Interim Fix 600219 for IBM Spectrum Symphony 7.3.1

Readme File for IBM^® Spectrum Symphony 7.3.1 Interim Fix 600219

Readme file for: IBM Spectrum Symphony

Product Release: 7.3.1

Update Name: Interim Fix 600219

Fix ID: sym-7.3.1-build600219

Publication date: March 5, 2021

This interim fix provides instructions on upgrading the Jackson databind, core, and annotations packages to 2.12.1 in IBM Spectrum Symphony 7.3.1 to fix security vulnerability CVE-2020-25649.

Contents

1. List of fixes

2. Download location

3. Product and components affected

4. Installation and configuration

5. Uninstallation

6. List of files

7. Product notifications

8. Copyright and trademark information

1. List of fixes

APAR: P104101

2. Download location

Download interim fix 600219 from the following location: http://www.ibm.com/eserver/support/fixes/

3. Product and components affected

Component name, Platform, Fix ID:

HOSTFACTORY/WEBGUI/REST/OpenIdClient, Linux x86_64, sym-7.3.1-build600219

4. Installation and configuration

Follow the instructions in this section to download and install this interim fix to your cluster.

System requirements

Linux x86_64

Your Linux host must include the “ed” Linux line-oriented text editor.

Installation

a. Log on to the primary host as the cluster administrator and stop the following services:

> source profile.platform

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI REST HostFactory OpenIdClient

b. Log on to each management host (or just one host if you are using a shared file system) in the cluster and move the following files to a backup directory for recovery purposes, for example:

> mkdir -p /tmp/jackson_bk_hf

> mkdir -p /tmp/jackson_bk_gui

> mkdir -p /tmp/jackson_bk_wlp

> mv $EGO_TOP/hostfactory/1.1/providerplugins/common/lib/jackson-annotations-2.*.jar /tmp/jackson_bk_hf

> mv $EGO_TOP/hostfactory/1.1/providerplugins/common/lib/jackson-databind-2.*.jar /tmp/jackson_bk_hf

> mv $EGO_TOP/hostfactory/1.1/providerplugins/common/lib/jackson-core-2.*.jar /tmp/jackson_bk_hf

> mv $EGO_TOP/gui/3.9/lib/jackson-annotations-2.*.jar /tmp/jackson_bk_gui

> mv $EGO_TOP/gui/3.9/lib/jackson-databind-2.*.jar /tmp/jackson_bk_gui

> mv $EGO_TOP/gui/3.9/lib/jackson-core-2.*.jar /tmp/jackson_bk_gui

> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-annotations-2.*.jar /tmp/jackson_bk_wlp

> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-databind-2.*.jar /tmp/jackson_bk_wlp

> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-core-2.*.jar /tmp/jackson_bk_wlp

c. On each management host (or just one host if you are using a shared file system), download the egomgmt-3.9.0.0_noarch_build600219.tar.gz and soammgmt-7.3.1.0_noarch_build600219.tar.gz packages to, for example, the /symfixes directory.

d. On each management host (or just one host if you are using a shared file system), run the egoinstallfixes command to install the egomgmt-3.9.0.0_noarch_build600219.tar.gz and soammgmt-7.3.1.0_noarch_build600219.tar.gz packages:

> egoinstallfixes /symfixes/egomgmt-3.9.0.0_noarch_build600219.tar.gz

> egoinstallfixes /symfixes/soammgmt-7.3.1.0_noarch_build600219.tar.gz

Note: The egoinstallfixes command automatically backs up the current binary files to a fix backup directory for recovery purposes. Do not delete this backup directory; you will need it if you want to recover the original files. For more information on using this command, see the egoinstallfixes command reference.

e. Delete all subdirectories and files in the following directories:

> rm -rf $EGO_TOP/gui/work/*

> rm -rf $EGO_TOP/gui/workarea/*

> rm -rf $EGO_TOP/kernel/rest/workarea/*

> rm -rf $EGO_TOP/soam/openid/workarea/*

Note: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.

f. Launch your browser and clear the browser cache.

g. Run the pversions command to verify the installation:

> pversions -b 600219

IBM Spectrum egomgmt 3.9.0.0

----------------------------

binary type: noarch, Feb 25 2021, Build 600219

installed: Mar 02 2021

notes:

fixes: P104101

files: /hostfactory/1.1/providerplugins/common/lib/jackson-annotations-2.12.1.jar

/hostfactory/1.1/providerplugins/common/lib/jackson-databind-2.12.1.jar

/hostfactory/1.1/providerplugins/common/lib/jackson-core-2.12.1.jar

/gui/3.9/lib/jackson-annotations-2.12.1.jar

/gui/3.9/lib/jackson-databind-2.12.1.jar

/gui/3.9/lib/jackson-core-2.12.1.jar

/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-annotations-2.12.1.jar

/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-databind-2.12.1.jar

/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-core-2.12.1.jar

IBM Spectrum soammgmt 7.3.1.0

-----------------------------

binary type: noarch, Feb 25 2021, Build 600219

installed: Mar 02 2021

notes:

fixes: P104101

files: /wlp/usr/servers/openid/SymOpenIdClient-7.3.1.0.war

h. From the primary host, start the following services:

> source profile.platform

> egosh service start WEBGUI REST HostFactory OpenIdClient

5. Uninstallation

If required, follow the instructions in this section to uninstall this interim fix from your cluster:

a. Log on to the primary host as the cluster administrator and stop the following services:

> source profile.platform

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI REST HostFactory OpenIdClient

b. On each management host (or just one host if you are using a shared file system), roll back this interim fix:

> egoinstallfixes -r 600219

c. On each management host (or just one host if you are using a shared file system), restore the files that you backed up during installation:

> mv /tmp/jackson_bk_hf/jackson-annotations-2.*.jar $EGO_TOP/hostfactory/1.1/providerplugins/common/lib/

> mv /tmp/jackson_bk_hf/jackson-databind-2.*.jar $EGO_TOP/hostfactory/1.1/providerplugins/common/lib/

> mv /tmp/jackson_bk_hf/jackson-core-2.*.jar $EGO_TOP/hostfactory/1.1/providerplugins/common/lib/

> mv /tmp/jackson_bk_gui/jackson-annotations-2.*.jar $EGO_TOP/gui/3.9/lib/

> mv /tmp/jackson_bk_gui/jackson-databind-2.*.jar $EGO_TOP/gui/3.9/lib/

> mv /tmp/jackson_bk_gui/jackson-core-2.*.jar $EGO_TOP/gui/3.9/lib/

> mv /tmp/jackson_bk_wlp/jackson-annotations-2.*.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/

> mv /tmp/jackson_bk_wlp/jackson-databind-2.*.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/

> mv /tmp/jackson_bk_wlp/jackson-core-2.*.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/

d. Delete all subdirectories and files in the following directories:

> rm -rf $EGO_TOP/gui/work/*

> rm -rf $EGO_TOP/gui/workarea/*

> rm -rf $EGO_TOP/kernel/rest/workarea/*

> rm -rf $EGO_TOP/soam/openid/workarea/*

e. Launch your browser and clear the browser cache.

f. From the primary host, start the following services:

> source profile.platform

> egosh service start WEBGUI REST HostFactory OpenIdClient

6. List of files

6ffc9906221ca05e67a7ea765ece34e7 egomgmt-3.9.0.0_noarch_build600219.tar.gz

ac96cb6fdf09ba1e2c41f461047f1eb4 hostfactory/1.1/providerplugins/common/lib/jackson-annotations-2.12.1.jar

1925b6e2feac7e63e164f57e6fb42c9d hostfactory/1.1/providerplugins/common/lib/jackson-databind-2.12.1.jar

6a65df7a5e62df2754726857b4ab0257 hostfactory/1.1/providerplugins/common/lib/jackson-core-2.12.1.jar

ac96cb6fdf09ba1e2c41f461047f1eb4 gui/3.9/lib/jackson-annotations-2.12.1.jar

1925b6e2feac7e63e164f57e6fb42c9d gui/3.9/lib/jackson-databind-2.12.1.jar

6a65df7a5e62df2754726857b4ab0257 gui/3.9/lib/jackson-core-2.12.1.jar

ac96cb6fdf09ba1e2c41f461047f1eb4 wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-annotations-2.12.1.jar

1925b6e2feac7e63e164f57e6fb42c9d wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-databind-2.12.1.jar

6a65df7a5e62df2754726857b4ab0257 wlp/usr/servers/gui/apps/ego/3.9/platformv5/WEB-INF/lib/jackson-core-2.12.1.jar

8702577daa6045a80514d588f72f8b19 soammgmt-7.3.1.0_noarch_build600219.tar.gz

609974aeaa5ee669ac7ba00fd4ce1ad9 wlp/usr/servers/openid/SymOpenIdClient-7.3.1.0.war

7. Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.

8. Copyright and trademark information

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.