Readme File for IBM® Spectrum Symphony 7.3 Interim Fix 601113

Readme file for: IBM Spectrum Symphony
Product release: 7.3
Fix ID: sym-7.3-build601113

Publication date: May 27, 2022

 

This interim fix upgrades Spring Framework to version 5.2.20 to resolve security vulnerability CVE-2022-22965 for IBM Spectrum Symphony 7.3 on Linux.

 

Contents

1.      List of fixes

2.      Download location 

3.      Product or components affected

4.      Installation and configuration

5.      Uninstallation

6.      List of files

7.      Product notifications 

8.      Copyright and trademark information

1.     List of fixes

APAR: P104637

2.     Download location

Download interim fix 601113 from the following location: http://www.ibm.com/eserver/support/fixes/.

3.     Product or components affected

Component name, Platform, Fix ID:

PMC and HostFactory, Linux x86_64, sym-7.3-build601113

4.     Installation and configuration

Follow these instructions to download and install this interim fix on the hosts in your cluster.

System requirements

Linux x86_64

Installation

a.      Log on to the primary host as the cluster administrator and stop the WEBGUI and HostFactory services:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI HostFactory

b.      For recovery purposes, log on to each management host in your cluster as the cluster administrator and back up the following files then remove them:

cd $EGO_TOP/

tar -cvf backup_old_601113.tar gui/3.8/lib/spring-aop-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-beans-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-context-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-context-support-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-core-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-expression-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-jdbc-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-orm-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-test-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-tx-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-web-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar gui/3.8/lib/spring-webmvc-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar 3.8/hostfactory/providers/common/lib/spring-beans-5.1.7.RELEASE.jar

tar -uvf backup_old_601113.tar 3.8/hostfactory/providers/common/lib/spring-core-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-aop-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-beans-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-context-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-context-support-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-core-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-expression-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-jdbc-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-orm-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-test-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-tx-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-web-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/gui/3.8/lib/spring-webmvc-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/3.8/hostfactory/providers/common/lib/spring-beans-5.1.7.RELEASE.jar

rm -rf $EGO_TOP/3.8/hostfactory/providers/common/lib/spring-core-5.1.7.RELEASE.jar

c.       On each management host, create a directory (for example, /symfixes) and download the egocore-3.8.0.0_x86_64_build601113.tar.gz and egomgmt-3.8.0.0_noarch_build601113.tar.gz files to the directory.

d.      Run the egoinstallfixes command to install the egocore-3.8.0.0_x86_64_build601113.tar.gz and egomgmt-3.8.0.0_noarch_build601113.tar.gz files:

> egoinstallfixes /symfixes/egocore-3.8.0.0_x86_64_build601113.tar.gz

> egoinstallfixes /symfixes/egomgmt-3.8.0.0_noarch_build601113.tar.gz

Important: Running the egoinstallfixes command automatically backs up the current binary files to a fix backup directory.  For recovery purposes of the original file, do not delete this backup directory. For more information on using this command, see the egoinstallfixes command reference.

e.      Run the pversions command to verify the installation:

> pversions -b 601113

f.        Delete all subdirectories and files in the following directories:

> rm -rf $EGO_TOP/gui/work/*

> rm -rf $EGO_TOP/gui/workarea/*

g.      (Optional) If failover is enabled, you can delete all subdirectories and files in the following directory:

> rm -rf $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/*

h.      Clear your browser cache. 

i.        From the primary host, start the WEBGUI and HostFactory services:

> egosh service start WEBGUI HostFactory

> egosh user logon -u Admin -x Admin

5.     Uninstallation

If required, follow the instructions to uninstall this interim fix on the hosts in your cluster.

a.      Log on to the primary host as the cluster administrator and stop the WEBGUI and HostFactory services:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI HostFactory

b.      Log on to each management host in the cluster and roll back this interim fix:

> egoinstallfixes -r 601113

c.       Log on to each management host in your cluster as the cluster administrator and restore your backup for the following files:

cd $EGO_TOP

tar -xvf backup_old_601113.tar

d.      Delete all subdirectories and files in the following directories:

> rm -rf $EGO_TOP/gui/work/*

> rm -rf $EGO_TOP/gui/workarea/*

e.      (Optional) If failover is enabled, you can delete all subdirectories and files in the following directory:

> rm -rf $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/*

f.        Clear your browser cache. 

g.      From the primary host, start the WEBGUI and HostFactory services:

> egosh service start WEBGUI HostFactory

6.     List of files 

gui/3.8/lib/spring-orm-5.2.20.RELEASE.jar

gui/3.8/lib/spring-tx-5.2.20.RELEASE.jar

gui/3.8/lib/spring-web-5.2.20.RELEASE.jar

gui/3.8/lib/spring-aop-5.2.20.RELEASE.jar

gui/3.8/lib/spring-beans-5.2.20.RELEASE.jar

gui/3.8/lib/spring-context-5.2.20.RELEASE.jar

gui/3.8/lib/spring-context-support-5.2.20.RELEASE.jar

gui/3.8/lib/spring-core-5.2.20.RELEASE.jar

gui/3.8/lib/spring-expression-5.2.20.RELEASE.jar

gui/3.8/lib/spring-jdbc-5.2.20.RELEASE.jar

gui/3.8/lib/spring-test-5.2.20.RELEASE.jar

gui/3.8/lib/spring-webmvc-5.2.20.RELEASE.jar

3.8/hostfactory/providers/common/lib/spring-beans-5.2.20.RELEASE.jar

3.8/hostfactory/providers/common/lib/spring-core-5.2.20.RELEASE.jar

7.     Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes. 

8.     Copyright and trademark information 

© Copyright IBM Corporation 2022

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml