Readme File for IBM® Spectrum Symphony 7.3 Interim Fix 600508
Readme file for: IBM Spectrum Symphony
Product Release: 7.3
Update Name: Interim Fix 600508
Fix ID: sym-7.3-build600508
Publication date: June 23, 2021
This interim fix provides guidance to upgrading Apache
JSON Small and Fast Parser (json-smart) to version 2.4.7 and
Underscore to version 1.13.1 for use with IBM Spectrum Symphony, to address
security vulnerabilities CVE-2021-27568 and
CVE-2021-23358.
Contents
1. List of fixes
2. Download location
3. Product and components affected
4. Installation and configuration
5. Uninstallation
6. List of files
7. Product notifications
8. Copyright and trademark information
1. List of fixes
APAR: P104269
2. Download location
Download interim fix 600508 from the following location: http://www.ibm.com/eserver/support/fixes/
3. Product and components affected
Component name, Platform, Fix ID:
WEBGUI/HostFactory, Linux x86_64, sym-7.3-build600508
4. Installation and configuration
Follow the instructions in this section to download and install this interim fix to your cluster.
System requirements
· Linux x86_64
·
Your Linux host must
include the “ed” Linux line-oriented text editor.
Installation
a. Log on to the primary host as the cluster administrator and stop the WEBGUI and HostFactory services:
> egosh user logon -u Admin -x Admin
> egosh service stop WEBGUI HostFactory
b.
Log on to each management host
(or just one host if you are using a shared file system) in the cluster and
move the following files to a backup directory for recovery purposes, for
example:
> mkdir -p /tmp/json-smart_bk
> mkdir -p /tmp/underscore_bk_platform
> mkdir -p /tmp/underscore_bk_platformv5
> mv $EGO_TOP/3.8/hostfactory/providers/common/lib/json-smart-2.3.jar
/tmp/json-smart_bk
> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/*
/tmp/underscore_bk_platform
> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/*
/tmp/underscore_bk_platformv5
c.
On each management host
(or just one host if you are using a shared file system), download the egomgmt-3.8.0.0_noarch_build600508.tar.gz
and egocore-3.8.0.0_x86_64_build600508.tar.gz
packages to, for example, the /symfixes directory.
d.
On each management host
(or just one host if you are using a shared file system), run the egoinstallfixes command to install the egomgmt-3.8.0.0_noarch_build600508.tar.gz and egocore-3.8.0.0_x86_64_build600508.tar.gz
packages:
> egoinstallfixes /symfixes/egomgmt-3.8.0.0_noarch_build600508.tar.gz
> egoinstallfixes /symfixes/egocore-3.8.0.0_x86_64_build600508.tar.gz
Note: The egoinstallfixes command automatically backs up the current binary files to a fix backup directory for recovery purposes. Do not delete this backup directory; you will need it if you want to recover the original files. For more information on using this command, see the egoinstallfixes command reference.
e.
Delete all subdirectories
and files from the following directories:
> rm
-rf $EGO_TOP/gui/work/*
> rm
-rf $EGO_TOP/gui/workarea/*
Note: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
f.
Launch your browser and
clear the browser cache.
g.
Run the pversions command to verify the installation:
> pversions -b 600508
IBM
Spectrum egocore 3.8.0.0
----------------------------
binary type: linux-x86_64, Jun 17 2021, Build 600508
installed: Jun 18
2021
notes:
fixes: P104269
files: /3.8/hostfactory/providers/common/lib/json-smart-2.4.7.jar
IBM
Spectrum egomgmt 3.8.0.0
----------------------------
binary type: noarch,
Jun 17 2021, Build 600508
installed: Jun 18
2021
notes:
fixes: P104269
files:
/wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/bower.json
/wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/README.md
/wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/underscore.js
/wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/underscore-min.js
/wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/underscore-min.js.map
/wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/bower.json
/wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/README.md
/wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/underscore.js
/wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/underscore-min.js
/wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/underscore-min.js.map
h.
From the primary host,
start the WEBGUI and
HostFactory services:
> egosh service start WEBGUI HostFactory
5. Uninstallation
If required, follow the instructions in this section to uninstall this interim fix from your cluster:
a. Log on to the primary host as the cluster administrator and stop the WEBGUI and HostFactory services:
> egosh user logon -u Admin -x Admin
> egosh service stop WEBGUI HostFactory
b.
On each management host
(or just one host if you are using a shared file system), roll back this interim
fix:
> egoinstallfixes -r 600508
c.
On each management host
(or just one host if you are using a shared file system), restore the files
that you backed up during installation:
> mv /tmp/json-smart_bk/json-smart-2.3.jar $EGO_TOP/3.8/hostfactory/providers/common/lib/
> mv /tmp/underscore_bk_platform/*
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/
> mv /tmp/underscore_bk_platformv5/*
$EGO_TOP/wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/
d.
Delete all subdirectories
and files from the following directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
Note: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
e.
Launch your browser and
clear the browser cache.
f.
From the primary host,
start the WEBGUI and HostFactory services:
> egosh service start WEBGUI HostFactory
6. List of files
egomgmt-3.8.0.0_noarch_build600508.tar.gz
wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/bower.json
wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/README.md
wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/underscore.js
wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/underscore-min.js
wlp/usr/servers/gui/apps/ego/3.8/platform/bower_components/underscore/underscore-min.js.map
wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/bower.json
wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/README.md
wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/underscore.js
wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/underscore-min.js
wlp/usr/servers/gui/apps/ego/3.8/platformv5/bower_components/underscore/underscore-min.js.map
egocore-3.8.0.0_x86_64_build600508.tar.gz
3.8/hostfactory/providers/common/lib/json-smart-2.4.7.jar
7. Product notifications
To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.
8. Copyright and trademark information
© Copyright IBM Corporation 2021
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.