Readme File for IBM® Spectrum Symphony Developer Edition 7.2.1 Interim Fix 537396

Readme file for: IBM Spectrum Symphony Developer Edition

Product/Component Release: 7.2.1

Update Name: Interim Fix 537396

Fix ID: sym-7.2.1-build537396-welfg

Publication date: January 08, 2020

This readme file provides guidance on upgrading the Jackson databind, core, and annotations packages to version 2.10.1 in IBM Spectrum Symphony Developer Edition 7.2.1, to fix security vulnerabilities CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, and CVE-2019-17531.

Contents

1.   List of fixes

2.  Download location 

3.   Products or components affected

4.   Installation and configuration

5.  Uninstallation

6.  List of files

7.   Product notifications

8.   Copyright and trademark information

 

1.    List of fixes

APAR: P103376

2.    Download location

Download interim fix 537396 from the following location: https://www.ibm.com/eserver/support/fixes/

3.    Products or components affected

Component name, Platform, Fix ID:

CloudProxyClient/MapReduce, Linux-x86_64, sym-7.2.1-build537396-welfg

4.    Installation and configuration

Follow these steps to upgrade the Jackson databind, core, and annotations .jar files in your IBM Spectrum Symphony Developer Edition 7.2.1 cluster:

a)      Disable all applications and shut down the IBM Spectrum Symphony Developer Edition cluster:

> soamcontrol app disable all

> soamshutdown

b)      On each host in the cluster, download the following packages: 

·        jackson-databind-2.10.1.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-databind/2.10.1/)

·        jackson-core-2.10.1.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.10.1/)

·        jackson-annotations-2.10.1.jar (http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-annotations/2.10.1/)

c)       Move the following files to a backup directory for recovery purposes: 

> mkdir -p /tmp/hadoop-2.7.x/

> mkdir -p /tmp/CloudProxyClient/

> mv $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/jackson-annotations-2.*.jar /tmp/CloudProxyClient/

> mv $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/jackson-core-2.*.jar /tmp/CloudProxyClient/

> mv $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/jackson-databind-2.*.jar /tmp/CloudProxyClient/

> mv $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.*.jar /tmp/hadoop-2.7.x/

> mv $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.*.jar /tmp/hadoop-2.7.x/

> mv $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.*.jar /tmp/hadoop-2.7.x/

Note: To avoid compatibility issues, move all old files to an entirely different directory.

d)      Copy the following files to your cluster:

> cp -rf jackson-databind-2.10.1.jar $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/

> cp -rf jackson-core-2.10.1.jar $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/

> cp -rf jackson-annotations-2.10.1.jar $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/

> cp -rf jackson-databind-2.10.1.jar $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/

> cp -rf jackson-core-2.10.1.jar $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/

> cp -rf jackson-annotations-2.10.1.jar $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/

e)      Start the IBM Spectrum Symphony Developer Edition cluster and enable your applications:

> soamstartup &

> soamcontrol app enable App_Name

5.    Uninstallation 

If required, follow these steps to uninstall the upgraded .jar files from the IBM Spectrum Symphony Developer Edition 7.2.1 cluster:

a)      Disable all applications and shut down the IBM Spectrum Symphony Developer Edition cluster:

> soamcontrol app disable all

> soamshutdown

b)      On each host in the cluster, remove the following files that were introduced by this interim fix:

> rm -rf $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/jackson-databind-2.10.1.jar

> rm -rf $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/jackson-core-2.10.1.jar

> rm -rf $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/jackson-annotations-2.10.1.jar

> rm -rf $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.10.1.jar

> rm -rf $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.10.1.jar

> rm -rf $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.10.1.jar

c)       On each host in the cluster, restore the following files from your backup:

> mv /tmp/hadoop-2.7.x/*.jar $SOAM_HOME/mapreduce/7.2.1/linux-x86_64/lib/hadoop-2.7.x/

> mv /tmp/CloudProxyClient/*.jar $SOAM_HOME/7.2.1/samples/Java/CloudProxyClient/lib/

d)      Start the IBM Spectrum Symphony Developer Edition cluster and enable your applications:

> soamstartup &

> soamcontrol app enable App_Name

6.    List of files

jackson-databind-2.10.1.jar

jackson-core-2.10.1.jar

jackson-annotations-2.10.1.jar

7.    Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes. 

8.    Copyright and trademark information

© Copyright IBM Corporation 2020

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.