IBM Spectrum LSF Explorer V10.2.0 Fix 600885 Readme

 

Abstract

This fix resolves the log4j2 security issue CVE-2021-44228 and CVE-2021-45046.

Description

Readme documentation for IBM Spectrum LSF Explorer V10.2.0 Fix including installation-related instructions, prerequisites and co-requisites, and list of fixes.

This fix addresses the following issue:
The log4j2 utility has two security issues (CVE-2021-44228, CVE-2021-45046).

Readme file for: IBM Spectrum LSF Explorer
Product/Component Release: 10.2, 10.2.0.6, 10.2.0.7, 10.2.0.8, 10.2.0.9, 10.2.0.10, 10.2.0.11
Update Name: Fix 600885
Fix ID: explorer-10.2-build 600885
Publication date: Dec. 17 2021
Last modified date: Dec. 17 2021

Contents

1.           List of fixes

  1. Download location
  2. Product notifications
  3. Products or components affected
  4. System requirements
  5. Installation and configuration
  6. Uninstallation
  7. List of files
  8. Copyright and trademark information

1.    List of fixes

P111111

2.         Download location

Download from the following location: http://www.ibm.com/eserver/support/fixes/

3.         Product notifications:

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.

4.         Products or components affected

Explorer Server

5.         System requirements

·   N/A

6.    Installation and configuration

0.      6.1  Before installation

1.      Log on to the IBM Spectrum LSF Explorer server host as root.

2.      Set your IBM Spectrum LSF Explorer environment.
For csh or tcsh:
% source /opt/ibm/lsfsuite/ext/cshrc.platform
For sh, ksh, or bash:
$ . /opt/ibm/lsfsuite/ext/profile.platform

3.      Determine the location of your existing IBM Spectrum LSF Explorer installation.
#rpm -q --queryformat "%{INSTPREFIXES}\n" lsf-explorer-server

4.      Check and record the version and build number of your existing installation of IBM Spectrum LSF Explorer in case you need to roll back the fix.
pmcadmin -V

5.      Stop all IBM Spectrum LSF Explorer Server services.
pmcadmin stop

6.      Back up your existing installation.
For example:
#cp -rfp /opt/ibm /opt/ibm.bak

1.      6.2  Installation steps for IBM Spectrum LSF Explorer V10.2.0.

The following steps assume that IBM Spectrum LSF Explorer is installed in /opt/ibm.
Replace with your actual installation directory.
Note: This patch is only for LSF Explorer V10.2.0. If you are using other versions, you must first migrate to V10.2.0 before applying this Fix.

0.      Install the patch
find $PMC_TOP/../..  -name "log4j-core-*.jar" -exec zip -q -d  {} org/apache/logging/log4j/core/lookup/JndiLookup.class \;

1.      Start IBM Spectrum LSF Explorer Server services.
pmcadmin start

2.      (Only for Explorer version 10.2 to 10.2.0.9 ) Install patch for elasticsearch

systemctl restart elasticsearch-for-lsf

7.    Uninstallation

0.      7.1  Before uninstallation

Stop all IBM Spectrum LSF Explorer Server services:

pmcadmin stop

1.      7.2  Roll back the fix

The following steps assume that IBM Spectrum LSF Explorer is installed in the /opt/ibm directory.
Replace this with your actual installation directory.

0.      Delete jar files under directory $PMC_TOP/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/
rm -rf $PMC_TOP/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/log4j*

1.      Rollback the patch
cp /opt/ibm.bak/lsfsuite/ext/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/log4j* $PMC_TOP/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/

2.      Start IBM Spectrum LSF Explorer Server services.
pmcadmin start

3.      (Only for Explorer version 10.2 to 10.2.0.9 ) Rollback patch for elasticsearch
rm -rf $PMC_TOP/../../elastic/elasticsearch/lib/log4j*
cp /opt/ibm.bak/elastic/elasticsearch/lib/log4j* $PMC_TOP/../../elastic/elasticsearch/lib
systemctl restart elasticsearch-for-lsf

8.    List of files

$PMC_TOP/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/log4j-1.2-api-2.16.0.jar
$PMC_TOP/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/log4j-api-2.16.0.jar
$PMC_TOP/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/log4j-core-2.16.0.jar
$PMC_TOP/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/log4j-slf4j-impl-2.16.0.jar
$PMC_TOP/../../elastic/elasticsearch/lib/log4j-core-2.16.0.jar
$PMC_TOP/../../elastic/elasticsearch/lib/log4j-1.2-api-2.16.0.jar
$PMC_TOP/../../elastic/elasticsearch/lib/log4j-api-2.16.0.jar

9.         Copyright and trademark information

Copyright IBM Corporation 2021

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at http://www.ibm.com/legal/copytrade.shtml