Hardware Management Console Readme For use with Version 8 Release 8.4.0 Updated: 15 March 2016 Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01615 <#MH01615> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01615 This package includes fixes for HMC Version 8 Release 8.4.0. You can reference this package by APAR MB03746 and PTF MH01615. This image must be installed on top of HMC Version 8 Release 8.4.0 (PTF MH01559) *with Mandatory PTF MH01560 installed*. *Special Install Instructions*: This fix _must_ be installed using the HMC updhmc command; not the GUI. See the updhmc “man” page (e.g. man updhmc) for further information and examples on using the command. NOTE: This PTF supersedes MH01588, MH01601 and MH01609. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01615.iso 1548855296 e524ed28b2bdcdfddba9ff1b9ae5c0509ec2ced0 MB04001 MH01615 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.4.0 Service Pack: 0 HMC Build level 20160305.1 MH01560: Required fix for HMC V8R8.4.0 (11-12-2015) MH01615: various updates (03-07-2016) ","base_version=V8R8.4.0 " List of fixes *General fixes* * Fixed an issue where /var/log/slpd.log is not under log rotation control which can lead to serviceable event E212E134 and the /var filesystem becoming full. *Security Fixes * * Fixed a Java security issue: CVE-2016-0448 * Fixed a security vulnerability in glibc: CVE-2015-7547 * Fixed a security issue with HMC restricted shell. * Previously released fixes also included in this PTF: * * MH01609* 02/17/16 * Fixed an issue where, after an upgrade, HMCs configured to use an outbound internet proxy connection fail to send service data to IBM. The failure impacts all service data including problem data associated with a serviceable event, service Information (Heartbeat, VPD, Software Service and Performance Management) and manual transmission of service information. Callhome of serviceable events is not impacted. * *NOTE*: The CR9 call home fix for the problem where Machine Type 5463 from BIOS is incorrectly used for call home is not complete and is being omitted from the readme for MH01615 and will be resolved in a future PTF. * Fixed multiple OpenSSH vulnerabilities involving the ssh client "Roaming" feature): CVE-2016-0777 and CVE-2016-0778 * MH01601* 01/25/16 * Fixed an issue where the HMC web server may intermittently deadlock. Symptoms include one or more of the following: unable to connect using a browser; browser error "Service Temporarily Unavailable"'; multiple serviceable events for E35A0016 and/or E35A0017; unable to restart due to / file system full from repeated diagnostic dumps. * Fixed an issue where a user is unable to view VPD transmitted System Firmware or HMC level information from the eService desktop or IBM Support Portal * Fixed a rare timing issue where dual FSP servers may get stuck in a state of failover when a FSP failover occurs. Attempts to manage the server or partitions will fail with /HSCL9010 This operation is only allowed when the managed system is in the Standby or Operating state./ * Fixed an issue with the IBM ID association to HMC, managed POWER Systems and associated partitions to resolve the issue of not seeing the inventory reports in IBM Support Portal. * Fixed an issue with the exchange FRU procedure for SRIOV cards that provide vNIC as well as non-vNic devices. * Fixed multiple OpenSSL Vulnerabilities: CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794 * Fixed multiple Java Vulnerabilities: CVE-2015-4843, CVE-2015-4868, CVE-2015-4806, CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4842, and CVE-2015-4803 * MH01588* 12/22/15 * Multiple fixes for Repair & Verify of Exchange FRU for an SR-IOV card. * Fixed an issue when performing an Exchange FRU on enclosure 78CD with Feature Code EMX0 FRU to prevent message 0931-029 regarding devices that are configured requiring manual intervention. * Fixed Pluggable Authentication Module (PAM) vulnerability: CVE-2015-3238 * Fixed multiple vulnerabilites in Websphere Liberty Profile (WLP): CVE-2015-2017, CVE-2015-1927, and CVE-2015-4938 Installation *Special Install Instructions*: This fix _must_ be installed using the HMC updhmc command; not the GUI. See the updhmc “man” page (e.g. man updhmc) for further information and examples on using the command. Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service.