Readme File for IBM® Spectrum
Symphony 7.3.2 Fix 601860
Readme
File for: IBM Spectrum Symphony
Product Release: 7.3.2
Update Name: IBM Spectrum Symphony 7.3.2 Fix 601860
Fix ID: sym-7.3.2-build601860
Publication Date: January 26, 2024
The
IBM Spectrum Symphony 7.3.2 Fix 601860 offering is available for 64-bit Linux
x86 and Windows. It is available for IBM Spectrum Symphony, and IBM Spectrum
Symphony Advanced Edition with the multicluster feature. It is a security fix
for IBM Spectrum Symphony, to be applied on top of your version 7.3.2 Fix
601711 installation (including any fixes you may have already installed on top
of version 7.3.2).
Fix 601860 is
not a mandatory fix; you can apply other fixes on top of IBM Spectrum Symphony
7.3.2 Fix 601711 without applying Fix 601860. Fix 601860 is, however, one that
provides optimal security.
The IBM
Spectrum Symphony installation includes various software, as listed in IBM Documentation. Some of the software packages have
been identified with common vulnerabilities exposures (CVEs). Fix 601860
provides upgraded versions of the affect software, so that you can continue to
use IBM Spectrum Symphony 7.3.2 securely. For improved security, apply Fix
601860.
For a Linux environment with IBM Spectrum
Conductor, always install IBM Spectrum Symphony 7.3.2 Fix 601860 first,
and then install IBM Spectrum Conductor 2.5.1 Fix 601861.
For what’s included in Fix 601860, see
the following list of fixes in this readme file, and the release notes within
IBM Documentation for details.
Contents
1. List of fixes
2. Download location
3. Product and components
affected
4. Installation and
configuration
5. Uninstallation
6. List of files
7. Copyright and trademark
information
1. List of fixes
Fix 601860 provides
upgraded software packages to address known CVEs. The following list provides
the software versions upgraded with Fix 601860:
·
bcprov-jdk15on to 1.77
·
jQuery to 3.5.1
·
jquery-ui to v1.13.2
·
jquery.dataTables.min.js and jquery.dataTables.js to 1.11.3
·
kotlin-stdlib to 1.9.20
·
libbind to 9.18.19
·
netty-handler to 4.1.99.
·
okio 3.4.0
·
spring-security to 5.8.8.
·
urllib3 to 1.26.18
For
more details, see the Fix 601860 release notes within IBM
Documentation.
2. Download location
Download IBM
Spectrum Symphony 7.3.2 Fix 601860 from IBM Fix Central: https://www.ibm.com/eserver/support/fixes/
3. Product and components affected
Component name,
Platform, Fix
ID:
IBM Spectrum Symphony,
Linux x86_64, Windows x86_64, sym-7.3.2-build601860
4. Installation and configuration
Follow the instructions in this
section to download and apply IBM Spectrum Symphony 7.3.2 Fix 601860.
Fix 601860 for IBM Spectrum Symphony is offered as a fix on top of your
existing version of 7.3.2 Fix
601711. Therefore, you must first have the 7.3.2 Fix 601711 version of IBM Spectrum
Symphony installed before you can apply Fix
601860.
System requirements
Depending on your operating
system, you require Linux x86 64-bit or Windows x86 64-bit for IBM Spectrum Symphony, IBM Spectrum Symphony
with the multicluster feature. For details, see all supported system configurations.
Before installation
Before
installing Fix 601860, refer to these important notes for your IBM Spectrum
Symphony product offering. Refer to note for the appropriate product offering:
Before
installing on IBM Spectrum Symphony
Before
installing on IBM Spectrum Symphpony with the multicluster feature
Before installing Fix 601860 on IBM Spectrum Symphony
7.3.2
Download the installation package for your
operating system,
to a directory on each of your management and compute hosts (for example, to a /sym732 directory on Linux, or to a C:\sym732 directory on Windows).
Tip: On Linux, if you
installed the IBM Spectrum Symphony package using the egoinstallfixes command,
to avoid the original files (which are backed up under the $EGO_TOP/patch/backup/ directory) from being
scanned by security management related tools, move the files to other hosts
that do not have IBM Spectrum Symphony installed.
Installation packages to download:
·
Linux:
sym-7.3.2.0_x86_64_build601860.tar.gz
Note that you will install Fix 601860 using the egoinstallfixes command,
which requires that your Linux host include the ed Linux
line-oriented text editor.
· Windows:
sym-7.3.2.0_build601860.zip
Precondition: On Windows, download
the sym-7.3.2.0.exe file from IBM Passport Advantage, and
decompress it to get the base .msi files:
sym-7.3.2.0.exe --extract downloaded_path_to_installed_msp_files
where downloaded_path_to_installed_msp_files is the
same path as where you unzip the .msp files during installation.
Before installing Fix 601860 on IBM Spectrum Symphony
7.3.2 with the multicluster feature
Fix 601860 for IBM Spectrum
Symphony Advanced Edition with the multicluster feature is offered as a fix on
top of your existing version of 7.3.2 Fix 601711. Therefore, you must first have the 7.3.2 Fix 601711 version of IBM Spectrum
Symphony Advanced Edition with the multicluster feature installed before you can apply Fix 601860.
The multicluster
feature is available for IBM Spectrum Symphony Advanced Edition. Download the installation package for
your operating system, to a directory on your IBM Spectrum
Symphony multicluster primary cluster (for example, to a /smc732 directory on Linux, or to a C:\smc732 directory on Windows):
·
Linux:
symmc-7.3.2.0_x86_64_build601860.tar.gz
Note
that you will install Fix 601860 using the egoinstallfixes command,
which requires that your Linux host include the ed Linux line-oriented text
editor.
· Windows:
symmc-7.3.2.0_build601860.zip
Precondition: On Windows, download the symmc-7.3.2.0.exe file from IBM Passport Advantage, and
decompress it to get the base .msi files:
symmc-7.3.2.0.exe
--extract downloaded_path_to_installed_msp_files
where downloaded_path_to_installed_msp_files is the same path as where you unzip the
.msp files during installation
Installation
steps
Use the following
installation steps for the installation package applicable to your operating
system (Linux or Windows) and IBM Spectrum Symphony product offering. Refer to
the appropriate installation type:
Installing on IBM Spectrum Symphony
Installing on IBM Spectrum Symphony with the multicluster
feature
Installing
Fix 601860 on IBM
Spectrum Symphony 7.3.2
Before applying Fix 601860, ensure
that you have IBM Spectrum Symphony 7.3.2 Fix 601711 installed for our
operating system.
Linux
a.
Complete these steps on your primary host:
i.
Log on as the operating system
cluster administrator, and source the environment:
(BASH) . $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
ii. Stop the cluster:
$ egosh user logon -u Admin -x Admin
$ soamcontrol app disable all
$ egosh service stop all
$ egosh ego shutdown all
b. Complete these steps for each management host in the cluster:
i.
Log on as the operating system cluster administrator and source your
environment:
(BASH) . $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
ii.
Extract the .tar.gz file that you previously downloaded: sym-7.3.2.0_x86_64_build601860.tar.gz
For example,
use tar command:
$ tar zxof sym-7.3.2.0_x86_64_build601860.tar.gz
-C /sym732
iii.
Change to the directory
where you extracted the files, and then install Fix 601860 by running the sym-7.3.2.sh file.
For example:
$ cd /sym732
$ ./sym-7.3.2.sh -m -i
The installer installs all necessary packages for your management host, including:
o
egocore-4.0.0.0_x86_64_build601860.tar.gz
o
egomgmt-4.0.0.0_noarch_build601860.tar.gz
o
egorest-4.0.0.0_noarch_build601860.tar.gz
o
explorer-10.1.1.0_x86_64_build601860.tar.gz
o
hfcore-1.2.0.0_x86_64_build601860.tar.gz
o
soamcore-7.3.2.0_x86_64_build601860.tar.gz
o
soammgmt-7.3.2.0_noarch_build601860.tar.gz
iv.
Verify the
installation using the pversions command.
For example:
$ pversions -b 601860
c. Complete these steps for each compute host in the cluster:
i.
Log on as the operating system cluster administrator and source your
environment:
(BASH) . $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
ii.
Extract the .tar.gz file that you previously downloaded: sym-7.3.2.0_x86_64_build601860.tar.gz
For example,
use tar command:
$ tar zxof sym-7.3.2.0_x86_64_build601860.tar.gz
-C /sym732
iii.
Change to the directory
where you extracted the files, and then install Fix 601860 by running the sym-7.3.2.sh file.
For example:
$ cd /sym732
$ ./sym-7.3.2.sh -c -i
The installer installs all necessary packages for your compute
host, including:
o
egocore-4.0.0.0_x86_64_build601860.tar.gz
o
soamcore-7.3.2.0_x86_64_build601860.tar.gz
iv.
Verify the
installation using the pversions command.
For example:
$ pversions -b 601860
d.
On each
management host, delete all subdirectories and files from the following directories:
$ rm -rf $EGO_CONFDIR/../../gui/work/*
$ rm -rf $EGO_TOP/gui/workarea/*
$ rm -rf $EGO_TOP/kernel/rest/workarea/*
Note: If you
configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/wlp.conf file, you
must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.
e.
(Optional) On
your management host, if you want to use EGO service ServiceDirector and
WebServiceGateway, configure environment variables LD_LIBRARY_PATH in $EGO_CONFDIR/../../eservice/esc/conf/services/named.xml:
<ego:EnvironmentVariable
name="LD_LIBRARY_PATH">${EGO_TOP}/4.0/linux-x86_64/lib/libbind</ego:EnvironmentVariable>
f. Start the cluster on your primary host by logging on as root or a cluster administrator user with root privileges, sourcing your environment, restarting the cluster, and enabling the applicable applications:
(BASH)
. $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
$ egosh
ego start all
$ soamcontrol
app enable application_name
Tip: After
installing Fix 601860 and it works well in your environment, to avoid the
original files from being scanned by security management related tools, you can
move the original files out of the cluster. Move the backup files (under the $EGO_TOP/patch/backup/ directory) to other hosts that do not have IBM
Spectrum Symphony installed.
Windows
a.
Log on to your primary
host as the operating system cluster administrator, and stop the cluster:
> egosh user logon -u Admin -x Admin
> soamcontrol app disable all
> egosh service stop all
> egosh
ego shutdown all
b. Complete the following steps for each management and compute host in the cluster:
i.
Log on as the
cluster administrator with local administrator privileges and change to the
directory where you downloaded the installation file.
For example:
cd C:\sym732
ii.
Decompress the
following zip file:
sym-7.3.2.0_build601860.zip
iii.
Run the installation
file:
On management
hosts: > sym-7.3.2.bat -m -i
On compute hosts: > sym-7.3.2.bat -c -i
iv.
Verify the installation
using the pversions command.
For example:
pversions
The command output should show the installed packages.
c. On each management host, delete all
subdirectories and files from the following directories:
> del %EGO_CONFDIR%\..\..\gui\work\*
> del %SOAM_HOME%\..\gui\workarea\*
> del %SOAM_HOME%\..\kernel\rest\workarea\*
Note:
If you configured the WLP_OUTPUT_DIR
parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to
true in the %EGO_CONFDIR%\wlp.conf file, you must clean up the
%WLP_OUTPUT_DIR%\webgui_hostname\gui\workarea\ directory
d. Start the cluster on your primary host by logging on as root or a cluster administrator user with root privileges, reopen a Symphony 7.3.2 command console, restarting the cluster, and enabling the applicable applications:
> egosh ego start all
> soamcontrol app enable application_name
Installing Fix 601860 on IBM Spectrum Symphony 7.3.2 with the multicluster feature
Log on as the operating system cluster administrator and install the Fix 601860 installation
package, which you previously downloaded, to the IBM Spectrum Symphony
multicluster primary cluster:
Linux
a.
Complete these
steps on your primary host:
i.
Log
on as the operating system cluster administrator, and
source the environment:
(BASH) . $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
ii. Stop the cluster:
$ egosh user logon -u Admin -x Admin
$ egosh service stop all
$ egosh ego shutdown all
b. Complete these steps for each host in the cluster:
i.
Log on as the operating system cluster administrator and
source your environment:
(BASH) . $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
Extract the .tar.gz file that you
previously downloaded: symmc-7.3.2.0_x86_64_build601860.tar.gz
For example,
use tar command:
$ tar zxof symmc-7.3.2.0_x86_64_build601860.tar.gz
-C /smc732
ii.
Change to the directory where
you extracted the file, and then install Fix 601860 by running the smc-7.3.2.sh:
$ cd /smc732
$ ./smc-7.3.2.sh -i
The installer installs
all necessary packages for your host, including:
o
symmcegorest-4.0.0.0_noarch_build601860.tar.gz
o
symmcmgmt-7.3.2.0_noarch_build601860.tar.gz
o
symmcegocore-4.0.0.0_x86_64_build601860.tar.gz
iii.
Verify the installation using the pversions command.
For example:
$ pversions
-b 601860
c. On
each management host, delete all subdirectories and files from the following
directories:
$ rm -rf $EGO_CONFDIR/../../gui/work/*
$ rm
-rf $EGO_TOP/gui/workarea/*
$ rm -rf $EGO_TOP/kernel/rest/workarea/*
Note:
If you configured the WLP_OUTPUT_DIR
parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to
true in the $EGO_CONFDIR/wlp.conf file, you must clean up the
$WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/
directory
d. Start the cluster on your primary host by logging on as root or a cluster administrator user with root privileges, sourcing your environment, and restarting the cluster:
(BASH) . $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
$ egosh
ego start all
Tip: After
installing Fix 601860 and it works well in your environment, to avoid the
original files from being scanned by security management related tools, you can
move the original files out of the cluster. Move the backup files (under the $EGO_TOP/patch/backup/ directory) to other hosts that do not have IBM
Spectrum Symphony
multicluster installed.
Windows
a.
Log on to your primary
host as the operating system cluster administrator, and stop the cluster:
> egosh user logon -u Admin -x
Admin
> egosh
service stop all
> egosh
ego shutdown all
b. Complete the following steps for each host in the cluster:
i.
Log on as the
cluster administrator with local administrator privileges and change to the
directory where you downloaded the installation file.
For example:
cd C:\smc732
ii.
Run the
installation file:
> smc-7.3.2.bat
-i Installation_top
Installation_top is the directory where EGO is installed.
iii.
Verify
the installation using the pversions command.
For example:
pversions
The command output should show the two .msi packages installed.
c. On each host, delete all subdirectories and
files from the following directories:
> del %EGO_CONFDIR%\..\..\gui\work\*
> del %Installation_top%\gui\workarea\*
> del %Installation_top%\kernel\rest\workarea\*
Note: If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the %EGO_CONFDIR%\wlp.conf file, you must clean up the %WLP_OUTPUT_DIR%\webgui_hostname\gui\workarea\ directory.
d. Start the cluster on your primary host by logging on as root or as a cluster administrator user with root privileges, reopen an IBM SpectrumSymphony ulticluster 7.3.2 command console, and restarting the cluster:
> egosh ego start all
5. Uninstalling
If required, follow the instructions in this section
to uninstall Fix 601860 from your cluster. Refer to the appropriate product
offering:
Uninstalling from IBM
Spectrum Symphony
Uninstalling
from IBM Spectrum Symphony with the multicluster feature
Uninstalling Fix 601860 from IBM Spectrum Symphony 7.3.2
Linux
a. Log on
to the primary host as the operating system cluster administrator, and stop the
cluster:
$ egosh user
logon -u Admin -x Admin
$ soamcontrol app
disable all
$ egosh service stop all
$ egosh ego shutdown all
b.
Log on to each
Linux management host in the cluster and switch to the directory where you extract the package
(for example/sym732), and roll back the fix:
i.
Roll back all .tar.gz files for Fix 601860 by running the sym-7.3.2.sh file:
$ sym-7.3.2.sh -m -r
c. Log on to each Linux compute host in the cluster, switch to the directory where you extracted the package
(for example:/sym732), and roll back the fix:
i.
Roll back all .tar.gz files for Fix 601860 by running the sym-7.3.2.sh file
$
sym-7.3.2.sh -c
-r
d. On each management host, delete all
subdirectories and files from the following directories:
$ rm -rf $EGO_CONFDIR/../../gui/work/*
$ rm
-rf $EGO_TOP/gui/workarea/*
$ rm -rf $EGO_TOP/kernel/rest/workarea/*
Note:
If you configured the WLP_OUTPUT_DIR
parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to
true in the $EGO_CONFDIR/wlp.conf file, you must clean up the
$WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/
directory
e.
(Optional) On
your management host, if you want to use EGO service ServiceDirector and
WebServiceGateway in the cluster, remove environment variables LD_LIBRARY_PATH from $EGO_CONFDIR/../../eservice/esc/conf/services/named.xml:
<ego:EnvironmentVariable
name="LD_LIBRARY_PATH">${EGO_TOP}/4.0/linux-x86_64/lib/libbind</ego:EnvironmentVariable>
f. Start the cluster on your primary host by logging on as
root or a cluster administrator user with root privileges, sourcing your
environment, restarting the cluster, and enabling the applicable applications:
(BASH) . $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
$ egosh
ego start all
$ soamcontrol
app enable application_name
Windows
a.
Log on to the primary
host as the operating system cluster administrator, and stop the cluster:
> egosh user logon -u Admin -x Admin
> soamcontrol app disable all
> egosh service stop all
> egosh ego shutdown all
b.
Log on
each Windows host and uninstall the .msp file:
On management hosts: > sym-7.3.2.bat -m -r
On compute hosts: > sym-7.3.2.bat -c -r
c. On each management host, delete all
subdirectories and files from the following directories:
> del %EGO_CONFDIR%\..\..\gui\work\*
> del %SOAM_HOME%\..\gui\workarea\*
> del %SOAM_HOME%\..\kernel\rest\workarea\*
Note: If you configured
the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the %EGO_CONFDIR%\wlp.conf file, you must clean up the %WLP_OUTPUT_DIR%\webgui_hostname\gui\workarea\
directory
d. Start
the cluster on your primary host by logging on as root or a cluster
administrator user with root privileges, reopen a Symphony 7.3.2 command
console, restarting the
cluster, and enabling the applicable applications:
> egosh
ego start all
> soamcontrol app enable application_name
Uninstalling
Fix 601860 from IBM Spectrum
Symphony 7.3.2 with the multicluster feature
Linux
a. Complete these steps on
your primary host:
i.
Log on as the operating system cluster administrator,
and source the environment:
(BASH) .
$EGO_TOP/profile.platform
(CSH) source
$EGO_TOP/cshrc.platform
ii.
Stop the cluster:
$ egosh user
logon -u Admin -x Admin
$ egosh service stop all
$ egosh ego shutdown all
b.
Complete these steps for each host in the cluster:
i.
Log on as the operating system cluster
administrator and source your environment:
(BASH) .
$EGO_TOP/profile.platform
(CSH) source
$EGO_TOP/cshrc.platform
ii.
Log on to each host in the cluster and switch to the
directory where you extract the package (for example /smc732), and roll back the fix:
$ ./smc-7.3.2.sh -r
g. On each host, delete all subdirectories and
files from the following directories:
$ rm -rf $EGO_CONFDIR/../../gui/work/*
$ rm
-rf $EGO_TOP/gui/workarea/*
$ rm -rf $EGO_TOP/kernel/rest/workarea/*
Note:
If you configured the WLP_OUTPUT_DIR
parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to
true in the $EGO_CONFDIR/wlp.conf file, you must clean up the
$WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/
directory
h. Start the cluster on your primary host by logging on as root or a cluster administrator user with root privileges, sourcing your environment, restarting the cluster:
(BASH)
. $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
$ egosh ego start all
Windows
a. Log on to your primary host as the operating
system cluster administrator, and stop the cluster:
> egosh user logon -u Admin -x Admin
> egosh service stop all
> egosh ego shutdown all
b.
Log on each Windows host and roll back the
.msp files:
> smc-7.3.2.bat -r Installation_top
Installation_top is the directory
where EGO is installed.
c. On each host, delete all subdirectories and
files from the following directories:
> del %EGO_CONFDIR%\..\..\gui\work\*
> del %Installation_top%\gui\workarea\*
> del %Installation_top%\kernel\rest\workarea\*
Note: If you
configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the %EGO_CONFDIR%\wlp.conf file, you
must clean up the %WLP_OUTPUT_DIR%\webgui_hostname\gui\workarea\
directory.
d. Start the
cluster on your primary host by logging on as root or a cluster administrator
user with root privileges, reopen an IBM Spectrum Symphony multicluster 7.3.2
command console, and restarting the cluster:
> egosh ego
start all
6. List of files
sym-7.3.2.0_x86_64_build601860.tar.gz
- egocore-4.0.0.0_x86_64_build601860.tar.gz
- egomgmt-4.0.0.0_noarch_build601860.tar.gz
- egorest-4.0.0.0_noarch_build601860.tar.gz
- explorer-10.1.1.0_x86_64_build601860.tar.gz
- hfcore-1.2.0.0_x86_64_build601860.tar.gz
- soamcore-7.3.2.0_x86_64_build601860.tar.gz
- soammgmt-7.3.2.0_noarch_build601860.tar.gz
-
soammrcore-7.3.2.0_x86_64_build601860.tar.gz
-
sym-7.3.2.sh
symmc-7.3.2.0_x86_64_build601860.tar.gz
-
symmcegorest-4.0.0.0_noarch_build601860.tar.gz
-
symmcmgmt-7.3.2.0_noarch_build601860.tar.gz
-
symmcegocore-4.0.0.0_x86_64_build601860.tar.gz
- smc-7.3.2.sh
sym-7.3.2.0_build601860.zip
- sym-7.3.2.0-soamcore-7.3.2.0_build601860.msp
- sym-7.3.2.0-soammgmt-7.3.2.0_build601860.msp
- sym-7.3.2.0-egomgmt-4.0.0.0_build601860.msp
-
sym-7.3.2.0-hfcore-1.2.0.0_build601860.msp
-
sym-7.3.2.0-egorest-4.0.0.0_build601860.msp
-
sym-7.3.2.bat
symmc-7.3.2.0_build601860.zip
-
symmcmgmt-7.3.2.0_build601860.msp
-
symmcegorest-4.0.0.0_build601860.msp
-
smc-7.3.2.bat
7. Copyright and trademark information
© Copyright
IBM Corporation 2024
U.S. Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo, and ibm.com® are trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide. Other
product and service names might be trademarks of IBM or other companies. A
current list of IBM trademarks is available on the Web at "Copyright and
trademark information" at www.ibm.com/legal/copytrade.shtml.