Readme File for IBM® Platform
Symphony 7.1.1 Interim Fix 477914
Readme File for: Platform Symphony
Product Release: 7.1.1
Update Name: Interim Fix 477914
Fix ID: sym-7.1.1-build477914
Publication Date: December 22, 2017
A security vulnerability is
reported for Cross Frame Scripting version 2 (XFSv2) included in Platform
Symphony 7.1.1 that allows application pages to be captured within a frame from
another server. This interim fix adds the X-Frame-Options header to provide a
resolution for this issue.
Contents
1.
List of fixes
2.
Download location
3.
Product and components affected
4.
Installation and configuration
5.
Uninstallation
6.
List of files
7.
Copyright and trademark information
1.
List of fixes
APAR: P102425
2.
Download location
Download interim fix
477914 from the following location: https://www.ibm.com/eserver/support/fixes/
3.
Product and components affected
Component name,
Platform, Fix ID:
GUI/REST, Linux x86_64, sym-7.1.1-build477914
4.
Installation and configuration
Follow the instructions in this
section to download and install this interim fix in your cluster.
System
requirements
Linux x86_64
Installation
a.
Log on to the master host as
the cluster administrator and stop the WEBGUI and REST
services:
> egosh service stop WEBGUI REST
b.
Log on to each management host
in the cluster and back up the following files, which will be replaced by this
interim fix:
> cp $EGO_TOP/gui/3.3/lib/commons-ego.jar
$EGO_TOP/gui/3.3/
> cp $EGO_TOP/wlp/usr/shared/resources/rest/3.3/commons-ego.jar
$EGO_TOP/wlp/usr/shared/resources/rest/
> cp $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/web.xml.ORG
> cp
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/soamgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/soamgui/WEB-INF/web.xml.ORG
> cp
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/web.xml.ORG
> cp $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.3/platform/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.3/platform/WEB-INF/web.xml.ORG
> cp $EGO_TOP/wlp/usr/servers/gui/apps/is/7.1.1/isgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/is/7.1.1/isgui/WEB-INF/web.xml.ORG
NOTE: Ensure that you do not back up the
commons-ego.jar file to the $EGO_TOP/gui/3.3/lib/ directory.
c.
On each management host,
download the pssasetup2015_linux-x86_64_build477914.tar.gz package and install this interim fix:
> tar zxfo
pssasetup2015_linux-x86_64_build477914.tar.gz -C $EGO_TOP
d.
Delete all subdirectories and
files in the following directory:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
> rm -rf $EGO_TOP/kernel/rest/workarea/*
e.
Launch
your web browser and clear the browser cache.
f.
Log
on to the master host as the cluster administrator and start the WEBGUI and REST
services:
> egosh service start WEBGUI REST
5.
Uninstallation
If required, follow the instructions in this section
to uninstall this interim fix in your cluster.
a.
Log on to the master host as
the cluster administrator and stop the WEBGUI and REST
services:
> egosh service stop WEBGUI REST
b.
Log on to each management host
in the cluster and restore the following files from your backup:
$EGO_TOP/gui/3.3/lib/commons-ego.jar
$EGO_TOP/wlp/usr/shared/resources/rest/3.3/commons-ego.jar
$EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/soamgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.3/platform/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/is/7.1.1/isgui/WEB-INF/web.xml
c.
Delete all subdirectories and
files in the following directory:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
> rm -rf $EGO_TOP/kernel/rest/workarea/*
d.
Launch
your web browser and clear the browser cache.
e.
Log on to the master host as
the cluster administrator, start the WEBGUI and REST services:
> egosh service start WEBGUI REST
6.
List of files
gui/3.3/lib/commons-ego.jar
wlp/usr/shared/resources/rest/3.3/commons-ego.jar
wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/web.xml
wlp/usr/servers/gui/apps/soam/7.1.1/soamgui/WEB-INF/web.xml
wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/web.xml
wlp/usr/servers/gui/apps/ego/3.3/platform/WEB-INF/web.xml
wlp/usr/servers/gui/apps/is/7.1.1/isgui/WEB-INF/web.xml
7.
Copyright and trademark
information
© Copyright IBM
Corporation 2017
U.S. Government
Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
IBM®, the IBM
logo, and ibm.com® are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.