Readme File for IBM® Platform Symphony 7.1 Fix Pack 1 Interim Fix 521096

Readme file for: Platform Symphony

Product/Component Release: 7.1 Fix Pack 1

Update Name: Interim Fix 521096

Fix ID: sym-7.1-build521096

Publication date: June 10, 2019

This readme file provides guidance on upgrading Jackson databind, core, and annotations to version 2.9.8 in Platform Symphony 7.1 Fix Pack 1 in order to fix security vulnerabilities CVE-2018-14719, CVE-2018-14718, CVE-2018-14720, and CVE-2018-14721.

Contents

1.   List of fixes

2.  Download location

3.   Products or components affected

4.   Installation and configuration

5.  Uninstallation

6.   Product notifications

7. Copyright and trademark information

1.    List of fixes

APAR: P103019

2.    Download location

Download interim fix 521096 from the following location: https://www.ibm.com/eserver/support/fixes/

3.    Products or components affected

Component name, Platform, Fix ID:

MapReduce, linux2.6-glibc2.3-x86_64, sym-7.1-build521096

4.    Installation and configuration

Follow these steps to upgrade Jackson databind, core, and annotations .jar files in a cluster with Platform Symphony 7.1 Fix Pack 1 installed:

a.     Log on to the master host as cluster administrator and stop the MRSS service:

> egosh user logon -u Admin -x Admin  

> egosh service stop MRSS

b.     Log on to each management and compute host in the cluster and download the following packages:

·        jackson-databind-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-databind/2.9.8/)

·        jackson-core-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.9.8/)
·        jackson-annotations-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-annotations/2.9.8/)

c.      For recovery purposes, move the following files to a backup directory:

> mkdir -p /tmp/mrbackup/

> mv $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-annotations-2.2.3.jar /tmp/mrbackup/

> mv $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-core-2.2.3.jar /tmp/mrbackup/

> mv $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-databind-2.2.3.jar /tmp/mrbackup/

NOTE: To avoid compatibility issues, ensure that you move all old files to another directory altogether.

d.     On each management and compute host, copy the following files to your cluster directory:

> cp -rf jackson-databind-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/

> cp -rf jackson-core-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/

> cp -rf jackson-annotations-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/

e.     From the master host, start the MRSS service:

> egosh user logon -u Admin -x Admin

> egosh service start MRSS

5.    Uninstallation

If required, follow these steps to uninstall the upgraded .jar files in a cluster with Platform Symphony 7.1 Fix Pack 1 installed:

a.     Log on to the master host as the cluster administrator and stop the MRSS service:

> egosh user logon -u Admin -x Admin

> egosh service stop MRSS

b.     Delete the following files that were introduced by this interim fix:

> rm -fr $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-databind-2.9.8.jar

> rm -fr $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-core-2.9.8.jar

> rm -fr $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-annotations-2.9.8.jar

c.      On each management and compute host, restore the following files from your backup:

> mv /tmp/mrback/*.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/

d.     From the master host, start the MRSS service:

> egosh user logon -u Admin -x Admin

> egosh service start MRSS

6.    Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes. 

7.    Copyright and trademark information

© Copyright IBM Corporation 2019

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM_, the IBM logo and ibm.com_ are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.