Readme File for IBM® Spectrum Symphony 7.1.2 and IBM Spectrum Conductor with Spark 2.2.1 Interim Fix 535575
Readme File for: IBM Spectrum Symphony and IBM Spectrum Conductor with Spark
Product Release: 7.1.2 and 2.2.1
Update Name: Interim Fix 535575
Fix ID: sym-7.1.2-cws-2.2.1-build535575-jpmc
Publication Date: December 03, 2019
This interim fix provides the following security fixes for a cluster with IBM Spectrum Symphony 7.1.2 and IBM Spectrum Conductor with Spark 2.2.1 installed:
· Upgrades Jackson databind to version 2.10.1 to fix security vulnerabilities CVE-2017-15095, CVE-2018-7489, CVE-2018-11307, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2019-14379, CVE-2019-14540, and CVE-2019-16335;
· Upgrades ICU for Java to version 56.1 to fix security vulnerabilities CVE-2014-7923, CVE-2014-7926, CVE-2014-8146, CVE-2014-8147, CVE-2014-9654, CVE-2014-9911, and CVE-2015-5922;
· Removes XStream version 1.4.10 and stops the GPFSmonitor service from starting to prevent security vulnerabilities CVE-2013-7285 and CVE-2019-10173;
NOTE: CVE-2018-11776 does not impact Struts2 Core version 2.3.34 bundled in our product as interceptors and namespaces are defined.
Contents
1. List of fixes
2. Download location
3. Product and components affected
4. Installation and configuration
5. Uninstallation
6. List of files
7. Product notifications
8. Copyright and trademark information
1. List of fixes
APAR: P103340
2.
Download
location
Download interim fix 535575 from the following location: https://www.ibm.com/eserver/support/fixes/
3.
Product
and components affected
Component name, Platform, Fix ID:
PMC/REST/MRSS/PERF/GPFS/ASCD, Linux x86_64, sym-7.1.2-cws-2.2.1-build535575-jpmc
4.
Installation
and configuration
Follow the instructions in this section to download and install this interim fix in your cluster.
System requirements
Linux x86_64
Installation
a. Log on to the master host as the cluster administrator and stop the following services:
> egosh user logon -u Admin -x Admin
> egosh service stop plc purger ascd WEBGUI REST MRSS GPFSmonitor
b.
On each
host, move the following files to a backup directory (if it exists) for
recovery purposes:
> mkdir -p /tmp/bk/perf_cs_backup/
> mkdir -p /tmp/bk/perf_soam_backup/
> mkdir -p /tmp/bk/wlp_backup/
> mkdir -p /tmp/bk/hadoop-2.7.x/
> mkdir -p /tmp/bk/ascd_backup/
> mv $EGO_TOP/perf/cs/2.2.1/lib/jackson-core-2.*.jar
/tmp/bk/perf_cs_backup/
> mv $EGO_TOP/perf/soam/7.1.2/lib/jackson-core-2.*.jar /tmp/bk/perf_soam_backup/
> mv
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-annotations-2.*.jar
/tmp/bk/wlp_backup/
> mv
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-core-2.*.jar
/tmp/bk/wlp_backup/
> mv
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-databind-2.*.jar
/tmp/bk/wlp_backup/
> mv $EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-1.1.1/
/tmp/bk/
> mv $EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.0.4/
/tmp/bk/
> mv $EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.2.0/
/tmp/bk/
> mv $EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.4.x/
/tmp/bk/
> mv $EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.6.0
/tmp/bk/
> mv
$EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.*.jar
/tmp/bk/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.*.jar
/tmp/bk/hadoop-2.7.x/
> mv
$EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.*.jar
/tmp/bk/hadoop-2.7.x/
> mv $EGO_TOP/ascd/2.2.1/lib/jackson-core-2.*.jar
/tmp/bk/ascd_backup/
> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platform/WEB-INF/lib/xstream-1.4.10.jar
/tmp/bk/wlp_backup/
> mv
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.2/symgui/WEB-INF/lib/icu4j-51_2.jar
/tmp/bk/wlp_backup/
NOTES:
· To avoid compatibility issues, ensure that you move all old files to another directory altogether.
·
Remove other Hadoop folders under
the $EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/ directory but keep the hadoop-2.7.x directory as Hadoop 2.7.x APIs are supported.
c.
On each
host, download the sym-7.1.2.0-cws-2.2.1.0_x86_64-build535575.tar.gz package
and extract its contents to the $EGO_TOP directory:
> tar zxof sym-7.1.2.0-cws-2.2.1.0_x86_64-build535575.tar.gz -C $EGO_TOP
d.
On each
management host, delete all subdirectories and files in the GUI work directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
> rm -rf $EGO_TOP/kernel/rest/workarea/*
NOTE: If you changed the default configuration for the WLP_OUTPUT_DIR environment variable and the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
e.
Launch
your browser and clear the browser cache.
f.
Log on to
the master host as the cluster administrator, start the following services:
> egosh user logon -u Admin -x Admin
> egosh service start plc purger ascd WEBGUI REST MRSS
5.
Uninstallation
If
required, follow these steps to uninstall the upgraded .jar files in your cluster:
a.
Log on to
the master host as the cluster administrator and stop the following services:
> egosh user logon -u Admin -x Admin
> egosh service stop plc purger ascd WEBGUI REST MRSS
b.
On each
host, remove the following files that were introduced by this interim fix:
> rm -rf $EGO_TOP/perf/cs/2.2.1/lib/jackson-core-2.10.1.jar
> rm -rf $EGO_TOP/perf/soam/7.1.2/lib/jackson-core-2.10.1.jar
> rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-annotations-2.10.1.jar
> rm -rf $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-core-2.10.1.jar
> rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/jackson-databind-2.10.1.jar
> rm -rf
$EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.10.1.jar
> rm -rf
$EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.10.1.jar
> rm -rf
$EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.10.1.jar
> rm -rf $EGO_TOP/ascd/2.2.1/lib/jackson-core-2.10.1.jar
> rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.2/symgui/WEB-INF/lib/icu4j-56_1.jar
c. On each host, restore the following files from your backup:
> mv
/tmp/bk/hadoop-2.7.x/*.jar $EGO_TOP/soam/mapreduce/7.1.2/linux-x86_64/lib/hadoop-2.7.x/
> mv /tmp/bk/ascd_backup/*.jar $EGO_TOP/ascd/2.2.1/lib/
> mv /tmp/bk/perf_cs_backup/*.jar $EGO_TOP/perf/cs/2.2.1/lib/
> mv /tmp/bk/perf_soam_backup/*.jar $EGO_TOP/perf/soam/7.1.2/lib/
> mv /tmp/bk/wlp_backup/jackson*.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.6/platformv5/WEB-INF/lib/
> mv /tmp/bk/wlp_backup/icu4j-51_2.jar
$EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.2/symgui/WEB-INF/lib/
d.
On each
management host, delete all subdirectories and files in the GUI work
directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
> rm -rf $EGO_TOP/kernel/rest/workarea/*
NOTE: If you changed the default configuration for the WLP_OUTPUT_DIR environment variable and the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
e.
Launch
your browser and clear the browser cache.
f.
Log on to
the master host as the cluster administrator and start the following
services:
> egosh user logon -u Admin -x Admin
> egosh service start plc purger ascd WEBGUI REST MRSS
6.
List
of files
jackson-annotations-2.10.1.jar
jackson-annotations-2.10.1.jar
jackson-annotations-2.10.1.jar
icu4j-56_1.jar
7.
Product
notifications
To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.
8.
Copyright
and trademark information
© Copyright IBM Corporation 2019
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.