Readme
File for IBM® Platform
Symphony 7.1.1 Interim Fix 521102
Readme file for: Platform Symphony
Product/Component
Release:
7.1.1
Update
Name: Interim Fix 521102
Fix
ID:
sym-7.1.1-build521102
Publication
date:
June 10, 2019
This readme file provides guidance on upgrading Jackson databind, core, and annotations to version 2.9.8 in Platform Symphony 7.1.1 in order to fix security vulnerabilities CVE-2018-14719, CVE-2018-14718, CVE-2018-14720, and CVE-2018-14721.
Contents
1. List of
fixes
2. Download location
3. Products or
components affected
4. Installation
and configuration
5. Uninstallation
6. Product
notifications
7. Copyright
and trademark information
1.
List of fixes
APAR: P103019
2. Download
location
Download interim
fix 521102 from the following location: https://www.ibm.com/eserver/support/fixes/
3. Products or
components affected
Component name, Platform, Fix ID:
MapReduce, Linux-x86_64, sym-7.1.1-build521102
4.
Installation and configuration
Follow
these steps to upgrade Jackson databind,
core, and annotations .jar files in a cluster with Platform Symphony 7.1.1
installed:
a.
Log on to the master
host as the cluster administrator and stop the MRSS
service:
> egosh
user logon -u Admin -x Admin
> egosh
service stop MRSS
b.
Log on to each management and compute host in
the cluster and download the following packages:
·
jackson-databind-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-databind/2.9.8/)
· jackson-core-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.9.8/)
· jackson-annotations-2.9.8.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-annotations/2.9.8/)
c.
For recovery purposes, move the following files
to a backup directory:
> mkdir -p /tmp/hadoop-2.6.0/
> mkdir -p /tmp/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/jackson-annotations-2.2.3.jar
/tmp/hadoop-2.6.0/
> mv
$EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/jackson-core-2.2.3.jar
/tmp/hadoop-2.6.0/
> mv $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/jackson-databind-2.2.3.jar
/tmp/hadoop-2.6.0/
> mv
$EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.2.3.jar
/tmp/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.2.3.jar
/tmp/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.2.3.jar
/tmp/hadoop-2.7.x/
NOTE: To
avoid compatibility issues, ensure that you move all old files to another
directory altogether.
d.
On each management
and compute host, copy the following files to your
cluster:
> cp -rf
jackson-databind-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/
> cp -rf
jackson-core-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/
> cp -rf
jackson-annotations-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/
> cp -rf
jackson-databind-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf
jackson-core-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf
jackson-annotations-2.9.8.jar $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/
e.
From the master host,
start the MRSS service:
> egosh user logon -u Admin -x Admin
> egosh service start MRSS
5.
Uninstallation
If required, follow these steps to
uninstall the upgraded .jar files in a cluster with Platform Symphony 7.1.1
installed:
a. Log on to the master host as the cluster administrator and stop the MRSS
service:
> egosh user logon -u Admin -x Admin
b.
Remove the following files that were introduced
by this interim fix:
> rm -fr $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/jackson-databind-2.9.8.jar
> rm -fr $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/jackson-core-2.9.8.jar
> rm -fr $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/jackson-annotations-2.9.8.jar
> rm -fr $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.9.8.jar
> rm -fr $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.9.8.jar
> rm -fr $EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.9.8.jar
c.
On each management and compute host, restore
the following files from your backup:
> mv /tmp/hadoop-2.6.0/*.jar
$EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.6.0/
> mv /tmp/hadoop-2.7.x/*.jar
$EGO_TOP/soam/mapreduce/7.1.1/linux-x86_64/lib/hadoop-2.7.x/
d.
From the
master host, start the MRSS service:
> egosh user logon -u Admin -x Admin
> egosh service start MRSS
6.
Product notifications
To receive information about product solution and patch updates
automatically, subscribe to product notifications on the My Notifications
page http://www.ibm.com/support/mynotifications/ on the IBM Support website
(http://support.ibm.com). You can edit your subscription settings to choose the
types of information you want to get notification about, for example, security
bulletins, fixes, troubleshooting, and product enhancements or documentation
changes.
7.
Copyright and trademark information
© Copyright IBM
Corporation 2019
U.S. Government Users Restricted Rights - Use,
duplication or disclosure restricted by GSA ADP Schedule Contract with IBM
Corp.
IBM®, the IBM logo and ibm.com® are trademarks
of International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.