Readme
File for IBM® Spectrum
Symphony 7.2.0.2 Interim Fix 498480
Readme file for: IBM Spectrum Symphony
Product/Component
Release:
7.2.0.2
Update
Name: Interim Fix 498480
Fix
ID:
sym-7.2.0.2-build498480
Publication
date:
September 5, 2018
This interim fix upgrades the jackson-databind, jackson-core,
and jackson-annotations packages bundled with IBM
Spectrum Symphony 7.2.0.2 to version 2.9.5 in order to
fix security vulnerability CVE-2017-7525.
Contents
1. List of
Fixes
2. Download location
3. Products or
components affected
4. Installation
and configuration
5. Uninstallation
6. List of files
7. Copyright
and trademark information
1.
List of Fixes
APAR: P102454
2. Download
location
Download interim
fix 498480 from the following location: https://www.ibm.com/eserver/support/fixes/
3. Products or
components affected
Component name,
Platform, Fix ID:
ELK/MapReduce/WEBGUI, Linux-x86_64, sym-7.2.0.2-build498480
4.
Installation and configuration
Follow
these steps to upgrade the Jackson databind,
core, and annotations JAR files in the IBM Spectrum Symphony 7.2.0.2 cluster:
a.
Log on to the master
host as the cluster administrator and stop the
MRSS, elk, and WEBGUI services:
> egosh
user logon -u Admin -x Admin
> egosh
service stop MRSS elk-indexer elk-elasticsearch elk-elasticsearch-master elk-elasticsearch-data
WEBGUI
b.
For recovery purposes, move the following files
to a backup directory:
$EGO_TOP/integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-core-2.8.6.jar
$EGO_TOP/integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-cbor-2.8.6.jar
$EGO_TOP/integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-smile-2.8.6.jar
$EGO_TOP/integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-yaml-2.8.6.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-annotations/2.7.0/jackson-annotations-2.7.0.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-core/2.7.4/jackson-core-2.7.4.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-databind/2.7.4/jackson-databind-2.7.4.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.7.4/jackson-dataformat-cbor-2.7.4.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.7.4/jackson-module-afterburner-2.7.4.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-annotations/2.7.3/jackson-annotations-2.7.3.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-core/2.7.3/jackson-core-2.7.3.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-databind/2.7.3/jackson-databind-2.7.3.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.7.3/jackson-module-afterburner-2.7.3.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.7.5/jackson-annotations-2.7.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.7.5/jackson-core-2.7.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.7.5/jackson-databind-2.7.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.7.5/jackson-module-afterburner-2.7.5.jar
$EGO_TOP/soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.2.3.jar
$EGO_TOP/soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.2.3.jar
$EGO_TOP/soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.2.3.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-annotations-2.8.0.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-core-2.8.7.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-databind-2.8.7.jar
NOTE: To avoid compatibility issues, move all old
files to another directory altogether.
c.
Log on each management
host as the cluster administrator, download the sym-7.2.0.2_x86_64_build498480.tar.gz package, and decompress the package:
> tar zxfo sym-7.2.0.2_x86_64_build498480.tar.gz -C $EGO_TOP
d.
From the master host,
start the MRSS, elk, and WEBGUI services:
> egosh service start MRSS elk-indexer elk-elasticsearch elk-elasticsearch-master
elk-elasticsearch-data WEBGUI
5.
Uninstallation
If
required, follow these steps to uninstall the upgraded JAR files in the IBM
Spectrum Symphony 7.2.0.2 cluster:
a. Log on to the master host as the cluster administrator and stop the
following services:
> egosh user logon -u Admin -x Admin
> egosh service stop MRSS elk-indexer elk-elasticsearch elk-elasticsearch-master
elk-elasticsearch-data WEBGUI
b.
Delete the following files that were introduced
by this interim fix:
$EGO_TOP/integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-core-2.9.5.jar
$EGO_TOP/integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-cbor-2.9.5.jar
$EGO_TOP/integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-smile-2.9.5.jar
$EGO_TOP/integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-yaml-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-annotations/2.9.5/jackson-annotations-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.9.5/jackson-dataformat-cbor-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.5/jackson-module-afterburner-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-annotations/2.9.5/jackson-annotations-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.5/jackson-module-afterburner-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.9.5/jackson-annotations-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
$EGO_TOP/integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.5/jackson-module-afterburner-2.9.5.jar
$EGO_TOP/soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.9.5.jar
$EGO_TOP/soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.9.5.jar
$EGO_TOP/soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.9.5.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-annotations-2.9.5.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-core-2.9.5.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-databind-2.9.5.jar
c.
On each management host, restore the files from
your backup:
d.
Log on to
the master host as the cluster administrator and start the following services:
> egosh user logon -u Admin -x Admin
> egosh service start MRSS elk-indexer elk-elasticsearch elk-elasticsearch-master
elk-elasticsearch-data WEBGUI
6.
List of files
integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-core-2.9.5.jar
integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-cbor-2.9.5.jar
integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-smile-2.9.5.jar
integration/elk/1.4/elasticsearch-5.4.2/lib/jackson-dataformat-yaml-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-annotations/2.9.5/jackson-annotations-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.9.5/jackson-dataformat-cbor-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/logstash-core/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.5/jackson-module-afterburner-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-annotations/2.9.5/jackson-annotations-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/jrjackson-0.4.2-java/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.5/jackson-module-afterburner-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.9.5/jackson-annotations-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar
integration/elk/1.4/logstash-5.4.2/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.18-java/vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.5/jackson-module-afterburner-2.9.5.jar
soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.9.5.jar
soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.9.5.jar
soam/mapreduce/7.2/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.9.5.jar
wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-annotations-2.9.5.jar
wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-databind-2.9.5.jar
wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-core-2.9.5.jar
7.
Copyright and trademark information
© Copyright
IBM Corporation 2018
U.S. Government
Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
IBM®,
the IBM logo and ibm.com® are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.