Readme File for IBM® Spectrum Symphony 7.2.0.2 Interim Fix 600939
Readme File for: IBM Spectrum Symphony
Product Release: 7.2.0.2
Update Name: Interim Fix 600939
Fix ID: symmc-7.2.0.2-build600939
Publication Date: January 9, 2022
This interim fix upgrades log4j 2.x to version 2.17.1 to resolve security vulnerability issues CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, and CVE-2021-45105 for IBM Spectrum Symphony 7.2.0.2 on Linux with the multicluster feature.
Contents
1. List of fixes
2. Download location
3. Product and components affected
4. Installation and configuration
5. Uninstallation
6. List of files
7. Product notifications
8. Copyright and trademark information
1. List of fixes
APAR: P104509
2. Download location
Download interim fix 600939 from the following location: https://www.ibm.com/eserver/support/fixes/
3. Product and components affected
Component name, Platform, Fix ID:
GUI, KC, Linux x86_64, symmc-7.2.0.2-build600939
4. Installation and configuration
Follow the instructions in this section to download and install this interim fix to your cluster.
System requirements
Linux x86_64
Installation
a. Log on to the primary host in the cluster as the cluster administrator and stop the WEBGUI service:
> egosh user logon -u Admin -x Admin
>
egosh service stop WEBGUI
b. For
recovery purposes, log on to each management host in your cluster as the
cluster administrator and back up the following file:
cd
$EGO_TOP/
tar
-cvf backup_old_600939.tar
wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-core-2.3.jar
tar
-uvf backup_old_600939.tar
wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-slf4j-impl-2.3.jar
tar
-uvf backup_old_600939.tar
wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-1.2-api-2.3.jar
tar
-uvf backup_old_600939.tar
wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-api-2.3.jar
c. Remove
the old log4j 2.x jar files:
rm
-rf $EGO_TOP/wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-core-2.*.jar
rm
-rf
$EGO_TOP/wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-slf4j-impl-2.*.jar
rm
-rf
$EGO_TOP/wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-1.2-api-2.*.jar
rm -rf
$EGO_TOP/wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-api-2.*.jar
d. Download the symmc-7.2.0.2_x86_64_build600939.tar.gz package and install the fix:
>
tar zxfo symmc-7.2.0.2_x86_64_build600939.tar.gz -C $EGO_TOP/
e. Delete all subdirectories and files from the following directory:
>
rm -rf $EGO_TOP/gui/workarea/*
f. Clear your browser cache.
g. From the primary host, start the WEBGUI
service:
>
egosh service start WEBGUI
5. Uninstallation
If required, follow the instructions in this section to uninstall this interim fix from your cluster.
a. Log on to the primary host in the cluster as the cluster administrator and stop the WEBGUI service:
> egosh user logon -u Admin -x Admin
>
egosh service stop WEBGUI
b. Remove the installed fix.
rm
-rf
$EGO_TOP/wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-core-2.*.jar
rm
-rf
$EGO_TOP/wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-slf4j-impl-2.*.jar
rm
-rf $EGO_TOP/wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-1.2-api-2.*.jar
rm
-rf $EGO_TOP/wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-api-2.*.jar
c. Log on to each management host in your cluster as the cluster administrator and restore your backup for the following file:
cd
$EGO_TOP
tar
-xvf backup_old_600939.tar
d. Delete all subdirectories and files from the following directory:
> rm -rf $EGO_TOP/gui/workarea/*
e. Clear your browser cache.
f. From the primary host, start the WEBGUI service:
>
egosh service start WEBGUI
6. List of files
wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-1.2-api-2.17.1.jar
wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-api-2.17.1.jar
wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-core-2.17.1.jar
wlp/usr/servers/gui/apps/kc/1.5.1/kc/WEB-INF/lib/log4j-slf4j-impl-2.17.1.jar
7. Product notification
To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.
8. Copyright and trademark information
© Copyright IBM Corporation 2022
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo, and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.