Hardware Management Console Readme For use with HMC Version 9 Release 2 M952 Updated: 03 March 23 (C) Copyright International Business Machines Corp., 2023 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01948 <#MH01948> * PTF MH01949 <#MH01949> * Package information <#package> * List of fixes <#fixes> * Known issues and limitations <#known> * Installation <#install> Terminology *x86* - This term is used to reference the legacy HMC that runs on x86/Intel/AMD hardware for both the 7042 Machine Type appliances and the Virtual HMC that can run on the Intel hypervisors (KVM, VMWare, Xen). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MH01948 - HMC V9 R2 953.3 for 7042-CR9 Hardware or vHMC for x86_64 hypervisors (5765-HMW) This package represents an interim fix for the HMC V9 R2 M953 release for 7042-CR9 hardware or vHMC for x86_64 hypervisors. You can also reference this package by PTF MH01948 and APAR MB04376. This PTF can be installed on HMC Version 9 Release 2 M953. *Note*: This PTF supersedes MH01937 and MH01943. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01948_x86.iso 3731507200 c6f75694673b9f01017cc8ee086d79b35ac46227 MB04376 MH01948 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 2 Service Pack: 953 HMC Build level 2301130234 MH01933 - HMC V9R2 M953 MH01948 - iFix for HMC V9R2 M953 ","base_version=V9R2 " PTF MH01949 - HMC V9 R2 953.3 for 7063 Machine Types or vHMC for PowerVM (5765-HMB) This package represents an interim fix for the HMC V9 R2 M953 release on the 7063 machine type or vHMC for PowerVM. You can also reference this package by PTF MH01949 and APAR MB04377. This PTF can be installed on HMC Version 9 Release 2 M953. *Note*: This PTF supersedes MH01938 and MH01944. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01949_ppc.iso 3723773952 3561b607bbab64d14033246578a3c0ec10e4a4c1 MB04377 MH01949 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 2 Service Pack: 953 HMC Build level 2301130234 MH01934 - HMC V9R2 M953 MH01949 - iFix for HMC V9R2 M953 ","base_version=V9R2 " General fixes * Fixed an HMC performance issue causing general slowness across HMCs that have Performance and Capacity Monitoring (PCM) enabled. * Fixed an issue that causes HMC GUI to stop responding and generate SRC E35A0053. * Fixed an issue to prevent reporting SRC E3325009 arbitration error. * Fixed a timing issue that caused the HMC to lose its network settings when it was restarted. * Fixed an issue that caused SRCs E35A0083 and E332FFFF to be reported and PCM aggregated metrics to no longer be generated after DST ended. * Fix for SRC E23D0503 being called home after a reboot due to a core dump * Fixed an issue that causes /0x0314 error/ with the message /"Return code type: Failure (hard stop or user intervention required).// //Message:// //The partition does not support a required management console capability level.// //Corrective action:// //Update the partition to the latest PTF level."/ This happens when RV CM operation is performed on a machine with a MEX attached and the MEX resources are in use by IBMi partitions the first time after the system has been powered up, they will be blocked from proceeding. * Fixed an issue that causes SRC E3326701 * Fixed an issue that caused HMC GUI to display empty managed systems list with the following error: "/The HMC information could not be displayed because of an error while retrieving the information./" * Update serviceable event processing to allow for events to be processed that have invalid date strings. * Fix to prevent hdwr_svr from crashing and recovering automatically, resulting in call home SRC E23D040A. *Security fixes* * Addressed Java vulnerabilities CVE-2022-3676 , CVE-2022-21628, CVE-2022-21626, CVE-2022-21624 and CVE-2022-21619. * Addressed vulnerability: CVE-2022-43926. * Fixed an issue with running the sed command. Known issues and limitations * Kerberos users will not be allowed to reset their expired password on the HMC when multi realm is enabled on the HMC. The workaround is assigning the default realm to the user. 1. user1 at REALM1 1. chhmc -c kerberos -s modify --defaultrealm 2. chhmc -c kerberos -s add --realm -a --kpasswdadmin 3. user1 while login via ssh will allow to reset password on HMC 2. user2 at REALM2 1. chhmc -c kerberos -s modify --defaultrealm 2. chhmc -c kerberos -s add --realm -a --kpasswdadmin 3. user2 while login via ssh will allow to reset password on HMC 3. Later set an empty value to remove the default realm to reenable user login to HMC across different realms 1. chhmc -c kerberos -s modify --defaultrealm ** Previously released fixes also included in this PTF: * * **MH01943/**MH01944** 1/17/22 * Fixed an issue that prevented call home from working successfully. Symptoms included test call home displaying attempts at trying additional IP addresses. * Fixed a call home connection issue when a proxy is configured causing intermittent connection drop. * Fixed an an issue that prevented connection surveillance call home reporting for eBMC systems for SRCs such as B3030001, etc... * Fixed a rare timing issue where the *updlic *command would stop producing output and would display the following message, even though the updlic task is still running: /Unknown output type: from message (0x7f)./ * Fixed the ping command failing to execute after restore CCD resulting in error message: "/operation not permitted/". * Fixed an issue of reporting call home SRC E35F0013 during installation of HMC Service Pack 953. * Fixed an issue that prevented login for any Kerberos user . * Fixed an issue with LDAP automanage setting not updating correctly after reconfiguration of LDAP. * Addressed Kernel vulnerabilities: CVE-2022-1012 and CVE-2021-45485 * Addressed bind vulnerability: CVE-2021-25219 * Addressed httpd vulnerabilities: CVE-2021-33193, CVE-2021-44224 and CVE-2020-13950 * Fixed a security issue with the HMC. **MH01937/**MH01983** 9/27/22 * Fixed an issue that causes "Add Virtual Network" operation to fail while modifying load balance field. * Fixed an issue that causes an /error code 500/, while opening full Tasklog and shows nothing in the tasklog widget. * Increased timeout of firmware update from 2 to 4 hours to handle timeout issues that caused code update to fail. * Fixed an issue during serviceable event data sync between HMCs where an initial failure syncing data would prevent further data in that attempt to sync. * Fixed an issue causing Call Home to fail from some countries when specified as part of the Customer Information panel. * Fixed an issue preventing local console events from being serviced by a 7063-CR2. * Obscured the password logged by the *chsacfg -t ftp -o test* command and the Transmit Service Information -> Configure FTP Connections -> Enable FTP -> Perform Test action on the GUI. * Addressed Java SDK security vulnerabilities: CVE-2022-21496, CVE-2022-21434 and CVE-2021-41041 Installation Installation instructions for HMC Version 9 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 9 Updating,upgrading, and migrating your HMC machine code Instructions and images for upgrading via a remote network install can be found here: HMC V9 network installation images and installation instructions