Readme File for IBM® Platform Symphony 7.1 Fix Pack 1
Interim Fix 521096
Readme file for: Platform Symphony
Product/Component
Release:
7.1 Fix Pack 1
Update
Name: Interim Fix 521096
Fix
ID:
sym-7.1-build521096
Publication
date:
June 10, 2019
This
readme file provides guidance on upgrading Jackson databind,
core, and annotations to version 2.9.8 in Platform Symphony 7.1 Fix Pack 1 in order to fix security vulnerabilities CVE-2018-14719,
CVE-2018-14718, CVE-2018-14720, and CVE-2018-14721.
Contents
1. List of
fixes
2. Download location
3. Products or
components affected
4. Installation
and configuration
5. Uninstallation
6. Product
notifications
7. Copyright and
trademark information
1.
List of fixes
APAR: P103019
2. Download
location
Download interim
fix 521096 from the following location: https://www.ibm.com/eserver/support/fixes/
3. Products or
components affected
Component name, Platform, Fix ID:
MapReduce, linux2.6-glibc2.3-x86_64, sym-7.1-build521096
4.
Installation and configuration
Follow
these steps to upgrade Jackson databind,
core, and annotations .jar files in a cluster with Platform Symphony 7.1 Fix
Pack 1 installed:
a.
Log on to the master host as cluster
administrator and stop the MRSS service:
> egosh
user logon -u Admin -x Admin
> egosh
service stop MRSS
b.
Log on to each management and compute host in
the cluster and download the following packages:
·
jackson-databind-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-databind/2.9.8/)
· jackson-core-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.9.8/)
· jackson-annotations-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-annotations/2.9.8/)
c.
For recovery purposes, move the following files
to a backup directory:
> mkdir -p /tmp/mrbackup/
> mv
$EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-annotations-2.2.3.jar
/tmp/mrbackup/
> mv
$EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-core-2.2.3.jar
/tmp/mrbackup/
> mv
$EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-databind-2.2.3.jar
/tmp/mrbackup/
NOTE: To avoid compatibility issues, ensure that you
move all old files to another directory altogether.
d.
On each management
and compute host, copy the following files to your
cluster directory:
> cp -rf
jackson-databind-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/
> cp -rf
jackson-core-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/
> cp -rf
jackson-annotations-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/
e.
From the master host,
start the MRSS service:
> egosh user logon -u Admin -x Admin
> egosh service start MRSS
5.
Uninstallation
If required, follow these steps to
uninstall the upgraded .jar files in a cluster with Platform Symphony 7.1 Fix
Pack 1 installed:
a. Log on to the master host as the cluster administrator and stop the MRSS service:
> egosh user logon -u Admin -x Admin
b.
Delete the following files that were introduced
by this interim fix:
> rm -fr $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-databind-2.9.8.jar
> rm -fr $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-core-2.9.8.jar
> rm -fr $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-annotations-2.9.8.jar
c.
On each management and compute host, restore
the following files from your backup:
> mv /tmp/mrback/*.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/
d.
From the
master host, start the MRSS service:
> egosh user logon -u Admin -x Admin
> egosh service start MRSS
6.
Product notifications
To receive information
about product solution and patch updates automatically, subscribe to product
notifications on the My Notifications page http://www.ibm.com/support/mynotifications/
on the IBM Support website (http://support.ibm.com). You can edit your
subscription settings to choose the types of information you want to get
notification about, for example, security bulletins, fixes, troubleshooting,
and product enhancements or documentation changes.
7.
Copyright and trademark information
©
Copyright IBM Corporation 2019
U.S. Government Users Restricted Rights - Use,
duplication or disclosure restricted by GSA ADP Schedule Contract with IBM
Corp.
IBM_, the IBM logo and ibm.com_ are trademarks
of International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at "Copyright
and trademark information" at www.ibm.com/legal/copytrade.shtml.