Readme File for IBM® Spectrum
Symphony 7.2 Interim Fix 475561
Readme File for: IBM Spectrum Symphony
Product Release: 7.2
Update Name: Interim Fix 475561
Fix ID: sym-7.2-build475561
Publication Date: November 22, 2017
A security vulnerability
is reported for Cross Frame Scripting - version 2 (XFSv2) included in IBM
Spectrum Symphony 7.2 that allows application pages to be captured within a
frame from another server. This interim fix adds the X-Frame-Options header to
provide a resolution for this issue.
Contents
1.
List of fixes
2.
Download location
3.
Product and components affected
4.
Installation and configuration
5. Uninstallation
6. List
of files
7.
Copyright and trademark information
1.
List of fixes
APAR: P102425
2.
Download location
Download interim fix
475561 from the following location https://www.ibm.com/eserver/support/fixes/
3.
Product and components affected
Component name,
Platform, Fix ID:
PMC, Linux x86_64, sym-7.2-build475561
4.
Installation and configuration
Follow the instructions in this
section to download and install this interim fix in your cluster.
System
requirements
Linux x86_64
Installation
a.
Log on to the master host as
the cluster administrator, stop the WEBGUI service:
> egosh service stop WEBGUI
b.
Log on to each management host
in the cluster and back up the following files, which will be replaced by this
interim fix:
> cp $EGO_TOP/gui/3.6/lib/commons-ego.jar $EGO_TOP/gui/3.6/
NOTE: Ensure that you do not back up the
commons-ego.jar file to the $EGO_TOP/gui/3.6/lib/ directory.
c.
On each management host,
download the sym-7.2.0.0_x86_64_build475561.tar.gz package and install this interim fix:
> tar zxfo
sym-7.2.0.0_x86_64_build475561.tar.gz -C $EGO_TOP
d.
Delete all subdirectories and
files in the following directory:
> $EGO_TOP/gui/work/*
> $EGO_TOP/gui/workarea/*
NOTE: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR
is set to true in the $EGO_CONFDIR/../../kernel/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
e.
Launch
your web browser and clear the browser cache.
f.
Log on to the master host as
the cluster administrator, start the WEBGUI service:
> egosh service start WEBGUI
5.
Uninstallation
If required, follow the instructions
in this section to uninstall this interim fix in your cluster.
a.
Log on to the master host as
the cluster administrator, stop the WEBGUI service:
> egosh service stop WEBGUI
b.
Log on to each management host in
the cluster and restore the following file from your backup:
$EGO_TOP/gui/3.6/lib/commons-ego.jar
c.
Delete all subdirectories and
files in the following directory:
>
$EGO_TOP/gui/work/*
>
$EGO_TOP/gui/workarea/*
NOTE: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/../../kernel/conf/wlp.conf
file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
d.
Launch
your web browser and clear the browser cache.
e.
Log on to the master host as
the cluster administrator, start the WEBGUI service:
> egosh service start WEBGUI
6.
List of files
gui/3.6/lib/commons-ego.jar
7.
Copyright and trademark
information
© Copyright IBM
Corporation 2017
U.S. Government Users
Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
IBM®, the IBM
logo, and ibm.com® are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.