Readme File for IBM^® Spectrum Symphony 7.3 Interim Fix 600222

Readme file for: IBM Spectrum Symphony

Product Release: 7.3

Update Name: Interim Fix 600222

Fix ID: sym-7.3-build600222

Publication date: March 5, 2021

This interim fix provides instructions on upgrading the Jackson databind, core, and annotations packages to 2.12.1 in IBM Spectrum Symphony 7.3 to fix security vulnerability CVE-2020-25649.

Contents

1. List of fixes

2. Download location

3. Product and components affected

4. Installation and configuration

5. Uninstallation

6. List of files

7. Product notifications

8. Copyright and trademark information

 

1.     List of fixes

APAR: P104106

2.     Download location

Download interim fix 600222 from the following location: http://www.ibm.com/eserver/support/fixes/

3.     Product and components affected

Component name, Platform, Fix ID:

HostFactory/WEBGUI/PERF/OpenIdClient/MapReduce, Linux x86_64, sym-7.3-build600222

4.     Installation and configuration

Follow the instructions in this section to download and install this interim fix to your cluster.

System requirements

•  Linux x86_64

•  Your Linux host must include the “ed” Linux line-oriented text editor.

Installation

a.       Log on to the primary host as the cluster administrator and stop the following services:

> source profile.platform

> egosh user logon -u Admin -x Admin

> egosh service stop MRSS WEBGUI REST HostFactory OpenIdClient

b.       Log on to each management host (or just one host if you are using a shared file system) in the cluster and move the following files to a backup directory for recovery purposes, for example:

> mkdir -p /tmp/jackson_bk_mr

> mkdir -p /tmp/jackson_bk_hf

> mkdir -p /tmp/jackson_bk_wlp

> mkdir -p /tmp/jackson_bk_gui

> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.*.jar /tmp/jackson_bk_mr

> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.*.jar /tmp/jackson_bk_mr

> mv $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.*.jar /tmp/jackson_bk_mr

> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-databind-2.*.jar /tmp/jackson_bk_hf

> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-core-2.*.jar /tmp/jackson_bk_hf

> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/jackson-annotations-2.*.jar /tmp/jackson_bk_hf

> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-databind-2.*.jar /tmp/jackson_bk_wlp

> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-core-2.*.jar /tmp/jackson_bk_wlp

> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-annotations-2.*.jar /tmp/jackson_bk_wlp

> mv $EGO_TOP/gui/3.8/lib/jackson-databind-2.*.jar /tmp/jackson_bk_gui

> mv $EGO_TOP/gui/3.8/lib/jackson-core-2.*.jar /tmp/jackson_bk_gui

> mv $EGO_TOP/gui/3.8/lib/jackson-annotations-2.*.jar /tmp/jackson_bk_gui

c.        On each management host (or just one host if you are using a shared file system), download the following packages to, for example, the /symfixes directory.

ž   soammrcore-7.3.0.0_x86_64_build600222.tar.gz

ž   egocore-3.8.0.0_x86_64_build600222.tar.gz

ž   egomgmt-3.8.0.0_noarch_build600222.tar.gz

ž   soammgmt-7.3.0.0_noarch_build600222.tar.gz

d.       On each management host (or just one host if you are using a shared file system), run the egoinstallfixes command to install the following packages. For example:

> egoinstallfixes /symfixes/soammrcore-7.3.0.0_x86_64_build600222.tar.gz

> egoinstallfixes /symfixes/egocore-3.8.0.0_x86_64_build600222.tar.gz

> egoinstallfixes /symfixes/egomgmt-3.8.0.0_noarch_build600222.tar.gz

> egoinstallfixes /symfixes/soammgmt-7.3.0.0_noarch_build600222.tar.gz

Note: The egoinstallfixes command automatically backs up the current binary files to a fix backup directory for recovery purposes. Do not delete this backup directory; you will need it if you want to recover the original files. For more information on using this command, see the egoinstallfixes command reference.

e.       Delete all subdirectories and files in the following directories:

> rm -rf $EGO_TOP/gui/work/*

> rm -rf $EGO_TOP/gui/workarea/*

> rm -rf $EGO_TOP/kernel/rest/workarea/*

> rm -rf $EGO_TOP/soam/openid/workarea/*

Note: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.

f.         Launch your browser and clear the browser cache.

g.       Run the pversions command to verify the installation:

> pversions -b 600222

IBM Spectrum egocore 3.8.0.0

----------------------------

  binary type: linux-x86_64, Feb 28 2021, Build 600222

  installed: Mar 03 2021

  notes:

  fixes: P104106

  files: /3.8/hostfactory/providers/common/lib/jackson-databind-2.12.1.jar

         /3.8/hostfactory/providers/common/lib/jackson-core-2.12.1.jar

         /3.8/hostfactory/providers/common/lib/jackson-annotations-2.12.1.jar

 

IBM Spectrum egomgmt 3.8.0.0

----------------------------

  binary type: noarch, Feb 28 2021, Build 600222

  installed: Mar 03 2021

  notes:

  fixes: P104106

  files: /wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-databind-2.12.1.jar

         /wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-core-2.12.1.jar

         /wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-annotations-2.12.1.jar

         /gui/3.8/lib/jackson-databind-2.12.1.jar

         /gui/3.8/lib/jackson-core-2.12.1.jar

         /gui/3.8/lib/jackson-annotations-2.12.1.jar

 

IBM Spectrum soammgmt 7.3.0.0

-----------------------------

  binary type: noarch, Feb 28 2021, Build 600222

  installed: Mar 03 2021

  notes:

  fixes: P104106

  files: /wlp/usr/servers/openid/SymOpenIdClient-7.3.0.0.war

 

IBM Spectrum soammrcore 7.3.0.0

-------------------------------

  binary type: linux-x86_64, Feb 28 2021, Build 600222

  installed: Mar 03 2021

  notes:

  fixes: P104106

  files: /soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.12.1.jar

         /soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.12.1.jar

         /soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.12.1.jar

h.       From the primary host, start the following services:

> source profile.platform

> egosh service start MRSS WEBGUI REST HostFactory OpenIdClient

5.     Uninstallation

If required, follow the instructions in this section to uninstall this interim fix from your cluster:

a.       Log on to the primary host as the cluster administrator and stop the following services:

> source profile.platform

> egosh user logon -u Admin -x Admin

> egosh service stop MRSS WEBGUI REST HostFactory OpenIdClient

b.       On each management host (or just one host if you are using a shared file system), roll back this interim fix:

> egoinstallfixes -r 600222

c.        On each management host (or just one host if you are using a shared file system), restore the files that you backed up during installation:

> mv /tmp/jackson_bk_mr/jackson-databind-2.*.jar $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/

> mv /tmp/jackson_bk_mr/jackson-core-2.*.jar $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/

> mv /tmp/jackson_bk_mr/jackson-annotations-2.*.jar $EGO_TOP/soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/

> mv /tmp/jackson_bk_hf/jackson-databind-2.*.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/

> mv /tmp/jackson_bk_hf/jackson-core-2.*.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/

> mv /tmp/jackson_bk_hf/jackson-annotations-2.*.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/

> mv /tmp/jackson_bk_wlp/jackson-databind-2.*.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/

> mv /tmp/jackson_bk_wlp/jackson-core-2.*.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/

> mv /tmp/jackson_bk_wlp/jackson-annotations-2.*.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/

> mv /tmp/jackson_bk_gui/jackson-databind-2.*.jar $EGO_TOP/gui/3.8/lib/

> mv /tmp/jackson_bk_gui/jackson-core-2.*.jar $EGO_TOP/gui/3.8/lib/

> mv /tmp/jackson_bk_gui/jackson-annotations-2.*.jar $EGO_TOP/gui/3.8/lib/

d.       Delete all subdirectories and files in the following directories:

> rm -rf $EGO_TOP/gui/work/*

> rm -rf $EGO_TOP/gui/workarea/*

> rm -rf $EGO_TOP/kernel/rest/workarea/*

> rm -rf $EGO_TOP/soam/openid/workarea/*

Note: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.

e.       Launch your browser and clear the browser cache.

f.         From the primary host, start the following services:

> source profile.platform

> egosh service start MRSS WEBGUI REST HostFactory OpenIdClient

6.     List of files

5878f345d1084c6974762fdda88c1e74 egocore-3.8.0.0_x86_64_build600222.tar.gz

1925b6e2feac7e63e164f57e6fb42c9d 3.8/hostfactory/providers/common/lib/jackson-databind-2.12.1.jar

6a65df7a5e62df2754726857b4ab0257 3.8/hostfactory/providers/common/lib/jackson-core-2.12.1.jar

ac96cb6fdf09ba1e2c41f461047f1eb4 3.8/hostfactory/providers/common/lib/jackson-annotations-2.12.1.jar

a573f5987cd2ab022dfcd78bc458e23f egomgmt-3.8.0.0_noarch_build600222.tar.gz

1925b6e2feac7e63e164f57e6fb42c9d gui/3.8/lib/jackson-databind-2.12.1.jar

6a65df7a5e62df2754726857b4ab0257 gui/3.8/lib/jackson-core-2.12.1.jar

ac96cb6fdf09ba1e2c41f461047f1eb4 gui/3.8/lib/jackson-annotations-2.12.1.jar

1925b6e2feac7e63e164f57e6fb42c9d wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-databind-2.12.1.jar

6a65df7a5e62df2754726857b4ab0257 wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-core-2.12.1.jar

ac96cb6fdf09ba1e2c41f461047f1eb4 wlp/usr/servers/gui/apps/ego/3.8/platformv5/WEB-INF/lib/jackson-annotations-2.12.1.jar

7a883388e13f3e41fa45eb3985b1244b soammgmt-7.3.0.0_noarch_build600222.tar.gz

03108ed1fcebdd1afde1cde0274d032a wlp/usr/servers/openid/SymOpenIdClient-7.3.0.0.war

954c57eed26339f70d6f120ff36b5006 soammrcore-7.3.0.0_x86_64_build600222.tar.gz

1925b6e2feac7e63e164f57e6fb42c9d soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-databind-2.12.1.jar

6a65df7a5e62df2754726857b4ab0257 soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-core-2.12.1.jar

ac96cb6fdf09ba1e2c41f461047f1eb4 soam/mapreduce/7.3/linux-x86_64/lib/hadoop-2.7.x/jackson-annotations-2.12.1.jar

7.     Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.

8.     Copyright and trademark information

© Copyright IBM Corporation 2021

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.