Readme File
for IBM® Spectrum Symphony 7.2.1 Interim Fix
531757
Readme file
for:
IBM Spectrum Symphony
Product/Component
Release:
7.2.1
Update Name: Interim Fix 531757
Fix ID: sym-7.2.1-build531757
Publication date: October 16, 2019
This
readme file provides guidance on upgrading the Jackson databind, core, and
annotations to version 2.9.10 in IBM Spectrum Symphony 7.2.1 in order to fix
security vulnerabilities CVE-2019-12814, CVE-2019-14439, CVE-2019-14379, and
CVE-2019-16335.
Contents
1. List of
fixes
2. Download location
3. Products or
components affected
4. Installation
and configuration
5. Uninstallation
6. Product
notifications
1.
List of fixes
APAR: P103254
2. Download
location
Download interim
fix 531757 from the following location: https://www.ibm.com/eserver/support/fixes/
3. Products or
components affected
Component
name, Platform, Fix ID:
HostFactory/MapReduce/GUI, Linux-x86_64, sym-7.2.1-build531757
4.
Installation and configuration
Follow these steps to upgrade
Jackson databind, core, and annotations .jar
files in a cluster with IBM Spectrum Symphony 7.2.1 installed:
a.
Log on to the master host
as the cluster administrator and stop the following services:
> egosh user logon -u
Admin -x Admin
> egosh service stop MRSS
WEBGUI HostFactory OpenIdClient
b.
Log on to each management and compute host in
the cluster and download the following packages:
· jackson-databind-2.9.10.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-databind/2.9.10/)
· jackson-core-2.9.10.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.9.10/)
· jackson-annotations-2.9.10.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-annotations/2.9.10/)
c. On each
management host, move the following files to a backup directory for recovery
purposes:
> mkdir -p
/tmp/hadoop-2.7.x/
> mkdir -p
/tmp/guilib/
> mkdir -p
/tmp/hflib/
> mv
$EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.9.5.jar
/tmp/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.9.5.jar
/tmp/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.9.5.jar
/tmp/hadoop-2.7.x/
> mv
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/jackson-annotations-2.9.5.jar
/tmp/guilib/
> mv
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/jackson-core-2.9.5.jar
/tmp/guilib/
> mv
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/jackson-databind-2.9.5.jar
/tmp/guilib/
> mv
$EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-annotations-2.9.5.jar
/tmp/hflib/
> mv
$EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-core-2.9.5.jar
/tmp/hflib/
> mv
$EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-databind-2.9.5.jar
/tmp/hflib/
NOTE: To avoid compatibility issues, move all old
files to another directory altogether.
d.
On each compute host, move the following files
to a backup directory for recovery purposes:
> mkdir -p
/tmp/hadoop-2.7.x/
> mkdir -p
/tmp/hflib/
> mv $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.9.5.jar
/tmp/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.9.5.jar
/tmp/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.9.5.jar
/tmp/hadoop-2.7.x/
> mv
$EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-annotations-2.9.5.jar
/tmp/hflib/
> mv
$EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-core-2.9.5.jar
/tmp/hflib/
> mv $EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-databind-2.9.5.jar
/tmp/hflib/
NOTE: To avoid compatibility issues, move all old
files to another directory altogether.
e.
On each management
host, copy the following files to your cluster:
> cp -rf
jackson-databind-2.9.10.jar $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf
jackson-core-2.9.10.jar $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf
jackson-annotations-2.9.10.jar $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf jackson-databind-2.9.10.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/
> cp -rf jackson-core-2.9.10.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/
> cp -rf jackson-annotations-2.9.10.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/
> cp -rf jackson-annotations-2.9.10.jar
$EGO_TOP/3.7/hostfactory/providers/common/lib/
> cp -rf jackson-core-2.9.10.jar
$EGO_TOP/3.7/hostfactory/providers/common/lib/
> cp -rf jackson-databind-2.9.10.jar
$EGO_TOP/3.7/hostfactory/providers/common/lib/
f. On each management host, create a directory (for example, /symfixes) and download the soammgmt-7.2.1.0_noarch_build531757.tar.gz package to
the directory.
g.
Run the egoinstallfixes command to install the soammgmt-7.2.1.0_noarch_build531757.tar.gz package:
> egoinstallfixes /symfixes/soammgmt-7.2.1.0_noarch_build531757.tar.gz
NOTE: The egoinstallfixes command
automatically backs up the current binary files to a fix backup directory for
recovery purposes. Do not delete this backup directory; you will need it if you
want to recover the original files. For more information on using this
command, see the egoinstallfixes command
reference.
h. Run the pversions command to verify the installation:
> pversions -b 531757
IBM Spectrum soammgmt 7.2.1.0
-----------------------------
binary type: noarch, Oct 14 2019, Build 531757
installed: Oct 16 2019
notes:
fixes: P103254
files:
/wlp/usr/servers/openid/SymOpenIdClient-7.2.1.0.war
i. On each management host, delete all subdirectories and files in the GUI
work directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
Note: If you changed the default configuration for the WLP_OUTPUT_DIR environment variable and the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter is set to true in the $EGO_CONFDIR/wlp.conf file, you
must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
f. Launch your
browser and clear the browser cache.
j. On each compute host, copy the following files to your cluster:
> cp -rf
jackson-databind-2.9.10.jar $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf
jackson-core-2.9.10.jar $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf
jackson-annotations-2.9.10.jar $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf jackson-annotations-2.9.10.jar
$EGO_TOP/3.7/hostfactory/providers/common/lib/
> cp -rf jackson-core-2.9.10.jar
$EGO_TOP/3.7/hostfactory/providers/common/lib/
> cp -rf jackson-databind-2.9.10.jar
$EGO_TOP/3.7/hostfactory/providers/common/lib/
k. From the master host, start the following services:
> egosh user logon -u Admin -x Admin
> egosh service start MRSS WEBGUI HostFactory OpenIdClient
5.
Uninstallation
If
required, follow these steps to uninstall the upgraded .jar
files in a cluster with IBM Spectrum Symphony 7.2.1 installed:
a. Log on to the master host as the cluster administrator and stop the
following services:
> egosh user logon -u Admin -x Admin
> egosh service
stop MRSS WEBGUI HostFactory OpenIdClient
b.
Log on to each management host and remove the
following files that were introduced by this interim fix:
> rm -rf $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.9.10.jar
> rm -rf $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.9.10.jar
> rm -rf $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.9.10.jar
> rm -rf $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/jackson-databind-2.9.10.jar
> rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/jackson-core-2.9.10.jar
> rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/jackson-annotations-2.9.10.jar
> rm -rf $EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-databind-2.9.10.jar
> rm -rf $EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-core-2.9.10.jar
> rm -rf $EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-annotations-2.9.10.jar
c.
Log on to each compute host and remove the
following files that were introduced by this interim fix:
> rm -rf $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.9.10.jar
> rm -rf $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.9.10.jar
> rm -rf $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.9.10.jar
> rm -rf $EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-databind-2.9.10.jar
> rm -rf $EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-core-2.9.10.jar
> rm -rf $EGO_TOP/3.7/hostfactory/providers/common/lib/jackson-annotations-2.9.10.jar
d.
On each management host, restore the following
files from your backup:
> mv
/tmp/hadoop-2.7.x/*.jar $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/
> mv
/tmp/guilib/* $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.7/platformv5/WEB-INF/lib/
> mv
/tmp/hflib/* $EGO_TOP/3.7/hostfactory/providers/common/lib/
e. On each
management host, run the egoinstallfixes command to roll back this interim fix:
· To uninstall with the build number, enter:
> egoinstallfixes -r 531757 --silent
· To uninstall by specifying the full path to the interim fix
package, enter (for example):
> egoinstallfixes -r
/symfixes/soammgmt-7.2.1.0_noarch_build531757.tar.gz
f.
On each management host, delete all
subdirectories and files in the GUI work directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
Note: If you changed the default configuration for the WLP_OUTPUT_DIR environment variable and the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter is set to true in the $EGO_CONFDIR/wlp.conf file, you
must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
g.
Launch your browser and clear the browser
cache.
h.
On each compute host, restore the following
files from your backup:
> mv
/tmp/hadoop-2.7.x/*.jar $EGO_TOP/soam/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/
> mv /tmp/hflib/*
$EGO_TOP/3.7/hostfactory/providers/common/lib/
i.
From the master host, start the following
services:
> egosh user logon -u Admin -x Admin
> egosh service start MRSS WEBGUI HostFactory OpenIdClient
6.
Product
notifications
To receive
information about product solution and patch updates automatically, subscribe
to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM
Support website (http://support.ibm.com). You can edit your subscription
settings to choose the types of information you want to get notification about,
for example, security bulletins, fixes, troubleshooting, and product
enhancements or documentation changes.
7.
Copyright and trademark information
© Copyright IBM Corporation 2019
U.S. Government Users Restricted Rights - Use,
duplication or disclosure restricted by GSA ADP Schedule Contract with IBM
Corp.
IBM®, the IBM logo and ibm.com® are trademarks
of International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.