IBM Platform HPC 3.2 Fix 234952 Readme File

Abstract

Fix 234952 resolves Apache Struts security issues s2-020 and s2-021.

 

Description

Readme documentation for IBM Platform HPC Fix 234952 including installation-related instructions.

IBM Platform HPC 3.2 uses the Apache Struts 2 web framework. Apache Struts has two security issues: s2-020 and s2-021. Applying this fix will resolve these security issues.

Readme file for: IBM Platform HPC

Product/Component Release: 3.2

Update Name: Fix 234952

Fix ID: phpc-3.2-build234952

Publication date: 30 May 2014

Last modified date: 30 May 2014

Contents:

1.     Download location

2.     Products or components affected

3.     System requirements

4.     Installation and configuration

5.     List of files

6.     Copyright and trademark information

 

1.   Download Location

Download Fix 234952 from the following location: http://www.ibm.com/eserver/support/fixes

 

2.   Products or components affected

Affected components include: WEBGUI, PERF

 

3.   System requirements

3.1          Software requirements

Red Hat Enterprise Linux (RHEL) 6.2

SUSE Linux Enterprise Server (SLES) 11 SP1

 

3.2          Hardware requirements

x86-based hardware (AMD, Intel)

 

4.   Installation and configuration

4.1          Before installation

 

If high availability is not enabled, complete the following steps:

1.     Log into the Platform HPC management node as root.

2.     Source the environment for the previous Platform HPC installation.

    # source /opt/kusu/bin/pcmenv.sh

3.     Shut down the Web Portal and data collection monitoring.

      # pmcadmin stop

      # perfadmin stop all

 

If high availability is enabled, complete the following steps on the active management node only:

1.     Log in to the Platform HPC active management node as root.

2.     Source the environment for the previous Platform HPC installation.

    # source /opt/kusu/bin/pcmenv.sh

3.     Switch the active management node from automatic failover to manual failover.

      # kusu-failmode -m manual

4.     Stop the Web Portal and data collection monitoring.

      # pmcadmin stop

      # perfadmin stop all

 

4.2          Installation steps

 

If high availability is not enabled, complete the following steps:

1.     Extract the fix tar archive on the management node.

      # tar -xvzf phpc_3.2_234952_fix.tar.gz

2.     Install the fix from the extracted directory phpc_3.2_234952_fix.

      # ./patchinstall.sh apply

 

If high availability is enabled, complete the following steps on the active and standby management nodes:

1.     Extract the fix tar archive on the management node.

      # tar -xvzf phpc_3.2_234952_fix.tar.gz

2.     Install the fix from the extracted directory phpc_3.2_234952_fix.

      # ./patchinstall.sh apply

 

4.3          After installation

 

If high availability is not enabled, complete the following steps:

1.     Start the Web Portal and data collection monitoring.

      # pmcadmin start

      # perfadmin start all

 

If high availability is enabled, complete the following steps on the active management node only:

1.     Start the Web Portal service and data collection monitoring.

      # pmcadmin start

      # perfadmin start all

2.     Switch the active management node from manual failover to automatic failover.

      # kusu-failmode -m auto

 

4.4          Uninstallation

 

If high availability is not enabled, complete the following steps:

1.     Log into the Platform HPC management server as root.

2.     Source the environment for the previous Platform HPC installation.

    # source /opt/kusu/bin/pcmenv.sh

3.     Shut down the Web Portal and data collection monitoring.

      # pmcadmin stop

      # perfadmin stop all

4.     Uninstall the fix from the extracted directory phpc_3.2_234952_fix.

      # ./patchinstall.sh rollback

5.     Start the Web Portal and data collection monitoring.

      # pmcadmin start

      # perfadmin start all

 

If high availability is enabled, complete the following steps on the active management node only:

1.     Log in to the Platform HPC active management node as root.

2.     Source the environment for the previous Platform HPC installation.

    # source /opt/kusu/bin/pcmenv.sh

3.     Switch the active management node from automatic failover to manual failover.

      # kusu-failmode -m manual

4.     Stop the Web Portal and data collection monitoring.

      # pmcadmin stop

      # perfadmin stop all

5.     Uninstall the fix from the extracted directory phpc_3.2_234952_fix.

      # ./patchinstall.sh rollback

6.     Start the Web Portal and data collection monitoring.

      # pmcadmin start

      # perfadmin start all

7.     Switch the active management node from manual failover to automatic failover.

      # kusu-failmode -m auto

 

5.   List of files

 

|--source/

|    |--gui/

|    |    `--3.0/

|    |        `--tomcat/

|    |            `--webapps/

|    |                |--platform/

|    |                |    `--WEB-INF/

|    |                |        `--lib/

|    |                |            |--struts2-core-2.3.16.3.jar

|    |                |            |--struts2-json-plugin-2.3.16.3.jar

|    |                |            |--struts2-spring-plugin-2.3.16.3.jar

|    |                |            |--xwork-core-2.3.16.3.jar

|    |                |            |--commons-fileupload-1.3.1.jar

|    |                |            |--ognl-3.0.6.jar

|    |                |            |--commons-lang3-3.1.jar

|    |                |            |--spring-aop-3.0.5.RELEASE.jar

|    |                |            |--spring-asm-3.0.5.RELEASE.jar

|    |                |            |--spring-beans-3.0.5.RELEASE.jar

|    |                |            |--spring-context-3.0.5.RELEASE.jar

|    |                |            |--spring-context-support-3.0.5.RELEASE.jar

|    |                |            |--spring-core-3.0.5.RELEASE.jar

|    |                |            |--spring-expression-3.0.5.RELEASE.jar

|    |                |            |--spring-jdbc-3.0.5.RELEASE.jar

|    |                |            |--spring-orm-3.0.5.RELEASE.jar

|    |                |            |--spring-security-acl-2.0.8.RELEASE.jar

|    |                |            |--spring-security-core-2.0.8.RELEASE.jar

|    |                |            |--spring-security-taglibs-2.0.8.RELEASE.jar

|    |                |            |--spring-support-2.0.8.jar

|    |                |            |--spring-test-3.0.5.RELEASE.jar

|    |                |            |--spring-tx-3.0.5.RELEASE.jar

|    |                |            |--spring-web-3.0.5.RELEASE.jar

|    |                |            |--stringutils-1.0.1.jar

|    |                |--accgui/

|    |                    |--common/

|    |                    |    `--headerMsg.jsp

|    |                    |--physicalhost/

|    |                    |    |--repurposingMultiHosts.jsp

|    |                    |    |--switchPersonalityHosts.jsp

|    |                    |--policy/

|    |                    |    `--workload.jsp

|    |                    |--summary/

|    |                    |    `--accSummary.jsp

|    |                    |--WEB-INF/

|    |                        `--lib/

|    |                            |--commons-lang3-3.1.jar

|    |                            |--javassist-3.9.0.GA.jar

|    |                            |--ognl-3.0.6.jar

|    |                            |--struts2-core-2.3.16.3.jar

|    |                            |--xwork-core-2.3.16.3.jar

|    |--perf/

|        `--1.2/

|            `--lib/

|                `--commons-fileupload-1.3.1.jar

|--patchinstall.sh

|--config

    |--checkServiceScript.sh

    |--patch.conf

    |--replaceFileContext

 

6.       Copyright and trademark information

© Copyright IBM Corporation 2014

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com®are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.