Readme File for IBM® Platform Symphony 7.1 Interim
Fix 478374
Readme File for: Platform Symphony
Product Release: 7.1 Fix Pack 1
Update Name: Interim Fix 478374
Fix ID: sym-7.1-build478374
Publication Date: December 29, 2017
A security
vulnerability in Cross Frame Scripting version 2 (XFSv2), which is included in
IBM Platform Symphony 7.1 Fix Pack 1, allows application pages to be captured
within a frame from another server. This interim fix adds the X-Frame-Options
header to provide a resolution for this issue.
Contents
1. List of fixes
2. Download location
3. Product and
components affected
4. Installation and
configuration
5. Uninstallation
6. List of files
7. Copyright and
trademark information
1.
List of fixes
APAR: P102425
2.
Download location
Download interim fix 478374 from
the following location: https://www.ibm.com/eserver/support/fixes/
3.
Product and components affected
Component name, Platform,
Fix ID:
GUI, Linux x86_64, sym-7.1-build478374
4.
Installation and configuration
Follow the instructions in this
section to download and install this interim fix in your cluster.
System
requirements
Linux x86_64
Installation
a.
Log on to the master host as the cluster
administrator and stop the WEBGUI service:
> egosh user logon -u Admin -x Admin
>
egosh service stop WEBGUI
b.
Log on to each management host in the cluster
and back up the following files, which will be replaced by this interim fix:
>
cp $EGO_TOP/gui/3.1/lib/commons-ego.jar
$EGO_TOP/gui/3.1/
>
cp $EGO_TOP/gui/3.1/common_ui/WEB-INF/web.xml
$EGO_TOP/gui/3.1/common_ui/WEB-INF/web.xml.ORG
>
cp $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml.ORG
>
cp $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml.ORG
>
cp $EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml.ORG
NOTE:
Ensure that you do not back up the commons-ego.jar
file to the existing directory.
c.
On each management host, download the sym7.1_lnx26-lib23-x64_build478374.tar.gz package and install this
interim fix:
> tar zxfo sym7.1_lnx26-lib23-x64_build478374.tar.gz -C $EGO_TOP
d.
Delete all subdirectories and files in the
following directory:
>
$EGO_TOP/gui/work/*
e.
Launch
your web browser and clear the browser cache.
f.
From the master host, start the WEBGUI service:
>
egosh service start WEBGUI
5.
Uninstallation
If required, follow the instructions
in this section to uninstall this interim fix in your cluster.
a.
Log on to the master host as the cluster
administrator and stop the WEBGUI service:
> egosh user logon -u
Admin -x Admin
>
egosh service stop WEBGUI
b.
Log on to each management host in the cluster
and restore the following files from your backup:
$EGO_TOP/gui/3.1/lib/commons-ego.jar
$EGO_TOP/gui/3.1/common_ui/WEB-INF/web.xml
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/web.xml
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/web.xml
$EGO_TOP/gui/is/7.1/isgui/WEB-INF/web.xml
c.
Delete all subdirectories and files in the
following directory:
> $EGO_TOP/gui/work/*
d.
Launch
your web browser and clear the browser cache.
e.
From the master host, start the WEBGUI service:
>
egosh service start WEBGUI
6.
List of files
gui/3.1/lib/commons-ego.jar
gui/3.1/common_ui/WEB-INF/web.xml
gui/perf/3.1/perfgui/WEB-INF/web.xml
gui/soam/7.1/symgui/WEB-INF/web.xml
gui/is/7.1/isgui/WEB-INF/web.xml
7.
Copyright and trademark information
© Copyright IBM Corporation 2017
U.S. Government Users Restricted
Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
IBM®, the IBM logo, and ibm.com®
are trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of
IBM or other companies. A current list of IBM trademarks is available on the
Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.