IBM Platform HPC 3.2 Fix 234952 Readme File
Abstract
Fix 234952 resolves Apache Struts security issues s2-020 and s2-021.
Description
Readme documentation for IBM Platform HPC Fix 234952 including installation-related instructions.
IBM Platform HPC 3.2 uses the Apache Struts 2 web framework. Apache Struts has two security issues: s2-020 and s2-021. Applying this fix will resolve these security issues.
Readme file for: IBM Platform HPC
Product/Component Release: 3.2
Update Name: Fix 234952
Fix ID: phpc-3.2-build234952
Publication date: 30 May 2014
Last modified date: 30 May 2014
Contents:
1. Download location
2. Products or components affected
3. System requirements
4. Installation and configuration
5. List of files
6. Copyright and trademark information
1. Download Location
Download Fix 234952 from the following location: http://www.ibm.com/eserver/support/fixes
2. Products or components affected
Affected components include: WEBGUI, PERF
3. System requirements
3.1 Software requirements
Red Hat Enterprise Linux (RHEL) 6.2
SUSE Linux Enterprise Server (SLES) 11 SP1
3.2 Hardware requirements
x86-based hardware (AMD, Intel)
4. Installation and configuration
4.1 Before installation
If high availability is not enabled, complete the following steps:
1. Log into the Platform HPC management node as root.
2. Source the environment for the previous Platform HPC installation.
# source /opt/kusu/bin/pcmenv.sh
3. Shut down the Web Portal and data collection monitoring.
# pmcadmin stop
# perfadmin stop all
If high availability is enabled, complete the following steps on the active management node only:
1. Log in to the Platform HPC active management node as root.
2. Source the environment for the previous Platform HPC installation.
# source /opt/kusu/bin/pcmenv.sh
3. Switch the active management node from automatic failover to manual failover.
# kusu-failmode -m manual
4. Stop the Web Portal and data collection monitoring.
# pmcadmin stop
# perfadmin stop all
4.2 Installation steps
If high availability is not enabled, complete the following steps:
1. Extract the fix tar archive on the management node.
# tar -xvzf phpc_3.2_234952_fix.tar.gz
2. Install the fix from the extracted directory phpc_3.2_234952_fix.
# ./patchinstall.sh apply
If high availability is enabled, complete the following steps on the active and standby management nodes:
1. Extract the fix tar archive on the management node.
# tar -xvzf phpc_3.2_234952_fix.tar.gz
2. Install the fix from the extracted directory phpc_3.2_234952_fix.
# ./patchinstall.sh apply
4.3 After installation
If high availability is not enabled, complete the following steps:
1. Start the Web Portal and data collection monitoring.
# pmcadmin start
# perfadmin start all
If high availability is enabled, complete the following steps on the active management node only:
1. Start the Web Portal service and data collection monitoring.
# pmcadmin start
# perfadmin start all
2. Switch the active management node from manual failover to automatic failover.
# kusu-failmode -m auto
4.4 Uninstallation
If high availability is not enabled, complete the following steps:
1. Log into the Platform HPC management server as root.
2. Source the environment for the previous Platform HPC installation.
# source /opt/kusu/bin/pcmenv.sh
3. Shut down the Web Portal and data collection monitoring.
# pmcadmin stop
# perfadmin stop all
4. Uninstall the fix from the extracted directory phpc_3.2_234952_fix.
# ./patchinstall.sh rollback
5. Start the Web Portal and data collection monitoring.
# pmcadmin start
# perfadmin start all
If high availability is enabled, complete the following steps on the active management node only:
1. Log in to the Platform HPC active management node as root.
2. Source the environment for the previous Platform HPC installation.
# source /opt/kusu/bin/pcmenv.sh
3. Switch the active management node from automatic failover to manual failover.
# kusu-failmode -m manual
4. Stop the Web Portal and data collection monitoring.
# pmcadmin stop
# perfadmin stop all
5. Uninstall the fix from the extracted directory phpc_3.2_234952_fix.
# ./patchinstall.sh rollback
6. Start the Web Portal and data collection monitoring.
# pmcadmin start
# perfadmin start all
7. Switch the active management node from manual failover to automatic failover.
# kusu-failmode -m auto
5. List of files
|--source/
| |--gui/
| | `--3.0/
| | `--tomcat/
| | `--webapps/
| | |--platform/
| | | `--WEB-INF/
| | | `--lib/
| | | |--struts2-core-2.3.16.3.jar
| | | |--struts2-json-plugin-2.3.16.3.jar
| | | |--struts2-spring-plugin-2.3.16.3.jar
| | | |--xwork-core-2.3.16.3.jar
| | | |--commons-fileupload-1.3.1.jar
| | | |--ognl-3.0.6.jar
| | | |--commons-lang3-3.1.jar
| | | |--spring-aop-3.0.5.RELEASE.jar
| | | |--spring-asm-3.0.5.RELEASE.jar
| | | |--spring-beans-3.0.5.RELEASE.jar
| | | |--spring-context-3.0.5.RELEASE.jar
| | | |--spring-context-support-3.0.5.RELEASE.jar
| | | |--spring-core-3.0.5.RELEASE.jar
| | | |--spring-expression-3.0.5.RELEASE.jar
| | | |--spring-jdbc-3.0.5.RELEASE.jar
| | | |--spring-orm-3.0.5.RELEASE.jar
| | | |--spring-security-acl-2.0.8.RELEASE.jar
| | | |--spring-security-core-2.0.8.RELEASE.jar
| | | |--spring-security-taglibs-2.0.8.RELEASE.jar
| | | |--spring-support-2.0.8.jar
| | | |--spring-test-3.0.5.RELEASE.jar
| | | |--spring-tx-3.0.5.RELEASE.jar
| | | |--spring-web-3.0.5.RELEASE.jar
| | | |--stringutils-1.0.1.jar
| | |--accgui/
| | |--common/
| | | `--headerMsg.jsp
| | |--physicalhost/
| | | |--repurposingMultiHosts.jsp
| | | |--switchPersonalityHosts.jsp
| | |--policy/
| | | `--workload.jsp
| | |--summary/
| | | `--accSummary.jsp
| | |--WEB-INF/
| | `--lib/
| | |--commons-lang3-3.1.jar
| | |--javassist-3.9.0.GA.jar
| | |--ognl-3.0.6.jar
| | |--struts2-core-2.3.16.3.jar
| | |--xwork-core-2.3.16.3.jar
| |--perf/
| `--1.2/
| `--lib/
| `--commons-fileupload-1.3.1.jar
|--patchinstall.sh
|--config
|--checkServiceScript.sh
|--patch.conf
|--replaceFileContext
6. Copyright and trademark information
© Copyright IBM Corporation 2014
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and ibm.com®are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.