Readme for IBM Spectrum Conductor with Spark 2.2.1 Interim Fix 494339

Readme file for: IBM® Spectrum Conductor with Spark
Product/Component Release: 2.2.1
Update Name: Interim Fix 494339
Fix ID: cws-2.2.1-build494339-jpmc
Publication date: 25 June 2018

Description

This interim fix resolves the following CVEs from the jackson-databind (2.7.3, 2.7.4, 2.7.5, and 2.8.7) jar files and the spring-web-3.2.8.RELEASE.jar file in IBM Spectrum Conductor with Spark v2.2.1.

·       CVE-2017-7525

·       CVE-2017-15095

·       CVE-2018-7489

·       CVE-2015-5211

Contents

1.     List of fixes

2.     Download location

3.     Products or components affected

4.     Installation and configuration

5.     List of files

6.     Copyright and trademark information

List of fixes

APAR: P102617, P102618

Download location

Download Fix 494339 from the following location: http://www.ibm.com/eserver/support/fixes/

Products or components affected

1.     IBM Spectrum Conductor with Spark v2.2.1 

2.     ELK, WEBGUI, REST

3.     cws-2.2.1-build494339

Installation and configuration

Before installation

1.     Download the build494339.sh and cws-2.2.1.0_x86_64_build494339.tgz files to the same folder.

Installation

1.     Log in to the cluster management console as admin and stop all Spark instance groups.

2.     Log on to the master host as the cluster administrator.

3.     Stop the following system services:

$ egosh service stop elk-shipper

$ egosh service stop elk-indexer

$ egosh service stop elk-elasticsearch-master

$ egosh service stop elk-elasticsearch-data

$ egosh service stop elk-elasticsearch

$ egosh service stop elk-manager

$ egosh service stop REST

$ egosh service stop WEBGUI

4.     Log on to each host as the cluster administrator, source your environment, and then run the following script:

$ ./build494339.sh patch

5.     Start the following system services:

$ egosh service start elk-shipper

$ egosh service start elk-indexer

$ egosh service start elk-elasticsearch-master

$ egosh service start elk-elasticsearch-data

$ egosh service start elk-elasticsearch

$ egosh service start elk-manager

$ egosh service start REST

$ egosh service start WEBGUI

Uninstallation

1.     Log in to the cluster management console as admin and stop all Spark instance groups.

2.     Log on to the master host as the cluster administrator.

3.     Stop the following system services:

$ egosh service stop elk-shipper

$ egosh service stop elk-indexer

$ egosh service stop elk-elasticsearch-master

$ egosh service stop elk-elasticsearch-data

$ egosh service stop elk-elasticsearch

$ egosh service stop elk-manager

$ egosh service stop REST

$ egosh service stop WEBGUI

4.     Log on to each host as the cluster administrator, source your environment, and then run the following script:

$ ./build494339.sh rollback

5.     Start the following system services:

$ egosh service start elk-shipper

$ egosh service start elk-indexer

$ egosh service start elk-elasticsearch-master

$ egosh service start elk-elasticsearch-data

$ egosh service start elk-elasticsearch

$ egosh service start elk-manager

$ egosh service start REST

$ egosh service start WEBGUI

List of files

·       jackson-annotations-2.9.5.jar

·       jackson-core-2.9.5.jar

·       jackson-databind-2.9.5.jar

·       jackson-dataformat-cbor-2.9.5.jar

·       jackson-module-afterburner-2.9.5.jar

Copyright and trademark information

© Copyright IBM Corporation 2018

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml