Readme File for IBM® Spectrum Symphony 7.2.0.2 Interim Fix 522354

Readme File for: IBM Spectrum Symphony

Product Release: 7.2.0.2

Update Name: Interim Fix 522354

Fix ID: sym-7.2.0.2_x86_64-build522354

Publication Date: June 18, 2019

This interim fix upgrades the Spring Security OAuth package in IBM Spectrum Symphony 7.2.0.2 to version 2.0.17 in order to resolve an open redirect to the authorization endpoint vulnerability (CVE-2019-3778).

Contents

1. List of fixes

2. Download location

3. Product and components affected

4. Installation and configuration

5. Uninstallation

6. List of files

7. Product notifications

8. Copyright and trademark information

1.    List of fixes

APAR: P103072

2.    Download location

Download interim fix 522354 from the following location: https://www.ibm.com/eserver/support/fixes/

3.    Product and components affected

Component name, Platform, Fix ID:                                                             

OpenIdClient, Linux x86_64, sym-7.2.0.2_x86_64-build522354

4.    Installation and configuration

Follow the instructions in this section to download and install this interim fix in your cluster.

System requirements

Linux x86_64

Installation

a.      Log on to the master host as the cluster administrator and stop the SYMREST and OpenIdClient services:

$ egosh user logon -u Admin -x Admin

$ egosh service stop SYMREST OpenIdClient

b.      For recovery purposes, back up the following file:

$EGO_TOP/wlp/usr/servers/openid/SymOpenIdClient-7.2.0.2.war

c.      Download the sym-7.2.0.2_x86_64-build522354.tar.gz file to each of your management hosts.

d.      Log on to each management host as the cluster administrator and extract the contents of the sym-7.2.0.2_x86_64-build522354.tar.gz package to the top-level installation directory, for example:

$ tar zxfo sym-7.2.0.2_x86_64-build522354.tar.gz -C $EGO_TOP/

e.      From the master host, start the SYMREST and OpenIdClient services:

$ egosh service start SYMREST OpenIdClient

5.    Uninstallation

If required, follow the instructions in this section to uninstall this interim fix from your cluster.

a.      Log on to the master host as the cluster administrator and stop the SYMREST and OpenIdClient services:

$ egosh user logon -u Admin -x Admin

$ egosh service stop SYMREST OpenIdClient

b.     Log on to each management host in the cluster and restore your backup for the following file:

$EGO_TOP/wlp/usr/servers/openid/SymOpenIdClient-7.2.0.2.war

c.      From the master host, start the SYMREST and OpenIdClient services:

$ egosh service start SYMREST OpenIdClient

6.    List of files

wlp/usr/servers/openid/SymOpenIdClient-7.2.0.2.war

7.    Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.

8.    Copyright and trademark information

© Copyright IBM Corporation 2019

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.