Readme File for IBM® Spectrum Symphony 7.3
Interim Fix 601113
Readme file for: IBM Spectrum Symphony
Product release: 7.3
Fix ID: sym-7.3-build601113
Publication date: May 27, 2022
This interim fix upgrades Spring Framework to version 5.2.20 to resolve security vulnerability CVE-2022-22965 for IBM Spectrum Symphony 7.3 on Linux.
1. List of fixes
2. Download location
3. Product or components affected
4. Installation and configuration
5. Uninstallation
6. List of files
7. Product notifications
8. Copyright and trademark information
APAR: P104637
Download interim
fix 601113 from the following location: http://www.ibm.com/eserver/support/fixes/.
Component
name, Platform, Fix ID:
PMC and
HostFactory, Linux x86_64, sym-7.3-build601113
Follow these instructions
to download and install this interim fix on the hosts in your cluster.
System
requirements
Linux
x86_64
Installation
a.
Log on to
the primary host as the cluster administrator and stop the WEBGUI and HostFactory services:
>
egosh user logon -u Admin -x Admin
> egosh service stop WEBGUI
HostFactory
b.
For recovery purposes,
log on to each management host in your cluster as the cluster administrator and
back up the following files then remove them:
cd $EGO_TOP/
tar -cvf backup_old_601113.tar gui/3.8/lib/spring-aop-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-beans-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-context-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-context-support-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-core-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-expression-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-jdbc-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-orm-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-test-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-tx-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-web-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar gui/3.8/lib/spring-webmvc-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar 3.8/hostfactory/providers/common/lib/spring-beans-5.1.7.RELEASE.jar
tar -uvf backup_old_601113.tar 3.8/hostfactory/providers/common/lib/spring-core-5.1.7.RELEASE.jar
rm -rf $EGO_TOP/gui/3.8/lib/spring-aop-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-beans-5.1.7.RELEASE.jar
rm -rf $EGO_TOP/gui/3.8/lib/spring-context-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-context-support-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-core-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-expression-5.1.7.RELEASE.jar
rm -rf $EGO_TOP/gui/3.8/lib/spring-jdbc-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-orm-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-test-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-tx-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-web-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/gui/3.8/lib/spring-webmvc-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/3.8/hostfactory/providers/common/lib/spring-beans-5.1.7.RELEASE.jar
rm -rf
$EGO_TOP/3.8/hostfactory/providers/common/lib/spring-core-5.1.7.RELEASE.jar
c.
On each
management host, create a directory (for example, /symfixes) and download the egocore-3.8.0.0_x86_64_build601113.tar.gz and egomgmt-3.8.0.0_noarch_build601113.tar.gz files to the directory.
d.
Run the egoinstallfixes command
to install the egocore-3.8.0.0_x86_64_build601113.tar.gz and egomgmt-3.8.0.0_noarch_build601113.tar.gz files:
>
egoinstallfixes /symfixes/egocore-3.8.0.0_x86_64_build601113.tar.gz
>
egoinstallfixes /symfixes/egomgmt-3.8.0.0_noarch_build601113.tar.gz
Important: Running the egoinstallfixes command automatically backs up the current binary
files to a fix backup directory. For recovery purposes of the original
file, do not delete this backup directory. For more information on using
this command, see the egoinstallfixes command reference.
e.
Run the pversions command to verify the installation:
>
pversions -b 601113
f.
Delete all subdirectories
and files in the following directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
g.
(Optional) If failover
is enabled, you can delete all subdirectories and files in the following
directory:
>
rm -rf $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/*
h.
Clear your
browser cache.
i.
From the primary
host, start the WEBGUI and HostFactory services:
> egosh service start WEBGUI HostFactory
>
egosh user logon -u Admin -x Admin
If
required, follow the instructions to uninstall this interim fix on the hosts in
your cluster.
a.
Log on to
the primary host as the cluster administrator and stop the WEBGUI and HostFactory services:
> egosh user logon -u Admin -x Admin
> egosh service stop WEBGUI HostFactory
b.
Log on to
each management host in the cluster and roll back this interim fix:
> egoinstallfixes -r 601113
c.
Log on to each management host
in your cluster as the cluster administrator and restore your backup for the
following files:
cd $EGO_TOP
tar -xvf backup_old_601113.tar
d.
Delete all
subdirectories and files in the following directories:
> rm -rf $EGO_TOP/gui/work/*
> rm -rf $EGO_TOP/gui/workarea/*
e.
(Optional) If failover is
enabled, you can delete all subdirectories and files in the following
directory:
>
rm -rf $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/*
f.
Clear your
browser cache.
g.
From the primary
host, start the WEBGUI and HostFactory services:
> egosh service start WEBGUI HostFactory
gui/3.8/lib/spring-orm-5.2.20.RELEASE.jar
gui/3.8/lib/spring-tx-5.2.20.RELEASE.jar
gui/3.8/lib/spring-web-5.2.20.RELEASE.jar
gui/3.8/lib/spring-aop-5.2.20.RELEASE.jar
gui/3.8/lib/spring-beans-5.2.20.RELEASE.jar
gui/3.8/lib/spring-context-5.2.20.RELEASE.jar
gui/3.8/lib/spring-context-support-5.2.20.RELEASE.jar
gui/3.8/lib/spring-core-5.2.20.RELEASE.jar
gui/3.8/lib/spring-expression-5.2.20.RELEASE.jar
gui/3.8/lib/spring-jdbc-5.2.20.RELEASE.jar
gui/3.8/lib/spring-test-5.2.20.RELEASE.jar
gui/3.8/lib/spring-webmvc-5.2.20.RELEASE.jar
3.8/hostfactory/providers/common/lib/spring-beans-5.2.20.RELEASE.jar
3.8/hostfactory/providers/common/lib/spring-core-5.2.20.RELEASE.jar
To
receive information about product solution and patch updates automatically,
subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of
information you want to get notification about, for example, security
bulletins, fixes, troubleshooting, and product enhancements or documentation
changes.
©
Copyright IBM Corporation 2022
U.S.
Government Users Restricted Rights - Use, duplication or disclosure restricted
by GSA ADP Schedule Contract with IBM Corp.
IBM®,
the IBM logo and ibm.com® are trademarks of International Business Machines Corp.,
registered in many jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml