05/29/2018

Response to Recently Reported Security Vulnerabilities

In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-3639. In addition, Operating System updates are required in conjunction with this FW level for CVE-2018-3639.

System firmware changes that affect certain systems

On a system with an AIX partition, a problem was fixed for a partition time jump that could occur after doing an AIX Live Update. This problem could occur if the AIX Live Update happens after a Live Partition Mobility (LPM) migration to the partition. AIX applications using the timebase facility could observe a large jump forwards or backwards in the time reported by the timebase facility. A circumvention to this problem is to reboot the partition after the LPM operation prior to doing the AIX Live Update. An AIX fix is also required to resolve this problem. The issue will no longer occur when this firmware update is applied on the system that is the target of the LPM operation and the AIX partition performing the AIX Live Update has the appropriate AIX updates installed prior to doing the AIX Live Update. This fix only pertains to the following models that are able to run AIX partitions:

1. IBM Flex System p260 Compute Node (7895-23X)
2. IBM Flex System p260 Compute Node (7895-23A) with F/C EFD9
3. IBM Flex System p460 Compute Node (7895-43X)
4. IBM Flex System p270 Compute Node (7954-24X)

02/06/2018

Response to Recently Reported Security Vulnerabilities

In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2017-5715. In addition, Operating System updates are available to mitigate the CVE-2017-5753 CVE-2017-5754 security issues. This pertains to the following models:

• IBM Flex System p260 Compute Node (7895-22X)
• IBM Flex System p460 Compute Node (7895-42X)
• IBM Flex System p24L Compute Node (1457-7FL)

This firmware update also addresses CVE-2017-5715 for IBM i, along with updates for AIX and Linux, for the following models:

• IBM Flex System p260 Compute Node (7895-23X)
• IBM Flex System p260 Compute Node (7895-23A) with F/C EFD9
• IBM Flex System p460 Compute Node (7895-43X)
• IBM Flex System p270 Compute Node (7954-24X)

01/09/2018

New Features and Functions

In response to recently reported security vulnerabilities, this firmware update is being released to address Common Vulnerabilities and Exposure issue numbers, CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. Operating system updates are required in conjunction with this firmware level for CVE-2017-5753 and CVE-2017-5754.

The models addressed by this service pack update have the P7+ processor:

• IBM Flex System p260 Compute Node (7895-23X)
• IBM Flex System p260 Compute Node (7895-23A) with F/C EFD9
• IBM Flex System p460 Compute Node (7895-43X)
• IBM Flex System p270 Compute Node (7895-24X)

11/06/2017

New Features and Functions

Support for the Advanced System Management Interface (ASMI) was changed to allow the special characters of "I", "O", and "Q" to be entered for the serial number of the I/O Enclosure under the Configure I/O Enclosure option. These characters have only been found in an IBM serial number rarely, so typing in these characters will normally be an incorrect action. However, the special character entry is not blocked by ASMI any more so it is able to support the exception case. Without the enhancement, the typing of one of the special characters causes message "Invalid serial number" to be displayed.

Support was added for the Universally Unique IDentifier (UUID) property for each partition. The UUID provides each partition with an identifier that is persisted by the platform across partition reboots, reconfigurations, OS reinstalls, partition migration, and hibernation.

System firmware changes that affect all systems

A problem was fixed for incorrect error messages from the Advanced System Management Interface (ASMI) functions when the system is powered on but in the "Incomplete State". For this condition, ASMI was assuming the system was powered off because it could not communicate to the PowerVM hypervisor. With the fix, the ASMI error messages will indicate that ASMI functions have failed because of the bad hypervisor connection instead of falsely stating that the system is powered off.

A problem was fixed for an SRC BA090006 serviceable event log occurring whenever an attempt was made to boot from an ALUA (Asymmetric Logical Unit Access) drive. These drives are always busy by design and cannot be used for a partition boot, but no service action is required if a user inadvertently tries to do that. Therefore, the SRC was changed to be an informational log.

A problem was fixed for a partition boot fail or hang from a Fibre Channel device having fabric faults. Some of the fabric errors returned by the VIOS are not interpreted correctly by the Open Firmware VFC drive, causing the hang instead of generating helpful error logs.

A problem was fixed for Live Partition Mobility (LPM) migrations from FW860.10 or FW860.11 to older levels of firmware. Subsequent DLPAR of Virtual Adapters will fail with HMC error message HSCL294C, which contains text similar to the following: "0931-007 You have specified an invalid drc_name." This issue affects partitions installed with AIX 7.2 TL 1 and later. Not affected by this issue are partitions installed with VIOS, IBM i, or earlier levels of AIX.

System firmware changes that affect certain systems

On systems with IBM i partitions, a problem was fixed for frequent logging of informational B7005120 errors due to communications path closed conditions during messaging from HMCs to IBM i partitions. In the majority of cases, these errors are due to normal operating conditions and not due to errors that require service or attention. The logging of informational errors due to this specific communications path closed condition that are the result of normal operating conditions has been removed.

On systems with IBM i partitions. a problem was fixed for reboot retries for IBM i partitions such that the first load source I/O adapter (IOA) is retried instead of bypassed after the first failed attempt. The reboot retries are done for an hour before the reboot process gives up. This error can occur if there is more than one known load source, and the IOA of the first load source is different from the IOA of the last load source. The error can be circumvented by retrying the boot of the partition after the load source device has become available.

11/07/2016

System firmware changes that affect all systems

A problem was fixed for hypervisor task failures in adjunct partitions with a SRC B7000602 reported in the error log. These failures occur during adjunct partition reboots for concurrent firmware updates but are extremely rare and require a re-IPL of the system to recover from the task failure. The adjunct partitions may be associated with the VIOS or I/O virtualization for the physical adapters such as done for SR-IOV.

A problem was fixed for a latency time of about 2 seconds being added to a target Live Partition Mobility (LPM) migration system when there is a latency time check failure. With the fix, in the case of a latency time check failure, a much smaller default latency is used instead of two seconds. This error would not be noticed if the customer system is using a NTP time server to maintain the time.

A problem was fixed for a shared processor pool partition showing an incorrect zero "Available Pool Processor" (APP) value after a concurrent firmware update. The zero APP value means that no idle cycles are present in the shared processor pool but in this case it stays zero even when idle cycles are available. This value can be displayed using the AIX "lparstat" command. If this problem is encountered, the partitions in the affected shared processor pool can be dynamically moved to a different shared processor pool. Before the dynamic move, the "uncapped" partitions should be changed to "capped" to avoid a system hang. The old affected pool would continue to have the APP error until the system is re-IPLed.

A rare problem was fixed for a system hang that can occur when dynamically moving "uncapped" partitions to a different shared processor pool. To prevent a system hang, the "uncapped" partitions should be changed to "capped" before doing the move.

A problem was fixed for a sequence of two or more Live Partition Mobility migrations that caused a partition to crash with a SRC BA330000 logged (Memory allocation error in partition firmware). The sequence of LPM migrations that can trigger the partition crash are as follows:
The original source partition level can be any FW760.xx, FW763.xx, FW770.xx, FW773.xx, FW780.xx, or FW783.xx P7 level or any FW810.xx, FW820.xx, FW830.xx, or FW840.xx P8 level.

It is migrated first to a system running one of the following levels:

• FW730.70 or later 730 firmware or FW740.60 or later 740 firmware.

  And then a second migration is needed to a system running one of the following levels:

• FW760.00 - FW760.20 or FW770.00 - FW770.10.

The twice-migrated system partition is now susceptible to the BA330000 partition crash during normal operations until the partition is rebooted. If an additional LPM migration is done to any firmware level, the thrice-migrated partition is also susceptible to the partition crash until it is rebooted. With the fix applied, the susceptible partitions may still log multiple BA330000 errors but there will be no partition crash. A reboot of the partition will stop the logging of the BA330000 SRC.

A problem was fixed for a Live Partition Mobility migration that resulted in the source managed system going to the management console Incomplete state after the migration to the target system was completed. This problem is very rare and has only been detected once.. The problem trigger is that the source partition does not halt execution after the migration to the target system. The management console went to the Incomplete state for the source managed system when it failed to delete the source partition because the partition would not stop running. When this problem occurred, the customer network was running very slowly and this may have contributed to the failure. The recovery action is to re-IPL the source system but that will need to be done without the assistance of the management console. For each partition that has a OS running on the source system, shut down each partition from the OS. Then from the Advanced System Management Interface (ASMI), power off the managed system. Alternatively, the system power button may also be used to do the power off. If the management console Incomplete state persists after the power off, the managed system should be rebuilt from the management console. For more information on management console recovery steps, refer to this IBM Knowledge Center link: https://www.ibm.com/support/knowledgecenter/en/POWER7/p7eav/aremanagedsystemstate_incomplete.htm

05/04/2016

New features and functions

Support was added to the service processor to allow control of Dynamic Power Mode from the Hardware Management Console (HMC). This power mode allows modifying a processor frequency, either to reduce energy consumption or to overclock the processor and boost the machine speed. There are four power modes possible:

• Disable Power Saver mode this is default. No changes in the processor frequency and resource will operate at 100% of nominal processor frequencies at all times.
• Enable Static Power Saver mode activates the Power Saver mode, fixing the processor frequency and voltage at a predetermined low-power mode.
• Enable Dynamic Power Saver (favor power) mode guarantees power savings by limiting the maximum frequency of the system under peak utilization under high utilization.
• Enable Dynamic Power Saver (favor performance) mode allows a higher frequency range at high utilization. There is existing support to control Dynamic Power Mode from the Advanced System Management Interface (ASMI) with the "System Configuration /Power Management/ Power Mode Setup" panel options.
  With the new support, the HMC can also control the Dynamic Power Modes with CLI commands lspwrmgmt (list the current power mode configuration) and chpwrmgmt (change the power mode): (https://www-01.ibm.com/support/knowledgecenter/HW4L4/p8edm/chpwrmgmt.html). The HMC must be at V8R8.2.0 or later to have the Dynamic Power Mode feature.

Support was added for the Stevens6+ option of the internal tray loading DVD-ROM drive with F/C #EU13. This is an 8X/24X(max) Slimline SATA DVD-ROM Drive. The Stevens6+ option is a FRU hardware replacement for the Stevens3+. MTM 7226-1U3 (Oliver) FC 5757/5762/5763 attaches to IBM Power Systems and lists Stevens6+ as optional for Stevens3+. If the Stevens6+ DVD drive is installed on the system without the required firmware support, the boot of an AIX partition will fail when the DVD is used as the load source. Also, an IBM i partition cannot consistently boot from the DVD drive using D-mode IPL. A SRC C2004130 may be logged for the load source not found error.

System firmware changes that affect all systems

A problem was fixed for a Network boot/install failure using bootp in a network with switches using the Spanning Tree Protocol (STP). A Network boot/install using lpar_netboot on the management console was enhanced to allow the number of retries to be increased. If the user is not using lpar_netboot, the number of bootp retries can be increased using the SMS menus. If the SMS menus are not an option, the STP in the switch can be set up to allow packets to pass through while the switch is learning the network configuration.

A problem was fixed for a hypervisor adjunct partition failed with "SRC B2009008 LP=32770" for an unexpected SR-IOV adapter configuration. Without the fix, the system must be re-IPLed to correct the adjunct error. This error is infrequent and can only occur if an adapter port configuration is being changed at the same time that error recovery is occurring for the adapter.

A security problem was fixed in the lighttpd server on the service processor OpenSSL where a remote attacker, while attempting authentication, could insert strings into the lighttpd server log file. Under normal operations on the service processor, this does not impact anything because the log is disabled by default. The Common Vulnerabilities and Exposures issue number is CVE-2015-3200.

A security problem was fixed in OpenSSL for a possible service processor reset on a null pointer de-reference during RSA PPS signature verification. The Common Vulnerabilities and Exposures issue number is CVE-2015-3194.

A problem was fixed for PCI adapters locking up when powered on. The problem is rare but frequency varies with the specific adapter models. A system power down and power up is required to get the adapter out of the locked state.

A problem was fixed for the compute nodes not having their real-time clock synchronized with the network time protocol (NTP) server on the Chassis Management Module (CMM). This problem has the following symptoms-- 1) It could cause the compute nodes to have a different date and time than the Flex System Manager (FSM) as changes in the date and time are not propagated to the compute nodes. 2) A time of day (TOD) battery replacement on the compute node will cause the compute node to go to the Epoch 1970 date. 3) The time and date between the compute nodes may be subject to a time drift as each node is independently managing the time with its own real-time clock chip. If the date and time of the compute nodes are still skewed after the fix is applied, the date and time can be adjusted in the partition OS using an OS command or the compute nodes can be powered off and IPLed again to synchronize with the NTP time on the CMM.

System firmware changes that affect certain systems

On systems where memory relocation (as done by using Live Partition Mobility (LPM)) and a partition reboot are occurring simultaneously, a problem for a system termination was fixed. The potential for the problem existed between the active migration and the partition reboot.

On systems with an IBM i partition, a problem was fixed for a machine check incorrectly issued to an IBM i partition running 7.2 or later with 4K sector disks.

On systems with an AIX partition and a Linux partition, a problem was fixed for dynamically moving an adapter that uses DMA from the Linux partition to the AIX partition that caused the AIX to fail by going into KDB mode (0c20 crash). The management console showed the following message for the partition operation: "Dynamic move of I/O resources failed. The I/O slot dynamic partitioning operation failed." The error was caused by Linux using 64K mappings for the DMA window and AIX using 4K mappings for the DMA window, causing incorrect calculations on the AIX when it received the adapter. Until the fix is applied, the adapters that use DMA should only be moved from Linux to AIX when the partitions are powered off.

On systems with Integrated Virtualization Manager (IVM) managed partitions with more than 64 active partitions, a problem was fixed for recovery from Live Partition Mobility (LPM) errors. Without the fix, the IVM managed system partition can appear to still be running LPM migration afte it has aborted, preventing retries of the LPM operation. For this problem, the partition must be stopped and restarted to clear the LPM error state. The problem is not frequent because it requires a failed LPM migration on a partition with a partition ID that is greater than 64.

On systems with an invalid P-side or T-side in the firmware, a problem was fixed in the partition firmware Real-Time Abstraction System (RTAS) so that system Vital Product Data (VPD) is returned at least from the valid side instead of returning no VPD data. This allows AIX host commands such as lsmcode, lsvpd, and lsattr that rely on the VPD data to work to some extent even if there is one bad code side. Without the fix, all the VPD data is blocked from the OS until the invalid code side is recovered by either rejecting the firmware update or attempting to update the system firmware again.

On systems with an Active Memory Sharing (AMS) partition with AIX Level 7.2.0.0 or later with Firmware Assisted Dump enabled, a problem was fixed for a Restart Dump operation failing into KDB mode. If "q" is entered to exit from KDB mode, the partition fails to start. The AIX partition must be powered off and back on to recover. The problem can be circumvented by disabling Firmware Assisted Dump (default is enabled in AIX 7.2).

On systems using dedicated processor partitions, a problem was fixed for the dedicated processor partition becoming intermittently unresponsive. The problem can be circumvented by changing the partition to use shared processors.

08/26/2015

System firmware changes that affect all systems

A problem was fixed in the Advanced System Management Interface (ASMI) to reword a confusing message for systems with no deconfigured resources. The "System Service Aids/Deconfiguration Records" message text for this situation was changed from "Deconfiguration data is currently not available." to "No deconfigured resources found in the system.

A problem was fixed for some service processor error logs not getting reported to the OS partitions as needed. The service processor was not checking for a successful completion code on the error log message send, so it was not doing retries of the send to the OS when that was needed to ensure that the OS received the message.

A problem was fixed for a loss and lack of recovery of a virtual terminal session (VTTY) from the Management Console to a partition OS. The VTTY session timed out with SRC logged of B181843C and then it could not be restarted from the Management Console.

A problem was fixed for a hypervisor deadlock that results in the system being in a "Incomplete state" as seen on the management console. This deadlock is the result of two hypervisor tasks using the same locking mechanism for handling requests between the partitions and the management console. Except for the loss of the management console control of the system, the system is operating normally when the "Incomplete state" occurs.

A problem was fixed for a false error message with error code 0x8006 when creating a virtual ethernet adapter with the Integrated Virtualization Manager (IVM). The error message can be ignored as the virtual ethernet slot is fully functional.

A problem was fixed for Live Partition Mobility (LPM) migration operation long resume times, up to several minutes more than expected. Large memory configuration partitions were impacted most by the long resume times.

For a partition that has been migrated with Live Partition Mobility (LPM) from FW730 to FW740 or later, a problem was fixed for a Main Storage Dump (MSD) IPL failing with SRC B2006008. The MSD IPL can happen after a system failure and is used to collect failure data. If the partition is rebooted anytime after the migration, the problem cannot happen. The potential for the problem existed between the active migration and a partition reboot.

A security problem was fixed for the Network Time Protocol (NTP) services to prevent an unauthorized user from changing the time and date on the compute node to incorrect values. The MD5 encryption key generation has been strengthened to block unauthorized users. The Common Vulnerabilities and Exposures issue number is CVE-2014-9294.

A security problem was fixed in OpenSSL where a remote attacker could crash the service processor with a specially crafted X.509 certificate that causes an invalid pointer or an out-of-bounds write. The Common Vulnerabilities and Exposures issue numbers are CVE-2015-0286 and CVE-2015-0287.

A problem was fixed that prevented a second management console from being added to the compute node. In some cases, network outages caused defunct management console connection entries to remain in the service processor connection table, making connection slots unavailable for new management consoles A reset of the service processor could be used to remove the defunct entries and allow the second management console to connect.

A security problem was fixed for an OpenSSL specially crafted X.509 certificate that could cause the service processor to reset in a denial-of-service (DOS) attack. The Common Vulnerabilities and Exposures issue number is CVE-2015-1789.

A security problem was fixed for the connection to a Network Time Protocol (NTP) server to prevent a spoofed connection enabled by of the use of non-random MD5 keys. A hijacked connection like this could have been used to corrupt the date and time on the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2015-3405.

System firmware changes that affect certain systems

On systems with shared processor partitions that are configured as capped or in a shared processor pool, there was a problem found that delayed the dispatching of the virtual processors which caused performance to be degraded in some situations. Partitions with dedicated processors are not affected. The problem is rare and can be mitigated, until the service pack is applied, by creating a new shared processor AIX or Linux partition and booting it to the SMS prompt; there is no need to install an operating system on this partition. Refer to help document www.ibm.com/support/docview.wss?uid=nas8N1020863 for additional details.

04/16/2015

System firmware changes that affect all systems

On systems using Virtual Shared Processor Pools (VSPP), a problem was fixed for an inaccurate pool idle count over a small sampling period. A problem was corrected for a defect in an earlier service pack (AF783_026) that potentially caused an undetected corruption of firmware when the fix was concurrently activated. If the earlier service pack(AF783_026) was concurrently installed, a platform IPL will mitigate potential future exposure to the problem.

03/04/2015

This service pack was pulled and replaced by AF783_027.

System firmware changes that affect all systems

A problem was fixed for the Advanced System Manager Interface (ASMI) to change the Dynamic Platform Optimizer (DPO) VET capability setting from "False" to "True". DPO is available on all systems to use without a license required. Even though the VET for DPO was set to "False", it did not interfere with the running of DPO.

A problem was fixed for the iptables process consuming all available memory, causing an out of memory dump and reset/reload of the service processor.

A problem was fixed for memory relocation failing during a partition reboot with SRC B700F103 logged. The memory relocation could be part of the processing for the Dynamic Platform Optimizer (DPO), Active Memory Sharing (AMS) between partitions, mirrored memory defragmentation, or a concurrent FRU repair.

A problem was fixed to prevent a hypervisor task failure if multiple resource dumps running concurrently run out of dump buffer space. The failed hypervisor task could prevent basic logical partition operations from working.

HIPER /Pervasive A performance problem was fixed that may affect shared processor partitions where there is a mixture of dedicated and shared processor partitions with virtual IO connections, such as virtual ethernet or Virtual IO Server (VIOS) hosting, between them. In high availability cluster environments this problem may result in a split brain scenario.

A problem was fixed that could result in unpredictable behavior if a memory UE is encountered while relocating the contents of a logical memory block during one of these operations -- Reducing the size of an Active Memory Sharing (AMS) pool. -- On systems using mirrored memory, using the memory mirroring optimization tool.

A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed a man-in -the middle attacker, via a specially crafted fragmented handshake packet, to force a TLS/SSL server to use TLS 1.0, even if both the client and server supported newer protocol versions. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3511.

A security problem was fixed in OpenSSL for formatting fields of security certificates without null-terminating the output strings. This could be used to disclose portions of the program memory on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3508.

Multiple security problems were fixed in the way that OpenSSL handled Datagram Transport Layer Security (DLTS) packets. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2014-3505, CVE-2014-3506 and CVE-2014-3507.

A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet with an included Supported EC Point Format extension could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3509.

A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Diffie Hellman (DH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3510.

A problem was fixed so that clearing the System Attention LED clears hypervisor I/O error logs and other critical error logs on the Chassis Management Module (CMM).

A security problem was fixed for the Network Time Protocol (NTP) client that allowed remote attackers to execute arbitrary code via a crafted packet containing an extension field. The Common Vulnerabilities and Exposures issue number is CVE-2009-1252.

A security problem was fixed for the Network Time Protocol (NTP) client for a buffer overflow that allowed remote NTP servers to execute arbitrary code via a crafted response. The Common Vulnerabilities and Exposures issue number is CVE-2009-0159.

A problem was fixed for the Network Time Protocol (NTP) client for a ntpq core dump with SRC B181EF88 logged.

A security problem was fixed in OpenSSL for padding-oracle attacks known as Padding Oracle On Downgraded Legacy Encryption (POODLE). This attack allows a man-in-the-middle attacker to obtain a plain text version of the encrypted session data. OpenSSL support was added for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) to provide a guard against POODLE when using browser clients that also have TLS Fallback support. The Common Vulnerabilities and Exposures issue number is CVE-2014-3566. The POODLE problem may also be fully resolved by using the Chassis Management Module (CMM) to change the compute node Security Configuration from "LEGACY" to "NIST_STRICT" (NIST SP800-131A compliant). This mode of "NIST_STRICT" restricts all the SSL clients to use TLSv1.2, so some legacy connections may not be allowed if they require earlier SSL versions such as SSLv3 to connect.

A security problem was fixed in OpenSSL for memory leaks that allowed remote attackers to cause a denial of service (out of memory on the service processor). The Common Vulnerabilities and Exposures issue numbers are CVE-2014-3513 and CVE-2014-3567.

A security problem was fixed in OpenSSL where the service processor would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key, allowing a user to falsely authenticate . The Common Vulnerabilities and Exposures issue number is CVE-2015-0205.

A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) messages. A specially crafted DTLS message could exhaust all available memory and cause the service processor to reset. The Common Vulnerabilities and Exposures issue number is CVE-2015-0206.

A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) messages. A specially crafted DTLS message could do an null pointer de-reference and cause the service processor to reset. The Common Vulnerabilities and Exposures issue number is CVE-2014-3571.

A security problem was fixed in OpenSSL to fix multiple flaws in the parsing of X.509 certificates. These flaws could be used to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting. The Common Vulnerabilities and Exposures issue number is CVE-2014-8275.

A security vulnerability, commonly referred to as GHOST, was fixed in the service processor glibc functions getbyhostname() and getbyhostname2() that allowed remote users of the functions to cause a buffer overflow and execute arbitrary code with the permissions of the server application. There is no way to exploit this vulnerability on the service processor but it has been fixed to remove the vulnerability from the firmware. The Common Vulnerabilities and Exposures issue number is CVE-2015-0235.

A problem was fixed for a partition deletion error on the management console with error code 0x4000E002 and message "...insufficient memory for PHYP". The partition delete operation has been adjusted to accommodate the temporary increase in memory usage caused by memory fragmentation, allowing the delete operation to be successful.

System firmware changes that affect certain systems

On systems that have Active Memory Sharing (AMS) partitions and deduplication enabled, a problem was fixed for not being able to resume a hibernated AMS partition. Previously, resuming a hibernated AMS partition could give checksum errors with SRC B7000202 logged and the partition would remain in the hibernated state.

On systems that have Active Memory Sharing (AMS) partitions, a problem was fixed for Dynamic Logical Partitioning (DLPAR) for a memory remove that leaves a logical memory block (LMB) in an unusable state until partition reboot.

HIPER /Pervasive A problem was fixed in PowerVM where the effect of the problem is non-deterministic but may include an undetected corruption of data, although IBM test has not been able to make this condition occur. This problem is only possible if VIOS (Virtual I/O Server) version 2.2.3.x or later is installed and the following statement is true-- A Shared Ethernet Adapter (SEA) with fail over enabled is configured on the VIOS.

On systems using the Virtual I/O Server (VIOS) to share physical I/O resources among client logical partitions, a problem was fixed for memory relocation errors during page migrations for the virtual control blocks. These errors caused a CEC termination with SRC B700F103. The memory relocation could be part of the processing for the Dynamic Platform Optimizer (DPO), Active Memory Sharing (AMS) between partitions, mirrored memory defragmentation, or a concurrent FRU repair.

For systems running applications that are sensitive to time outs on a constrained network (network bandwidth is 1 Gb or less), a problem was fixed for Live Partition Mobility (LPM) where an LPM operation could cause a time out to occur when the partition resumes on the target side.

On systems using Virtual Shared Processor Pools (VSPP), a problem was fixed for an inaccurate pool idle count over a small sampling period.

On systems with partitions using shared processors, a problem was fixed that could result in latency or timeout issues with IO devices.

For a system with Virtual Trusted Platform Module (VTPM) partitions, a problem was fixed for a management console error that occurred while restoring a backup profile that caused the system to to go the management console "Incomplete state". The failed system had a suspended VTPM partition and a B7000602 SRC logged.

On systems in IPv6 networks, a problem was fixed for a network boot/install failing with SRC B2004158 and IP address resolution failing using neighbor solicitation to the partition firmware client.

On systems that have a boot disk located on a SAN, a problem was fixed where the SAN boot disk would not be found on the default boot list and then the boot disk would have to be selected from SMS menus. This problem would normally be seen for new partitions that had tape drives configured before the SAN boot disk.

On systems with a partition that has a 256MB Real Memory Offset (RMO) region size that has been migrated from a Power8 system to Power7 or Power6 using Live Partition Mobility (LPM), a problem was fixed that caused a failure on the next boot of the partition with a BA210000 log with a CA000091 checkpoint just prior to the BA210000. The fix dynamically adjusts the memory footprint of the partition to fit on the earlier Power systems.

06/18/2014

System firmware changes that affect all systems

HIPER /Pervasive A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.

HIPER /Pervasive A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments. This could be used to execute arbitrary code on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.

HIPER /Pervasive Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service. These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.

HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.

HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.

06/13/2014

New features and functions

Support was added to the Virtual I/O Server (VIOS) for shared storage pool mirroring (RAID-1) using the virtual SCSI (VSCSI) storage adapter to provide redundancy for data storage.

Support was added to the Virtual I/O Server (VIOS) for Universal Serial Bus (USB) removable hard-disk drive (HDD) devices.

Support was added to the Hardware Management Console (HMC) command line to allow configuring a shared control channel for multiple pairs of Shared Ethernet Adapters (SEAs). This simplifies the control channel configuration to reduce network errors when the SEAs are in fail-over mode. This feature is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this feature.

Support was added in Advanced System Management Interface (ASMI) to facilitate capture and reporting of debug data for system performance problems. The "System Service Aids/Performance Dump" menu was added to ASMI to perform this function.

Support was added to the Management Console for group-based LDAP authentication.

Partition Firmware was enhanced to to be able to recognize and boot from disks formatted with the GUID Partition Table (GPT) format that are capable of being greater than 2TB in size. GPT is a standard for the layout of the partition table on a physical hard disk, using globally unique identifiers (GUID), that does not have the 2TB limit that is imposed by the DOS partition format..

The call home data for every serviceable event of the system was enhanced to include information on every guarded element (processor, memory,I/O chip, etc) and contains the part number and location codes of the FRUs and the service processor de-configuration policy settings.

Support for Dynamic Platform Optimizer (DPO) enhancements to show the logical partition current and potential affinity scores. The Management Console has also been enhanced to show the partition scoring. The operating system (OS) levels that support DPO-- AIX 6.1 TL8 or later, AIX 7.1 TL2 or later, VIOS 2.2.2.0, IBM i 7.1 PTF MF56058, Linux RHEL7, Linux SLES12. Note-- If DPO is used with an older version of the OS that predates the above levels, either--- - The partition needs to be rebooted after DPO completes to optimize placement, or - The partition is excluded from participating in the DPO operation (through a command line option on the "optmem" command that is used to initiate a DPO operation).

Support was added to the Management Console and the Virtual I/O Server (VIOS) to provide the capability to to enable and disable individual virtual ethernet adapters from the management console.

Support for Management Console logical partition Universally Unique IDs (UUIDs) so that the management console preserves the UUID for logical partitions on backup/restore and migration.

Support for Management Console command line to configure the ECC call home path for SSL proxy support.

Support for Management Console to minimize recovery state problems by using the hypervisor and VIOS configuration data to recreate partition data when needed.

Support for Management Console to provide scheduled operations to check if the partition affinity falls below a threshold and alert the user that Dynamic Platform Optimizer (DPO) is needed.

Support for enhanced platform serviceability to extend call home to include hardware in need of repair and to issue periodic service events to remind of failed hardware.

Performance enhancement of main storage dumps for IBM i partitions running on virtual disks.

Performance enhancements for Flex System Manager (FSM) when managing sixteen Flex system chassis with up to 224 compute nodes.

Support for Virtual I/O Server (VIOS) to support 4K block size DASD as a virtual device.

Support for performance improvements on the Hardware Management Console (HMC) for concurrent Live Partition Mobility (LPM) migrations. This enhancement is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this enhancement.

Support for the Hardware Management Console (HMC) to handle all Virtual I/O Server (VIOS) configuration tasks and provide assistance in configuring partitions to use redundant VIOS. This feature is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this feature.

Support for the Hardware Management Console (HMC) to maintain a profile that is synchronized with the current configuration of the system, including Dynamic Logical Partitioning (DLPAR) changes. This feature is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this feature.

Support for a Hardware Management Console (HMC) Performance and Capacity Monitor (PCM) feature to monitor and manage both physical and virtual resources. This feature is not available on the Flex System Manager (FSM). The compute node must be managed by HMC Version 7 Release 7.9.0 or later to be enabled for this feature.

Support for virtual server network (VSN) Phase 2 that delivers IEEE standard 802.1Qbg based on Virtual Ethernet Port Aggregator (VEPA) switching. This supports the Management Console assignment of the VEPA switching mode to virtual Ethernet switches used by the virtual Ethernet adapters of the logical partitions. The server properties in the Management Console will show the capability "Virtual Server Network Phase 2 Capable" as "True" for the system.

Support for Virtual I/O Server (VIOS) for an IBMi client data connection to a SIS64 device driver backed by VSCSI physical volumes.

Support was added in Advanced System Management Interface (ASMI) "System Configuration/Firmware Update Policy" menu to detect and display the appropriate Firmware Update Policy (depending on whether system is HMC managed) instead of requiring the user to select the Firmware Update Policy. The menu also displays the "Minimum Code Level Supported" value.

Capacity On Demand (COD) was enhanced to allow concurrent use of Utility COD and On/Off COD. Previously, these types of COD could not be used together.

System firmware changes that affect all systems

A security problem was fixed to prevent a denial of service attach in the service processor Domain Name System (DNS) protocols server. The Common Vulnerabilities and Exposures issue number is CVE-2013-4854.

A problem was fixed on the service processor Lightweight Directory Access Protocol (LDAP) client so that it accepts "domain\userid" formatted names for authentications.

A problem was fixed for the service processor Common Information Model (CIM) Provider that caused intermittent SRC B181EF88 for core dumps from the Small Footprint CIM Broker (SFCB) for memory allocation errors.

A problem was fixed to restart the Lighttpd web server on Chassis Management Module (CMM) certificate changes so that Advanced System Management Interface (ASMI) access is not lost.

A problem was fixed that logged an incorrect call home B7006956 NVRAM error during a power off of the system. This error log indicates that the NVRAM of the system is in error and will be cleared on the next IPL of the system. However, there is no NVRAM error and the error log was created because a reset/reload of the service processor occurred during the power off.

Help text for the Advanced System Management Interface (ASMI) "System Configuration/Hardware Deconfiguration/Clear All Deconfiguration Errors" menu option was enhanced to clarify that when selecting "Hardware Resources" value of "All hardware resources", the service processor deconfiguration data is not cleared. The "Service processor" must be explicitly selected for that to be cleared.

A problem was fixed that prevented guard error logs from being reported for FRUs that were guarded during the system power on. This could happen if the same FRU had been previously reported as guarded on a different power on of the system. The requirement is now met that guarded FRUs are logged on every power on of the system.

A problem was fixed for the Advanced System Management Interface (ASMI) "Login Profile/Change Password" menu where ASMI would fail with "Console Internal Error, status code 500" displayed on the web browser when an incorrect current password was entered.

A problem was fixed for the Advanced System Management Interface (ASMI) "System Information/Firmware Maintenance History" menu option on the service processor to display the firmware maintenance history instead of the message "No code update history log was found"

A problem was fixed where the IPMI Serial Over Lan (SOL) connection was disconnecting and reconnecting during a compute node OS power cycle. By incrementing the SOL session sequence numbers while the OS is down, the SOL is kept alive until power is restored to the OS.

A problem was fixed for a Live Partition Mobility (LPM) suspend and transfer of a partition that caused the time of day to skip ahead to an incorrect value on the target system. The problem only occurred when a suspended partition was migrated to a target compute node that had a hypervisor time that was later than the source compute node.

A problem was fixed for Live Partition Mobility (LPM) where a 2x performance decrease occurs during the resume phase of the migration when migrating from a system with 780 firmware back to a system with a pre-780 level of firmware.

A security problem was fixed for the Network Time Protocol (NTP) service that allows a NTP server to overwhelm the compute node with UDP traffic in a Distributed Denial of Service (DDoS) attack. The Common Vulnerabilities and Exposures issue number is CVE-2013-5211 for this problem.

A problem was corrected that resulted in B7005300 error logs.

A security problem was fixed in the service processor TCP/IP stack to discard illegal TCP/IP packets that have the SYN and FIN flags set at the same time. An explicit packet discard was needed to prevent further processing of the packet that could result in an bypass of the iptables firewall rules.

System firmware changes that affect certain systems

On systems running AIX or linux, a hang in a Live Partition Mobility (LPM) migration for remote restart-capable partitions was fixed by adding a time-out for the required paging space to become available. If after five minutes the required paging space is not available, the start migration command returns a error code of 0x40000042 (PagingSpaceNotReady) to the management console.

On systems with a management console and service processors configured with Internet Protocol version 6 (IPv6) addresses, a problem was fixed that prevented the management console from discovering the service processor. The Service Location Protocol (SLP) on the service processor was not being enabled for IPv6, so it was unable to respond to IPv6 queries.

On a system with a disk device with multiple boot partitions, a problem was fixed that caused System Management Services (SMS) to list only one boot partition. Even though only one boot partition was listed in SMS, the AIX bootlist command could still be used to boot from any boot partition.

On a system with a VIOS boot device, a problem was fixed for an intermittent boot failure for a IBM i partition with SRC B2003110. When this error occurs, there is a one minute delay and retry of the IPL which resolves the problem without user intervention.

On a system with sixteen or more logical partitions with selective memory mirroring, a problem was fixed for a memory relocation error during mirrored memory defragmentation that caused a hang or a failure.

A problem was fixed for Live Partition Mobility (LPM) migrations from Power7+ compute nodes that use the nest accelerator (NX) for compression and encryption usage that caused the migrated partition to revert to software compression instead of using the NX hardware. Some operating system negotiated functions may not operate correctly and could impact performance. This problem does not affect the 7895-22X, 7895-42X, or 1457-7FL compute nodes that use the Power7 processor.

07/02/2014

System firmware changes that affect all systems

- HIPER /Pervasive A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.

- HIPER /Pervasive A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments. This could be used to execute arbitrary code on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.

- HIPER /Pervasive Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service. These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.

- HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.

- HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.

06/05/2014

New features and functions

- Support was added for higher speed processors of 4.1 GHz in the IBM Flex System p460 compute node (7895-43X).

System firmware changes that affect all systems

- HIPER/Pervasive A firmware code update problem was fixed that caused the Flex System Manager (FSM) to go to "Incomplete State" for the system with SRC E302F880 when assignment of a partition universal unique identifier (UUID) failed for a partition that was already running. This problem happens for disruptive code updates from AF773 firmware levels (GA4) to AF783 (GA5) or later levels.

04/23/2014

Republished for metadata changes ONLY on 05/09/2014. There are NO CHANGES to the package binaries.

System firmware changes that affect all systems

- A security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2323.

- A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2324.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0076. The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability. The stolen private keys could be used to decrypt the SSL sessions and and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

12/06/2013

New features and functions in system firmware AF773_051

- Support was added to upgrade the service processor to openssl version 1.0.1 and for compliance to National Institute of Standards and Technologies (NIST) Special Publications 800-131a. SP800-131a compliance required the use of stronger cryptographic keys and more robust cryptographic algorithms.

- Support was added to the Advanced System Management Interface (ASMI) to provide a menu for "Memory Low Power State Control" to enable or disable the custom memory buffer low power mode. If set to disabled, it disables low power mode (a power-saving feature) to speed memory and improve performance for some workloads.

- IBM Flex System Chassis Management Module (CMM) provisioning support was enhanced to provide Transport Layer Security (TLS) version 1.2 mode to the service processor on the compute node.

System firmware changes that affect all systems

- A problem was fixed that caused the IBM Flex System Chassis Management Module (CMM) to display the wrong firmware level after a service processor side switch from permanent to temporary (or temporary to permanent). The CMM showed the firmware level of the previous side instead of the new side using the "info -T blade[x]" command.

- A problem was fixed that caused the IBM Flex System Chassis Management Module (CMM) to issue an event log with message "Node xx VPD was changed" every time the service processor was reset even though there was no VPD change for the compute node.

- A problem was fixed that occurred when the IBM Flex System Chassis Management Module (CMM) throttled the power on the compute node and caused the service processor to reset with a SRC B181D50E logged. The power throttle process on the service processor was leaking memory and eventually caused the reset on an out of memory condition.

- A problem was fixed that occurred when the IBM Flex System Chassis Management Module (CMM) failed over from the primary CMM to standby CMM or when the FSP IP is changed. This caused the service processor to reset and SRC B181D50E to be logged. The Small-Footprint CIM Broker Daemon (SFCBD) process on the service processor was leaking memory and eventually caused the reset on an out of memory condition.

- A problem was fixed that caused an SRC B1818611 error log entry and a CIMPSRV core dump. A proper lockout mechanism was not being used when two process threads both accessed the network configuration (NCFG) object at the same time.

- For the sequence of a reboot of a system partition followed immediately by a power off of the partition, a problem was fixed where the hypervisor virtual service processor (VSP) incorrectly retained locks for the powered off partition, causing the power compute node to go into recovery state during the next power on attempt.

- A problem was fixed that caused a SRC B7006A72 calling out the adapter and the I/O Planar.

- A problem during a dynamic logical partitioning (DLPAR) memory operation was fixed that caused BA250020 SRCs to be logged unnecessarily for the AIX partition. There were no memory errors for the partition.

- A problem was fixed that prevented a HMC-managed system from being converted to manufacturing default configuration (MDC) mode when the management console command "lpcfgop -m -o clear" failed to create the default partition. The management console went to the incomplete state for this error.

- A problem was fixed that caused the slot index to be missing for virtual slot number 0 for the dynamic reconfiguration connector (DRC) name for virtual devices. This error was visible from the management console when using commands such as "lshwres -r virtualio --rsubtype slot -m machine" to show the hardware resources for virtual devices.

- A problem was fixed that prevented the IBM Flex System Chassis Management Module (CMM) compute node error state from being cleared when the System Information Indicator was turned off by using the Advanced System Management Interface (ASMI) on the service processor for the compute node, the CMM, or the IBM Flex System Manager (FSM).

- A problem was fixed during resource dump processing that caused a read of an invalid system memory address and a SRC B181C141. The invalid memory reference resulted from the service processor incorrectly referencing memory that had been relocated by the hypervisor.

- A problem was fixed that prevented the Flex System Manager (FSM) management console from turning on a compute node fault indicator LED when a fault occurred. The fault LED was reported correctly by the Advanced System Management Interface (ASMI) and the IBM Flex System Chassis Management Module (CMM).

- DEFERRED A problem was fixed that caused a system checkstop with SRC B113E504 for a recoverable hardware fault. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.

System firmware changes that affect certain systems

- On systems involved in a series of consecutive logical partition migration (LPM) operations, a memory leak problem was fixed in the run time abstraction service (RTAS) that caused a partition run time AIX crash with SRC 0c20. Other possible symptoms include error logs with SRC BA330002 (RTAS memory allocation failure).

- On Power7+ compute nodes, a problem was fixed that caused the L3 cache size to display as 4MB instead of 10MB on the IBM Flex System Chassis Management Module (CMM).

07/18/2014

System firmware changes that affect all systems

HIPER /Pervasive A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.

HIPER /Pervasive A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments. This could be used to execute arbitrary code on the service processor. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.

HIPER /Pervasive Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service. These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands. The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.

HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.

HIPER /Pervasive A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause the service processor to reset. The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.

05/09/2014

(AF773_035/FW773.01 was shipped after FW773.11 for those customers that needed the following critical fixes, but were unable to move up to FW773.11. This content is listed here for consistency.)

System firmware changes that affect all systems

- A security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2323.

- A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the compute node. The Common Vulnerabilities and Exposures issue number is CVE-2014-2324.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0076. The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

- HIPER /Pervasive A security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability. The stolen private keys could be used to decrypt the SSL sessions and and compromise the Flex System Manager (FSM) access password to the service processor. Therefore, the FSM access password for the compute node should be changed after applying this fix.

09/10/2013

10/15/2013 - re-released for readme updates ONLY - no change to binaries

New features and functions in system firmware AF773_033

- Support for the P7+ Flex System p270 compute node (DCM 2-socket compute node) with MTM 7954-24X.

- Support for the P7+ Flex System p260 compute node (SCM 2-socket compute node) with MTM 7895-23A for IBMi only.

- Support for the P7+ Flex System p460 compute node (SCM 4-socket compute node) with MTM 7895-43X.

- Support for the IBM Flex System CN4058 8-port 10Gb converged network adapter (CNA) mezzanine expansion card with feature code (F/C) EC24 for Power System compute nodes that support 10 Gb ethernet and Fibre Channel over Ethernet (FCoE).

- Support for the IBM Flex System FC5054 4-port 16Gb fibre channel adapter with feature code (F/C) EC2E. This adapter features a dual-ASIC (FC5054) controller using the Emulex XE201 design, which allows for logical partitioning on Flex Power Systems compute nodes.

- Support for the IBM Flex System Dual VIOS adapter for the p270 compute node (7954-24X) with feature code (F/C) EC2F. This adapter provides a second integrated SAS controller enabling dual VIOS support with two internal disks.

- Support for the IBM Flex System FC5052 2-port 16Gb fibre channel adapter with feature code (F/C) EC23. This adapter features a 2-port 16 Gb Fibre Channel adapter with a single-ASIC controller using the Emulex XE201 design.

- Support for the IBM Flex System compute nodes by the Hardware Management Console (HMC). Note that the HMC does not provide any Flex System chassis management capabilities.

- Support for the IBM Flex System compute nodes by the Integrated Virtualization Manager (IVM). This provides an option for very basic system partition management for customers who do not want to purchase a Flexible System Management (FSM) or Hardware Management Console (HMC) appliance for system management.

- Support for network enhancements between the IBM Flex System and the service processor.
1. Support for network configuration options for default values and DHCP configurations were added.
2. Support added for LDAP active directory forest.
3. Support added for password change/expiration support through LDAP that enable users to change password on LDAP servers.
4. Support added for LDAP DNS so that LDAP servers can be located from the DNS server instead of passing IP addresses to find the LDAP servers.
5. Support added for local authorization for LDAP on the service processor in addition to the already supported remote authorization.
6. Support added for service processor Advanced System Management Interface (ASMI) to open directly from the Flex System CMM.

- Support for Flex System LDAP configuration authentication-only mode (AOM) on the service processor.

- Support for Flexible System Manager (FSM) increase in capacity to handle eight Flex system chassis for up to 112 compute nodes.

- Support for Flexible System Manager (FSM) increase in capacity to handle up to 4096 managed system partitions running on the Flex System compute nodes.

System firmware changes that affect all systems

- Support was dropped for Secured Socket Layer (SSL) Version 2 and SSL weak and medium cipher suites in the service processor web server (Ligthttpd). Unsupported web browser connections to the Advanced System Management Interface (ASMI) secured port 443 (using https://) will now be rejected if those browsers do not support SSL version 3. Supported web browsers for Power7 ASMI are Netscape (version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11), and Opera (version 9.24).

- A problem was fixed that prevented the Advanced Management Module (AMM) and Chassis Management Module (CMM) from displaying the blade's gateway IP address when DHCP is enabled.

- A problem was fixed that caused the hypervisor to fail to read the backplane VPD. When this problem occurs, the compute node will not boot.

- A problem was fixed that caused SRC B1813221, which indicates a failure of the battery on the compute node, to be erroneously logged after a service processor reset or power cycle.

- A problem was fixed that caused a service processor dump to be generated with SRC B18187DA "NETC_RECV_ER" logged.

- A problem was fixed that caused a L2 cache error to not guard out the faulty processor, allowing the system to checkstop again on an error to the same faulty processor.

- A problem was fixed that caused a HMC code update failure for the FSP on the accept operation with SRC B1811402 or FSP is unable to boot on the updated side.

- A problem was fixed that caused the system information LED to be lit without a corresponding SRC and error log for the event. This problem typically occurs when an operating system on a partition terminates abnormally.

- A problem was fixed that may cause inaccurate processor utilization reporting.

- A problem was fixed that caused a migrated partition to reboot during transfer to a VIOS 2.2.2.0, and later, target system. A manual reboot would be required if transferred to a target system running an earlier VIOS release. Migration recovery may also be necessary.

- A problem was fixed that caused an error log generated by the partition firmware to show conflicting firmware levels. This problem occurs after a firmware update or a logical partition migration (LPM) operation on the system.

System firmware changes that affect certain systems

- A problem was fixed that was caused by an attempt to modify a virtual adapter from the management console command line when the command specifies it is an Ethernet adapter, but the virtual ID specified is for an adapter type other than Ethernet. The managed system has to be rebooted to restore communications with the management console when this problem occurs; SRC B7000602 is also logged.

- On a P7 system, a problem was fixed that caused a system checkstop during hypervisor time keeping services. This deferred fix addresses a problem that has a very low probability of occurrence. As such customers may wait for the next planned service window to activate the deferred fix via a system reboot.

- A problem was fixed in the run-time abstraction services (RTAS) extended error handling (EEH) for fundamental reset that caused partitions to crash during adapter updates. The fundamental reset of adapters now returns a valid return code. The adapter drivers using fundamental reset affected by this fix are the following-- QLogic PCIe Fibre Channel adapters (combo card), IBM PCIe Obsidian, Emulex BE3-based ethernet adapters, Broadcom-based PCIe2 4-port 1Gb ethernet, Broadcom-based FlexSystem EN2024 4-port 1Gb ethernet for compute nodes

- On a compute node, a problem was fixed that caused a Flexible Service Processor (FSP) dump with SRC B1818A0F when the Dynamic Host Control Protocol (DHCP) server failed to respond with a valid IPV4 address. For this scenario, the FSP network configuration will now issue an informational error log for DHCP and continue with the previously known IP address if possible.

- On a compute node, a problem was fixed that caused SRCs B1818601, B1818611, and B181F12C to be logged with the chassis fans speeding up to the maximum fan speed. A race condition was found in the Common Information Model (CIM) process when it was changing IP addresses on the compute node that caused CIM pointer corruption and the associated errors.

- On a compute node, a problem was fixed that caused a virtual session (Vtty) to fail to a partition with the message 'Unable to open virtual serial connection - lock failed".

- On a compute node, a problem was fixed that caused the compute node to log SRC B1768BBF when resetting the network adapters to factory configuration using the Advanced System Manager Interface (ASMI).

- On a compute node, a problem was fixed to stop frequent Secure Socket Layer (SSL) certificate provisioning from the Flex System Chassis Management Module (CMM) in the case of a DHCP server not responding. If the DHCP server is unresponsive, the previously received DHCP IP address is used by the compute node without further certificate provisioning.

- On a compute node, a problem was fixed where the Flexible Service Manager (FSM) could not establish communications to the Flexible Service Processor (FSP) due to a FSP process deadlock condition. The deadlock error also caused dumps on the FSP anytime the FSM tried to connect to the FSP.

- On a compute node, a problem was fixed for Flex System Chassis Management Module (CMM) failovers causing the Flexible Service Processor (FSP) to log SRC B181D50E for an out of memory condition for threads.

- On a compute node, a problem was fixed where "VPD has changed" messages were not sent to the Flex System Chassis Management Module (CMM) for mezzanine I/O card updates, resulting in old firmware levels being displayed on the CMM for the cards.

- On Power7+ systems, a problem was fixed that caused a system checkstop during hypervisor time keeping services.

- On a compute node, a problem was fixed that caused the Common Information Model (CIM) server to core dump and have a long restart time when loading new Secure Socket Layer (SSL) certificates provided by the Flex System Chassis Management Module (CMM). This fix allows faster changes in the network configuration of the compute node and facilitates faster node discovery by the Flexible System Manager (FSM).

- A problem was fixed that can cause Anchor (VPD) card corruption and A70047xx SRCs to be logged. Note-- If a serviceable event with SRC A7004715 is present or was logged previously, damage to the VPD card may have occurred. After the fix is applied, replacement of the Anchor VPD card is recommended in order to restored full redundancy.

05/01/2013

System firmware changes that affect all systems
- A problem was fixed that caused a warning message indicating "VPD is not available" to be erroneously logged in the Chassis Management Module (CMM) after the concurrent firmware update of a compute node from the Flex System Manager (FSM).
- A problem was fixed that caused the compute node to experience a Flexible Service Processor (FSP) dump with SRC B181EF88 and the CIM status on the security screen on the FSM to be displayed as "No access" when the state was actually "Partial access".

System firmware changes that affect certain systems
- On compute nodes managed by a Flex System Manager (FSM), a problem was fixed that caused a mismatch between the state of the compute node power LED and the status of the power LED displayed on the FSM.
- On systems running AIX or Linux, a problem was fixed that caused a partition to fail to boot with SRC CA260203. This problem also can cause concurrent firmware updates to fail.
- On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused errors to occur when the memory assigned to the partition was changed.
- On a system running a Live Partition Mobility (LPM) operation, a problem was fixed that caused the partition to successfully appear on the target system, but hang with a 2005 SRC.
- On a partition with the virtual Trusted Platform Module (vTPM) enabled, a problem was fixed that caused the partition to stop functioning after certain operations. When this problem occurs, the client partition may not power off.
- On systems running more than one instance of VIOS, a problem was fixed that prevented the partition that obtained the IBM Fabric Manager (IFM) lock from performing IFM operations when two VIOS partitions were powered on at the same time.
- On systems managed by a management console, a problem was fixed that caused a partition to become unresponsive when the AIX command "update_flash -s" is run.
- On systems with the 10GbE converged network adapter mezzanine card (F/C EC24) installed, a problem was fixed that caused SRC B146D547 to be erroneously logged.
- On systems running Active Memory Sharing (AMS) partitions, a problem was fixed that may arise due to the incorrect handling of a return code in a error path during the logical partition (LPM) of an AMS partition.
- On systems running Active Memory Sharing (AMS) partitions, a timing problem was fixed that may occur if the system is running Dynamic Platform Optimization (DPO).

12/05/2012

12/04/2012