Readme File for IBM® Spectrum Symphony 7.3 Interim Fix 535377
Readme file for: IBM Spectrum Symphony
Product/Component Release: 7.3
Update Name: Interim Fix 535377
Fix ID: sym-7.3-build535377
Publication date: December 16, 2019
This readme file provides guidance on upgrading the Jackson databind, core, and annotations packages to version 2.10.1 in IBM Spectrum Symphony 7.3.0 in order to fix security vulnerabilities CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, and CVE-2019-17531.
Contents
1. List of fixes
2. Download location
3. Products or components affected
4. Installation and configuration
5. Uninstallation
6. List of files
7. Product notifications
8. Copyright and trademark information
1. List of fixes
APAR: P103344
2.
Download
location
Download interim fix 535377 from the following location: https://www.ibm.com/eserver/support/fixes/
3.
Products
or components affected
Component name, Platform, Fix ID:
HostFactory/MapReduce/GUI, Linux-x86_64, sym-7.3-build535377
4. Installation and configuration
Follow these steps to upgrade Jackson databind, core, and annotations .jar files in an IBM Spectrum Symphony 7.3 cluster:
a) Log on to the master host as the cluster administrator and stop the following services:
> egosh user logon -u Admin -x Admin
> egosh service stop MRSS WEBGUI REST HostFactory OpenIdClient
b)
On each
management and compute host in the cluster, download the following packages:
•
jackson-databind-2.10.1.jar (https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.10.1)
•
jackson-core-2.10.1.jar (https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.10.1)
•
jackson-annotations-2.10.1.jar (https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.10.1)
c) On each management host, move the following files to a backup directory for recovery purposes:
> mkdir -p /tmp/hadoop-2.7.x/
> mkdir -p /tmp/wlplib/
> mkdir -p /tmp/hflib/
> mkdir -p /tmp/guilib/
> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-databind-2.*.jar /tmp/wlplib/
> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-annotations-2.*.jar /tmp/wlplib/
> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-core-2.*.jar /tmp/wlplib/
> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-databind-2.*.jar /tmp/hflib/
> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-annotations-2.*.jar /tmp/hflib/
> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-core-2.*.jar /tmp/hflib/
> mv $EGO_TOP/gui/3.8/lib/jackson-databind-2.*.jar /tmp/guilib/
> mv $EGO_TOP/gui/3.8/lib/jackson-annotations-2.*.jar /tmp/guilib/
> mv $EGO_TOP/gui/3.8/lib/jackson-core-2.*.jar /tmp/guilib/
> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.*.jar /tmp/hadoop-2.7.x/
> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.*.jar /tmp/hadoop-2.7.x/
> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.*.jar /tmp/hadoop-2.7.x/
NOTE: To avoid compatibility issues, move all old files to another directory altogether.
d) On each management host, copy the following files to your cluster:
> cp -rf jackson-databind-2.10.1.jar $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf jackson-core-2.10.1.jar $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf jackson-annotations-2.10.1.jar $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf jackson-databind-2.10.1.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/
> cp -rf jackson-core-2.10.1.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/
> cp -rf jackson-annotations-2.10.1.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/
> cp -rf jackson-databind-2.10.1.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/
> cp -rf jackson-annotations-2.10.1.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/
> cp -rf jackson-core-2.10.1.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/
> cp -rf jackson-databind-2.10.1.jar $EGO_TOP/gui/3.8/lib/
> cp -rf jackson-annotations-2.10.1.jar $EGO_TOP/gui/3.8/lib/
> cp -rf jackson-core-2.10.1.jar $EGO_TOP/gui/3.8/lib/
e)
On each
management host, create a directory (for example, /symfixes) and download the soammgmt-7.3.0.0_noarch_build535377.tar.gz package to the directory.
f) Run the egoinstallfixes command to install the soammgmt-7.3.0.0_noarch_build535377.tar.gz package:
> egoinstallfixes /symfixes/soammgmt-7.3.0.0_noarch_build535377.tar.gz
g)
Run the pversions command to verify the installation:
> pversions -b 535377
IBM Spectrum soammgmt
7.3.0.0
-----------------------------
binary type: noarch, Dec 04
2019, Build 535377
installed: Dec 05 2019
notes:
fixes: P103344
files: /wlp/usr/servers/openid/SymOpenIdClient-7.3.0.0.war
h)
On each
management host, run the following commands to delete all subdirectories and
files:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
> rm -rf $EGO_TOP/kernel/rest/workarea/*
> rm -rf $EGO_TOP/soam/openid/workarea/*
NOTE: If you changed the default configuration for the WLP_OUTPUT_DIR environment variable and the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
i)
Launch
your browser and clear the browser cache.
j)
On each
compute host, move the following files to a backup directory for recovery
purposes:
> mkdir -p /tmp/hadoop-2.7.x/
> mkdir -p /tmp/hflib/
> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.*.jar /tmp/hadoop-2.7.x/
> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.*.jar /tmp/hadoop-2.7.x/
> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.*.jar /tmp/hadoop-2.7.x/
> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-databind-2.*.jar /tmp/hflib/
> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-annotations-2.*.jar /tmp/hflib/
> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-core-2.*.jar /tmp/hflib/
NOTE: To avoid compatibility issues, move all old files to another
directory altogether.
k)
On each
compute host, copy the following files to your cluster:
> cp -rf
jackson-databind-2.10.1.jar $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf jackson-core-2.10.1.jar
$EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf
jackson-annotations-2.10.1.jar $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/
> cp -rf
jackson-databind-2.10.1.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/
> cp -rf
jackson-annotations-2.10.1.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/
> cp -rf jackson-core-2.10.1.jar
$EGO_TOP/3.8/hostfactory/providers/common/lib/
l)
From the
master host, start the following services:
> egosh
user logon -u Admin -x Admin
> egosh
service start MRSS WEBGUI REST HostFactory OpenIdClient
5. Uninstallation
If required, follow these steps to uninstall the upgraded .jar files in an IBM Spectrum Symphony 7.3 cluster:
a) Log on to the master host as the cluster administrator and stop the following services:
> egosh user logon -u Admin -x Admin
> egosh service stop MRSS WEBGUI REST HostFactory OpenIdClient
b)
On each
management host, remove the following files that were introduced by this
interim fix:
> rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-databind-2.10.1.jar
> rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-core-2.10.1.jar
> rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-annotations-2.10.1.jar
> rm -rf
$EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-databind-2.10.1.jar
> rm -rf $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-core-2.10.1.jar
> rm -rf
$EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-annotations-2.10.1.jar
> rm -rf $EGO_TOP/gui/3.8/lib/jackson-databind-2.10.1.jar
> rm -rf $EGO_TOP/gui/3.8/lib/jackson-core-2.10.1.jar
> rm -rf $EGO_TOP/gui/3.8/lib/jackson-annotations-2.10.1.jar
> rm -rf
$EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.10.1.jar
> rm -rf
$EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.10.1.jar
> rm -rf $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.10.1.jar
c)
On each
compute host, remove the following files that were introduced by this interim
fix:
> rm -rf
$EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.10.1.jar
> rm -rf
$EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.10.1.jar
> rm -rf
$EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.10.1.jar
> rm -rf
$EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-databind-2.10.1.jar
> rm -rf
$EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-core-2.10.1.jar
> rm -rf
$EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-core-2.10.1.jar
d)
On each
management host, restore the following files from your backup:
> mv /tmp/hadoop-2.7.x/*.jar
$EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/
> mv /tmp/wlplib/*.jar
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/
> mv /tmp/hflib/*.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/
> mv /tmp/guilib/*.jar $EGO_TOP/gui/3.8/lib/
e)
On each
management host, run the egoinstallfixes command to
roll back this interim fix:
i. To uninstall with the build number, enter:
> egoinstallfixes -r 535377 --silent
ii. To uninstall by specifying the full path to the interim fix package, enter (for example):
> egoinstallfixes -r
/symfixes/soammgmt-7.3.0.0_noarch_build535377.tar.gz
f)
On each
management host, delete all subdirectories and files in the GUI work
directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
> rm -rf $EGO_TOP/kernel/rest/workarea/*
> rm -rf $EGO_TOP/soam/openid/workarea/*
NOTE: If you changed the default configuration for the WLP_OUTPUT_DIR environment variable and the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
g)
Launch
your browser and clear the browser cache.
h)
On each
compute host, restore the following files from your backup:
> mv /tmp/hadoop-2.7.x/*.jar
$EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/
> mv /tmp/hflib/*.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/
i)
From the
master host, start the following services:
> egosh user logon -u
Admin -x Admin
> egosh service start
MRSS WEBGUI REST HostFactory OpenIdClient
6.
List
of files
wlp/usr/servers/openid/SymOpenIdClient-7.3.0.0.war
7.
Product
notifications
To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.
8.
Copyright
and trademark information
© Copyright IBM Corporation 2019
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.