Hardware Management Console Readme For use with HMC Version 9 Release 2 M952 Date: 17 November 2022 (C) Copyright International Business Machines Corp., 2022 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01943 <#MH01943> * PTF MH01944 <#MH01944> * Package information <#package> * List of fixes <#fixes> * Known issues and limitations <#known> * Installation <#install> Terminology *x86* - This term is used to reference the legacy HMC that runs on x86/Intel/AMD hardware for both the 7042 Machine Type appliances and the Virtual HMC that can run on the Intel hypervisors (KVM, VMWare, Xen). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MH01943 - HMC V9 R2 953.2 for 7042-CR9 Hardware or vHMC for x86_64 hypervisors (5765-HMW) This package represents an interim fix for the HMC V9 R2 M953 release for 7042-CR9 hardware or vHMC for x86_64 hypervisors. You can also reference this package by PTF MH01943 and APAR MB04372. This PTF can be installed on HMC Version 9 Release 2 M953. *Note*: This PTF supersedes MH01937. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01943_x86.iso 3716552704 d7d2d131a1aeb0e1858ff710e5fd08c5f750f81e MB04372 MH01943 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 2 Service Pack: 953 HMC Build level 2211040014 MH01933 - HMC V9R2 M953 MH01943 - iFix for HMC V9R2 M953 ","base_version=V9R2 " PTF MH01944 - HMC V9 R2 953.2 for 7063 Machine Types or vHMC for PowerVM (5765-HMB) This package represents an interim fix for the HMC V9 R2 M953 release on the 7063 machine type or vHMC for PowerVM. You can also reference this package by PTF MH01944 and APAR MB04373. This PTF can be installed on HMC Version 9 Release 2 M953. *Note*: This PTF supersedes MH01938. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01944_ppc.iso 3708522496 2cd93bb76fa4b96fa54064491f86fdf4e49a3949 MB04359 MH01944 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 2 Service Pack: 953 HMC Build level 2211040014 MH01934 - HMC V9R2 M953 MH01944 - iFix for HMC V9R2 M953 ","base_version=V9R2 " General fixes * Fixed an issue that prevented call home from working successfully. Symptoms included test call home displaying attempts at trying additional IP addresses. * Fixed a call home connection issue when a proxy is configured causing intermittent connection drop. * Fixed an an issue that prevented connection surveillance call home reporting for eBMC systems for SRCs such as B3030001, etc... * Fixed a rare timing issue where the *updlic *command would stop producing output and would display the following message, even though the updlic task is still running: /Unknown output type: from message (0x7f)./ * Fixed the ping command failing to execute after restore CCD resulting in error message: "/operation not permitted/". * Fixed an issue of reporting call home SRC E35F0013 during installation of HMC Service Pack 953. * Fixed an issue that prevented loginh for any Kerberos user * Fixed an issue with LDAP automanage setting not updating correctly after reconfiguration of LDAP. *Security fixes* * Addressed Kernel vulnerabilities: CVE-2022-1012 and CVE-2021-45485 * Addressed bind vulnerability: CVE-2021-25219 * Addressed httpd vulnerabilities: CVE-2021-33193, CVE-2021-44224 and CVE-2020-13950 * Fixed a security issue with the HMC. Known issues and limitations * Kerberos users will not be allowed to reset their expired password on the HMC when multi realm is enabled on the HMC. The workaround is assigning the default realm to the user. 1. user1 at REALM1 1. chhmc -c kerberos -s modify --defaultrealm 2. chhmc -c kerberos -s add --realm -a --kpasswdadmin 3. user1 while login via ssh will allow to reset password on HMC 2. user2 at REALM2 1. chhmc -c kerberos -s modify --defaultrealm 2. chhmc -c kerberos -s add --realm -a --kpasswdadmin 3. user2 while login via ssh will allow to reset password on HMC 3. Later set an empty value to remove the default realm to reenable user login to HMC across different realms 1. chhmc -c kerberos -s modify --defaultrealm ** Previously released fixes also included in this PTF: * * **MH01937/**MH01983** 9/27/22 * Fixed an issue that causes "Add Virtual Network" operation to fail while modifying load balance field. * Fixed an issue that causes an /error code 500/, while opening full Tasklog and shows nothing in the tasklog widget. * Increased timeout of firmware update from 2 to 4 hours to handle timeout issues that caused code update to fail. * Fixed an issue during serviceable event data sync between HMCs where an initial failure syncing data would prevent further data in that attempt to sync. * Fixed an issue causing Call Home to fail from some countries when specified as part of the Customer Information panel. * Fixed an issue preventing local console events from being serviced by a 7063-CR2. * Obscured the password logged by the *chsacfg -t ftp -o test* command and the Transmit Service Information -> Configure FTP Connections -> Enable FTP -> Perform Test action on the GUI. * Addressed Java SDK security vulnerabilities: CVE-2022-21496, CVE-2022-21434 and CVE-2021-41041 Installation Installation instructions for HMC Version 9 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 9 Updating,upgrading, and migrating your HMC machine code Instructions and images for upgrading via a remote network install can be found here: HMC V9 network installation images and installation instructions