Hardware Management Console Readme For use with HMC Version 10 Release 2 M1041 Date: 08 December 2023 (C) Copyright International Business Machines Corp., 2023 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MF71408 <#MF71408> * PTF MF71409 <#MF71409> * Package information <#package> * Fixes included <#fixes> * Known Issues <#known> * Installation <#install> Terminology *x86* - This term is used to reference the Intel hypervisors (KVM, VMWare, Xen) on which Virtual HMC can be installed. *Note*: HMC V10R2 release for x86 is not supported on bare metal (7042 hardware appliances). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MF71408 HMC V10 R2 M1041.2 - for vHMC for x86_64 hypervisors (5765-VHX) This package represents an interim fix for HMC V10 R2 M1041 for vHMC on x86_64 hypervisors. You can also reference this package by APAR MB04429 and PTF MF71408. This PTF can be installed on HMC V10 R2 M1041. Note: This PTF supersedes MF71298. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MF71408_x86.iso 2414393344 5a8b9fbf1125d2730b52dad94989102858d692ec MB04429 MF71408 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 2 Service Pack: 1041 HMC Build level 2311290122 MF71190 - HMC V10R2 M1041 MF71408 - iFix for HMC V10R2 M1041 ","base_version=V10R2 " PTF MF71409 HMC V10 R2 M1041.2 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) This package represents an interim fix for HMC V10 R2 M1041 on 7063 machine type or vHMC for PowerVM. You can reference this package by APAR MB04423 and PTF MF71409. This PTF can be installed on HMC V10 R2 M1041. Note: This PTF supersedes MF71299. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MF71409_ppc.iso 2403944448 c783eda4a19c68802d7b54703127433c52db0442 MB04430 MF71409 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 2 Service Pack: 1041 HMC Build level 2311290122 MF71191 - HMC V10R2 M1041 MF71409 - iFix for HMC V10R2 M1041 ","base_version=V10R2 " *General fixes* * Fixed an issue that would cause a Linux partition running in the Power10 processor compatibility mode to fail remote restart or disaster recovery validation on a POWER9 processor-based destination system. * Fixed an issue that called home SRC (E3D46FFF) for a problem that is closed or duplicated automatically by the backend. *Security fix* * Fixed bind vulnerability: CVE-2022-2795. * Fixed httpd vulnerability: CVE-2023-25690. * Fixed Java vulnerability: CVE-2023-22049. * Fixed Apache Tomcat vulnerabilities: CVE-2023-45648, CVE-2023-42795, and CVE-2023-46589. *Known Issues* * Incorrect values are shown in the Storage I/O usage column on the Usage page of the Systems and Partitions tables in the new GUI dashboard. * If log in to the HMC GUI is failing with this error for LDAP or auto-managed users: Error: "/Logon Error: Invalid credential or Timeout. Please try again after some time, if it repeats, please follow troubleshooting steps from IBM support/." Use the following troubleshooting steps: o Check whether the user is LDAP or auto-managed authentication type. o If so, run the following command to change the LDAP configuration: chhmcldap -o s --timelimit 30 --bindtimelimit 20 o If log in to the GUI still fails, run the following command: chhmcldap -o s --timelimit 30 --bindtimelimit 10 **Previously released fixes also included in this PTF: * * *MF71298/MF71299* 09/23/23 * Added additional call home logging for SRC E212E161 when too many open files are detected on the HMC. * System and partition description fields are now restricted to ASCII characters only. If you have an existing system or partition description that contains non-ASCII characters, please update it to contain only ASCII characters. On FSP-based systems, a non-ASCII character in a system or partition description field can cause the display of system settings or partition properties on the GUI to fail with an error. On eBMC-based systems, a non-ASCII character in a system or partition description field can cause the system to transition into Recovery state and after recovered to transition into Recovery state on the other HMC in a dual HMC environment. * Added a workaround to prevent the Firefox browser on the local HMC console from attempting to connect to Google addresses such as "201.181.244.35.bc.googleusercontent.com". The workaround is to disable DNS in Firefox. To disable DNS in Firefox and relaunch the Firefox browser on the local console, log in as user hscpe with role hmcpe and run "*runsig -s 711*" in the restricted shell. To reenable DNS in Firefox and relaunch the Firefox browser on the local console, log in as user hscpe with role hmcpe and run "*runsig -s 712*”. * Fixed an issue causing the *asmmenu *command to always fail to launch the ASM menu window and the following Firefox error to pop up instead: "/Firefox is already running but is not responding. To use Firefox, you must first close the existing Firefox process, restart your device, or use a different profile/. * Fixed vulnerability: CVE-2023-38280. Removed support for all sed command options in the restricted shell. Installation Installation instructions for HMC Version 10 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 10 Updating, upgrading, and migrating your HMC machine code Update(s)for HMC V10R2M1041