Readme File for IBM^® Platform Symphony 7.1 Fix Pack 1 Interim Fix 535372

Readme file for: Platform Symphony

Product/Component Release: 7.1 Fix Pack 1

Update Name: Interim Fix 535372

Fix ID: sym-7.1-build535372

Publication date: December 16, 2019

This readme file provides guidance on upgrading the Jackson databind, core, and annotations packages to version 2.10.1 in Platform Symphony 7.1 Fix Pack 1 in order to fix security vulnerabilities CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, and CVE-2019-17531.

Contents

1.   List of fixes

2.  Download location 

3.   Products or components affected

4.   Installation and configuration

5.  Uninstallation

6.   Product notifications

7. Copyright and trademark information

1.   List of fixes

APAR: P103344

2.   Download location

Download interim fix 535372 from the following location: https://www.ibm.com/eserver/support/fixes/

3.   Products or components affected

Component name, Platform, Fix ID:

MapReduce, linux2.6-glibc2.3-x86_64, sym-7.1-build535372

4.   Installation and configuration

Follow these steps to upgrade Jackson databind, core, and annotations .jar files in a Platform Symphony 7.1 Fix Pack 1 cluster:

a.      Log on to the master host as the cluster administrator and stop the MRSS service:

> egosh user logon -u Admin -x Admin   

> egosh service stop MRSS

b.     On each management and compute host in the cluster, download the following packages:

•     jackson-databind-2.10.1.jar (https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.10.1)

•     jackson-core-2.10.1.jar (https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.10.1)

•     jackson-annotations-2.10.1.jar (https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.10.1)

c.      Move the following files to a backup directory for recovery purposes: 

> mkdir -p /tmp/mrbackup/

> mv $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-annotations-2.2.3.jar /tmp/mrbackup/

> mv $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-core-2.2.3.jar /tmp/mrbackup/

> mv $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-databind-2.2.3.jar /tmp/mrbackup/

NOTE: To avoid compatibility issues, ensure that you move all old files to another directory altogether.

d.      On each management and compute host, copy the following files to your cluster directory:

> cp -rf jackson-databind-2.10.1.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/

> cp -rf jackson-core-2.10.1.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/

> cp -rf jackson-annotations-2.10.1.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/

e.      From the master host, start the MRSS service:

> egosh user logon -u Admin -x Admin

> egosh service start MRSS

5.   Uninstallation 

If required, follow these steps to uninstall the upgraded .jar files in a Platform Symphony 7.1 Fix Pack 1 cluster:

a.      Log on to the master host as the cluster administrator and stop the MRSS service:

> egosh user logon -u Admin -x Admin

> egosh service stop MRSS

b.      Delete the following files that were introduced by this interim fix:

> rm -rf $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-databind-2.10.1.jar

> rm -rf $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-core-2.10.1.jar

> rm -rf $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/jackson-annotations-2.10.1.jar

c.      On each management and compute host, restore the files that you backed during installation:

> mv /tmp/mrbackup/*.jar $EGO_TOP/soam/mapreduce/7.1/linux2.6-glibc2.3-x86_64/lib/hadoop-2.6.0/

d.      From the master host, start the MRSS service:

> egosh user logon -u Admin -x Admin

> egosh service start MRSS

6.   Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes. 

7.   Copyright and trademark information

© Copyright IBM Corporation 2019

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM_, the IBM logo and ibm.com_ are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.