Readme File for IBM® Spectrum Symphony 7.1.2 Interim
Fix 478371
Readme File for: IBM Spectrum Symphony
Product Release: 7.1.2
Update Name: Interim Fix 478371
Fix ID: sym-7.1.2-build478371
Publication Date: January 04, 2018
A security vulnerability
in Cross Frame Scripting version 2 (XFSv2), which is included in IBM Spectrum
Symphony 7.1.2, allows application pages to be captured within a frame from
another server. This interim fix adds the X-Frame-Options header to provide a
resolution for this issue.
Contents
1. List of fixes
2. Download location
3. Product and
components affected
4. Installation and
configuration
5. Uninstallation
6. List of files
7. Copyright and
trademark information
1.
List of fixes
APAR: P102425
2.
Download location
Download interim fix 478371 from
the following location: https://www.ibm.com/eserver/support/fixes/
3.
Product and components affected
Component name, Platform,
Fix ID:
GUI/REST, Linux x86_64, sym-7.1.2-build478371
4.
Installation and configuration
Follow the instructions in this
section to download and install this interim fix in your cluster.
System
requirements
Linux x86_64
Installation
a.
Log on to the master host as the cluster administrator
and stop the WEBGUI and REST services:
> egosh user logon -u Admin -x Admin
>
egosh service stop WEBGUI REST
b.
Log on to each management host in the cluster
and back up the following files, which will be replaced by this interim fix:
>
cp $EGO_TOP/gui/3.4/lib/commons-ego.jar
$EGO_TOP/gui/3.4/
>
cp $EGO_TOP/wlp/usr/shared/resources/rest/3.4/commons-ego.jar $EGO_TOP/wlp/usr/shared/resources/rest/
>
cp $EGO_TOP/wlp/usr/servers/gui/apps/3.4/common_ui/WEB-INF/web.xml $EGO_TOP/wlp/usr/servers/gui/apps/3.4/common_ui/WEB-INF/web.xml.ORG
>
cp
$EGO_TOP/wlp/usr/servers/gui/apps/perf/3.4/perfgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/perf/3.4/perfgui/WEB-INF/web.xml.ORG
>
cp $EGO_TOP/wlp/usr/servers/gui/apps/is/7.1.2/isgui/WEB-INF/web.xml $EGO_TOP/wlp/usr/servers/gui/apps/is/7.1.2/isgui/WEB-INF/web.xml.ORG
NOTE:
Ensure that you do not back up the commons-ego.jar
file to the existing directory.
c.
On each management host, download the sym-7.1.2.0_x86_64_build478371.tar.gz
package and install this interim fix:
> tar zxfo
sym-7.1.2.0_x86_64_build478371.tar.gz -C $EGO_TOP
d.
Delete all subdirectories and files in the
following directory:
>
$EGO_TOP/gui/work/*
>
$EGO_TOP/gui/workarea/*
NOTE:
If you configured the WLP_OUTPUT_DIR
parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR
is set to true in the $EGO_CONFDIR/../../kernel/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
e.
Launch
your web browser and clear the browser cache.
f.
From the master host, start the WEBGUI and REST
services:
>
egosh service start WEBGUI REST
5.
Uninstallation
If required, follow the instructions
in this section to uninstall this interim fix in your cluster.
a.
Log on to the master host as the cluster
administrator and stop the WEBGUI and REST services:
> egosh user logon -u
Admin -x Admin
>
egosh service stop WEBGUI REST
b.
Log on to each management host in the cluster
and restore the following files from your backup:
$EGO_TOP/gui/3.4/lib/commons-ego.jar
$EGO_TOP/wlp/usr/shared/resources/rest/3.4/commons-ego.jar
$EGO_TOP/wlp/usr/servers/gui/apps/3.4/common_ui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/is/7.1.2/isgui/WEB-INF/web.xml
$EGO_TOP/wlp/usr/servers/gui/apps/perf/3.4/perfgui/WEB-INF/web.xml
c.
Delete all subdirectories and files in the
following directory:
> $EGO_TOP/gui/work/*
> $EGO_TOP/gui/workarea/*
NOTE: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is
set to true in the $EGO_CONFDIR/../../kernel/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
d.
Launch
your web browser and clear the browser cache.
e.
From the master host, start the WEBGUI and REST
services:
>
egosh service start WEBGUI REST
6.
List of files
gui/3.4/lib/commons-ego.jar
wlp/usr/shared/resources/rest/3.4/commons-ego.jar
wlp/usr/servers/gui/apps/3.4/common_ui/WEB-INF/web.xml
wlp/usr/servers/gui/apps/is/7.1.2/isgui/WEB-INF/web.xml
wlp/usr/servers/gui/apps/perf/3.4/perfgui/WEB-INF/web.xml
7.
Copyright and trademark information
© Copyright IBM Corporation 2017
U.S. Government Users Restricted
Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
IBM®, the IBM logo, and ibm.com®
are trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of
IBM or other companies. A current list of IBM trademarks is available on the
Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.