Hardware Management Console Readme For use with HMC Version 10 Release 2 M1023 Date: 12 April 2024 (C) Copyright International Business Machines Corp., 2024 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MF71681 <#MF71681> * PTF MF71682 <#MF71682> * Package information <#package> * Fixes Included <#fixes> * Installation <#install> Terminology *x86* - This term is used to reference the Intel hypervisors (KVM, VMWare, Xen) on which Virtual HMC can be installed. *Note*: HMC V10R1 release for x86 is not supported on bare metal (7042 hardware appliances). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MF71681 HMC V10 R1 M1023.1 - for vHMC for x86_64 hypervisors (5765-VHX) This package represents an interim fix for the HMC V10 R1 M1023 for vHMC on x86_64 hypervisors. You can also reference this package by APAR MB04446 and PTF MF71681. This PTF can be installed on HMC V10 R2 M1023. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MF71681_x86.iso 4583432192 32400947a2a209e5947043c9c334456f97a223e4 MB04446 MF71681 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 1 Service Pack: 1023 HMC Build level 2404040756 MF71508 - HMC V10R1 M1023 MF71681 - iFix for HMC V10R1 M1023 ","base_version=V10R1 " PTF MF71682 HMC V10 R1 M1023.1 - for 7063 Hardware or vHMC for PowerVM (5765-HMB) This package represents an interim fix for the HMC V10 R1 M1023 on 7063 machine type or vHMC for PowerVM. You can reference this package by APAR MB04447 and PTF MF71682. This PTF can be installed on HMC V10 R2 M1023. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MF71682_ppc.iso 4573274112 bd39aacda538d018215aa83b48ebf7baf5d65742 MB04447 MF71682 Splash Panel information (or lshmc -V output) "version= Version: 10 Release: 1 Service Pack: 1023 HMC Build level 2404040756 MF71509 - HMC V10R1 M1023 MF71682 - iFix for HMC V10R1 M1023 ","base_version=V10R1 " *General fixes* * Fixed the Call home management Outbound connectivity test to show the IP addresses using DNS resolution of esupport.ibm.com. * Fixed an issue causing the sed command to fail when a command argument contains a dash. *Security fixes* * Fixed SSH vulnerability: CVE-2023-48795 * Fixed nghttp2 vulnerability: CVE-2023-44487 * Fixed libssh vulnerabilities: CVE-2023-1667 and CVE-2023-2283 * Fixed libxml2 vulnerabilities: CVE-2023-28484 and CVE-2023-29469 * Fixed Java vulnerabilities: CVE-2023-33850, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, and CVE-2024-20952 * Fixed Apache Tomcat vulnerabilities: CVE-2024-23672 and CVE-2024-24549 Best Practices * Use Kerberos realm name that follow the standard naming structure. For example, DNS domain name in uppercase. * User sessions - The following best practices helps avoid performance degradations gradually over a period of time due to increased login sessions as well as security vulnerabilities such as unauthorized access to the active HMC sessions. o It is a best practice to logoff from HMC UI and then close the browser tab instead of directly closing the tab o Set Idle session timeout for all the users and not leave the timeout as '0' which leaves it as no timeout. Installation Installation instructions for HMC Version 10 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 10 Updating, upgrading, and migrating your HMC machine code Update(s) for HMC V10R1M1010