E332FFFF Symptoms include performance degradation leading to one or more of the HMC services no longer responding. Other possible SRCs after longer run time are E212E161 and E212E114, * Fix rare rpm command hang issue in ppc HMC . Symptoms include hangs installing HMC corrective service PTFs, running pedbg collection and installing server firmware updates. If this issue is encountered during this PTF installation, the workaround is to cancel the hung task (or reboot hmc) then log in as user hscpe with role hmcpe and execute "runsig -s 700" to clear the rpm lock. Then reattempt the install. * Fix error while formatting USB device from GUI resulting in /Error!! Format USB flash memory drive was not completed successfully. /The CLI formatmedia option would succeed * Fix for PCM getting disabled when managed system is power recycled requiring manual renablement of PCM for the system. * Fixed an issue causing the PCM service to report SRC E35A0083 repeatedly indicating it has exceeded the memory threshold. * Fixed an issue that caused the used bond interfaces to be incorrectly listed under list of Available Adapters while creating/editing bond interface. * Fix to retain the label e for the USB memory device when formatted using Japanese language. * Fixed an issue with HMC backup and update functionalities when the SFTP password contains spaces resulting in error message: /An incorrect user ID and password or key combination was entered. Specify a valid user ID and password or key and try the command again./ * Fixed the NullPointerException issue when connection drops due to a network glitch while handling NVRAM change eventually resulting in callhome SRC E3550046. * Fixed the *chlickey *command to handle an extra newline at the end of license key file resulting in error message: "/The file lickeyfile.txt contains license key information that is not valid./" * Improved error message to be more meaningful (HSCL1584) when Live Update fails due to user’s access restrictions to resources resulting in message: "/HSCL8016 An unknown error occurred while trying to perform this command. Retry the command. If the error persists, contact your software support representative./" * Fixed an issue that doesn’t allow editing the load sharing option when the failover is already enabled before launching Edit Network Bridge Window. * Fix NullPointerException observed when firewall is enabled in bond configuration when all ethernet interfaces are consumed for creating network bonds. * Fix for 'Backup Management Console data' which shows running on task panel even after the user then selected to restore the data and rebooted the console. * Latest Cloud Connector has been included for compatible with CMC. * Addressed the BIND vulnerabilities: CVE-2020-8622, CVE-2020-8623 and CVE-2020-8624 * Addressed the openSSL vulnerabilities: CVE-2020-1971 Installation Installation instructions for HMC Version 9 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 9 Updating,upgrading, and migrating your HMC machine code Instructions and images for upgrading via a remote network install can be found here: HMC V9 network installation images and installation instructions