Readme File for IBM® Spectrum
Symphony 7.2.0.2 Interim Fix 522354
Readme File for: IBM Spectrum Symphony
Product Release: 7.2.0.2
Update Name: Interim Fix 522354
Fix ID: sym-7.2.0.2_x86_64-build522354
Publication Date: June 18, 2019
This interim fix upgrades the Spring
Security OAuth package in IBM Spectrum Symphony
7.2.0.2 to version 2.0.17 in order to resolve an open redirect to the authorization endpoint
vulnerability (CVE-2019-3778).
Contents
1.
List of fixes
2.
Download location
3.
Product and components affected
4.
Installation and configuration
5.
Uninstallation
6.
List of files
7. Product notifications
8.
Copyright and trademark information
1.
List
of fixes
APAR: P103072
2.
Download
location
Download interim fix 522354 from the
following location: https://www.ibm.com/eserver/support/fixes/
3.
Product
and components affected
Component name, Platform, Fix ID:
OpenIdClient,
Linux x86_64, sym-7.2.0.2_x86_64-build522354
4.
Installation
and configuration
Follow the instructions in this
section to download and install this interim fix in your cluster.
System requirements
Linux
x86_64
Installation
a. Log
on to the master host as the cluster administrator and stop the SYMREST
and OpenIdClient services:
$ egosh user logon -u Admin -x Admin
$ egosh service stop SYMREST OpenIdClient
b. For recovery purposes, back up the following file:
$EGO_TOP/wlp/usr/servers/openid/SymOpenIdClient-7.2.0.2.war
c. Download
the sym-7.2.0.2_x86_64-build522354.tar.gz
file to each of your management hosts.
d. Log on to each management host as the cluster
administrator and extract the contents of the sym-7.2.0.2_x86_64-build522354.tar.gz package to the top-level installation directory, for example:
$ tar
zxfo sym-7.2.0.2_x86_64-build522354.tar.gz -C
$EGO_TOP/
e. From the
master host, start the SYMREST and OpenIdClient
services:
$ egosh service start SYMREST OpenIdClient
5.
Uninstallation
If required, follow the instructions in this section to
uninstall this interim fix from your cluster.
a. Log
on to the master host as the cluster administrator and stop the SYMREST and OpenIdClient services:
$ egosh user logon -u Admin -x Admin
$ egosh service stop SYMREST OpenIdClient
b. Log on to each management host in the cluster
and restore your backup for the following file:
$EGO_TOP/wlp/usr/servers/openid/SymOpenIdClient-7.2.0.2.war
c. From the
master host, start the SYMREST and OpenIdClient
services:
$ egosh service start SYMREST OpenIdClient
6.
List
of files
wlp/usr/servers/openid/SymOpenIdClient-7.2.0.2.war
7.
Product notifications
To receive information about product solution
and patch updates automatically, subscribe to product notifications on the My
Notifications page http://www.ibm.com/support/mynotifications/ on the IBM
Support website (http://support.ibm.com). You can edit your subscription
settings to choose the types of information you want to get notification about,
for example, security bulletins, fixes, troubleshooting, and product
enhancements or documentation changes.
8.
Copyright
and trademark information
© Copyright IBM
Corporation 2019
U.S. Government
Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
IBM®, the IBM
logo, and ibm.com® are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.