IBM - HMC V5.2 Readme

Hardware Management Console

HMC V5.2 Readme

Cumulative history and Readme for use with HMC V5.2.x

[ Last updated: August 25, 2006 ]

Contents

The information in this Readme contains hints and errata information about the Hardware Management Console.

Specific PTF information

This section lists the PTFs released for HMC V5 R2.0. The information for each PTF includes sections for enhancements and fixes, known issues (if applicable), and package information. The Package information section provides information to use during the download, installation and verification procedures for HMC corrective service/upgrade packages. For example, you can check the sizes and checksums of downloaded packages, and use the "Splash panel" information to verify that a fix or update was applied successfully. You can also access this PTF-specific information by clicking on the "View" link for any package on the "Downloads" pages of the HMC web site.

PTF MH00880

This package provides a fix for the vterm force close command for HMC V5.2.1. You can also reference this package by APAR MB01873.

This fix alleviates a problem for AIX and Linux partition users who force close vterm sessions with the "Close Terminal Window" option in the GUI or rmvterm command. A timing window in the managed system firmware causes a failure with the server resulting in SRC B170100A being logged. In redundant FSP configurations the managed system could terminate if the problem is encountered multiple times.

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00880.zip
MH00880.iso
56025
442368
59175
48112
MB01873 MH00880
Splash panel information (lshmc -V command output)
MH00880: vterm force close fix (10-26-2006)

Enhancements and fixes

This package provides the following fix:

vterm force close behavior change

PTF MH00891 (Security fixes)

This package provides OpenSSL and Open SSH security fixes for HMC V5. You can also reference this package by APAR MB01905. It replaces MH00857

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00891.zip
MH00891.iso
3570046
3958784
40431
17045
MB01905 MH00891
Splash panel information (lshmc -V command output)
MH00891: OpenSSL/OpenSSH security fixes for HMC V5 (11-07-2006)

Enhancements and fixes

This package provides the following security fixes:

NameDescription
CVE-2006-3738/VU#547300 Fix buffer overflow condition.
CVE-2006-4343/VU#386964 OpenSSL SSLv2 client code fails to properly check for NULL which could lead to a server program using openssl to crash.
CVE-2006-2937 Fix mishandling of an error condition in parsing of certain invalid ASN1 structures, which could result in an infinite loop which consumes system memory.
CVE-2006-2940 Certain types of public keys can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack to cause the remote side top spend an excessive amount of time in computation.
CVE-2006-4924 Denial of service problems have been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server.
CVE-2006-4925 Fix problem where remote attacker is able to inject network traffic that could cause a client connection to close.

PTF MH00857 (Security fix)

This package provides an OpenSSL security fix for HMC V5. You can also reference this package by APAR MB01870.

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00857.zip
MH00857.iso
3530344
3915776
33939
11789
MB01870 MH00857
Splash panel information (lshmc -V command output)
MH00857: OpenSSL security fix for HMC V5 (10-10-2006)

Enhancements and fixes

This package provides the following security fix:

CVE-2006-4339: OpenSSL RSA signature evasion

PTF MH00840

This PTF provides a command monkacpid, that allows processor usage of the keventd kernel daemon. This PTF can be referenced by APAR MB01844.

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00840.zip
MH00840.iso
4155
389120
06580
05331
MB01844 MH00840
Splash panel information displayed after installation
MH00840: monkacpid to monitor acpi events (09-14-2006)

Enhancements and fixes

A number of internal modems, when installed in HMC Machine Type 7310-C04 or 7310-C05, are affecting the performance of the HMC. If you have such an HMC configuration, install this PTF, and then run the monkacpid command from either

This command produces output similar to the following. The output is refreshed every 4 seconds.

 Every 4s: /usr/bin/top -s -b -n 1 -p 3                  Thu Sep 14 14:57:19 2006

  top - 14:57:20 up 53 min,  2 users,  load average: 0.17, 0.10, 0.08
  Tasks:   1 total,   0 running,   1 sleeping,   0 stopped,   0 zombie
  Cpu(s):   5.5% user,   1.0% system,   0.0% nice,  93.5% idle
  Mem:   1022096k total,   919596k used,   102500k free,    32516k buffers
  Swap:  2032212k total,        0k used,  2032212k free,   264288k cached

 PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
   3 root      15   0     0    0    0 S  0.0  0.0   0:00.02 keventd 

If the number in the %CPU column is greater than 10.0, please contact IBM Hardware support to order a replacement modem. Please reference Retain Tip H187630.

PTF MH00837

Fix missing cron entries after an upgrade

This PTF fixes problems with missing cron entries and file permission that occur following an upgrade.

Notes:

This PTF can also be referenced by APAR MB01796.

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00837.zip
MH00837.iso
36151
25487
7798
403456
MB01796 MH00837
Splash panel information (or lshmc -v output)
MH00837: Fix missing cron entries (09-05-2006)

Enhancements and fixes

Fixes these problems following and Upgrade to HMC Version 5:

PTF MH00822

rstupgdata for HMC Version 5

This PTF provides a new command, rstupgdata, that can be used to restore upgrade data, saved on DVD-RAM, after a new Install of HMC Version 5. You can also reference this package by APAR MB01665.

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00822.zip
MH00822.iso
21432
440320
62248
05297
MB01665 MH00822
Splash panel information (or lshmc -v output)
MH00822: rstupgdata command for HMC V5 (08-18-2006)

Enhancements and fixes

A number of HMC machine types, 7310CR2/7315CR2/7310CR3/7315CR3, have experienced upgrade failures when moving from HMC V4.x to HMC V5.x, or from HMC V5.1 to HMC V5.2.x. Because of this issue, IBM strongly recommends the use of the following upgrade method to upgrade from HMC V4.X to HMC V5.X, or from HMC V5.1 to HMC V5.2.0 or V5.2.1. This method can be used on all machine types.

PTF MH00746

Security fixes for HMC 5.2.1

This security fix package must be installed on top of HMC V5 R2.1 and MH00688. You can also reference this package by APAR MB01396.

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00746.zip
MH00746.iso
10330
411648
62764
31333
MB01396 MH00746
Splash panel information (or lshmc -v output)
MH00746: Security updates for HMC V5R2.1 (06-29-2006)

Enhancements and fixes

The following security fixes are addressed in this package:

PTF MH00688

Security fixes for HMC 5.2.1

This security fix package must be installed on top of HMC V5 R2.1. You can also reference this package by APAR MB01297.

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00688.zip
MH00688.iso
37243889
37677056
63970
25428
MB01297 MH00688
Splash panel information (or lshmc -v output)
MH00688: CVE-2006-0225, CVE-2006-0058 Security Updates for HMC V5R2.1 (05-31-2006)

Enhancements and fixes

The following fixes are addressed in this package:

DST

Fix for Daylight Saving Time changes

Security fixes

PTF MH00695

InfoCenter update package

This package can also be referenced by APAR MB01378

Enhancements and fixes

Update package for Infocenter for HMC v5.2.1 (MH00695)

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00695_1.zip
MH00695_2.zip

MH00695_1.iso
MH00695_1.iso
632838581
470358676

634523648
476235776
22994
27417

41510
52173
MB01378 MH00695
Splash panel information (or lshmc -v output)
MH00695: InfoCenter Update for HMC V5R2.1 (05-26-2006)

PTF MH00594

Update package for HMC 5.2.1 (MH00594)

Use this package to update the HMC from HMC V5 R2 only to HMC V5 R2.1.

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00594 (HMC 5.2.1 Update package)
HMC_Update_V5R2.1_1.zip
HMC_Update_V5R2.1_2.zip
583122562
651713837
20579
51677
MB00007 MH00594
HMC_Update_V5R2.1_1.iso
HMC_Update_V5R2.1_2.iso
587395072
652111872
38742
47514
Splash panel information (or lshmc -V output)
version= Version 5
 Release: 2.1
 HMC Build level 20060502.1
 base_version=V5.2.0

Enhancements and fixes

Please see the Enhancements and fixes section for the HMC 5.2.1 Recovery package (PTF MH00653) for the enhancements and fixes included in this update package.

PTF MH00653

Recovery media package for HMC 5.2.1 (MH00653)

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00563 (HMC 5.2.1 Recovery package)
HMC_Recovery_V5R2.1_1.iso
HMC_Recovery_V5R2.1_2.iso
1569423360
1349058560
32228
41391
MB01286 MH00653
Splash panel information (or lshmc -V output)
version= Version: 5
 Release: 2.1
 HMC Build level 20060502.1
 base_version=V5.2.1

Enhancements and fixes

Both the Recovery package and the Update corrective service package for HMC 5.2.1 include the following fixes and enhancements:

Partition Management

Utilization Data management

Dump Fixes

System Plan

User Management

Fix for saving user task roles to be persistent across HMC reboots.

Miscellaneous

Code Update

Scheduled Operations

Enhanced Scheduled Operations processor move to allow the user to input processing units in one hundredths precision.

Repair and Verify

Save Upgrade Data/Backup

Enhance Save Upgrade Data to preserve "Allowed Hosts" on upgrades to V5R2. The missing "Allowed Hosts" are: Secure ASM Access, Open Pegasus, FCS, Eclipse, L2TP, SLP, RSCT Peer Domains, Cluster Ready Hardware.

Network/Connectivity

Problem Analysis/Call Home

Service Focal Point

Service Agent

PTF MH00610

Fixes for Dump Collection issues on redundant FSP

This PTF can only be installed on an HMC at the following code level:

HMC V5R2.0 and PTF MH00586

For model 9119-590, 9119-595, 9406-595, 9116-561 and 9117-570 systems with redundant service processor feature at system firmware levels SF235_160, SF235_180, and SF235_185:

A system firmware problem has been identified that will cause the secondary service processor (FSP) to reset during run time causing an FSP dump to be taken. The HMC currently does not collect the dump from the secondary FSP so after multiple occurrences, the FSP dump space will fill up resulting in the secondary FSP becoming deconfigured (GARDed) when no hardware problem exists.

The system will lose service processor redundancy and continue to run without interruption. Restoring service processor redundancy will require a scheduled maintenance outage.

To prevent the secondary FSP from becoming GARDed, HMC PTF MH00610 has been created to collect dumps from the secondary FSP so that the FSP's dump space will not fill up.

Enhancements and fixes

This package includes fixes for the following issues:

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00610.zip
MH00610.iso
7781834
8652800
01094
27000
MB01279 MH00610
Splash panel information displayed after installation
MH00610: Fix Dump collection issues (03-09-2006)

PTF MH00586

HMC 5.2 required maintenance

The PTF MH00586 corrective service package is a Required Maintenance fix that must be installed on HMC Version 5 Release 2.0

Package information
Package name Size (bytes) Checksum APAR # PTF#
MH00586.zip
MH00586.iso
411536940
413945856
28266
05420
MB01365 MH00586
Splash panel information displayed after installation
Version: 5
Release: 2.0
HMC Build level 20060210.1
MH00586: Required fixes for HMC V5R2.0 (02-14-2006)
","base_version=V5.2.0

Enhancements and fixes

This package provides fixes for the following issues:

PTF MH00564

HMC 5.2 Update corrective service.

The HMC 5.2 Update corrective service package can be installed by means of the Install Corrective Service task.

Package information
Package name Size (bytes) Checksum APAR # PTF#
HMC_Update_V5R2.0_1.zip
HMC_Update_V5R2.0_2.zip
1029537894
991741042
33672
46088
MB01336 MH00564
HMC_Update_V5R2.0_1.iso
HMC_Update_V5R2.0_2.iso
HMC_Update_V5R2.0_2.iso
676667392
675817472
679307264
26537
51075
26171
   
Splash panel information displayed after installation
Version: 5
Release: 2.0
HMC Build level 20060117.1
","base_version=V5.2.0

Enhancements and fixes

For enhancements and fixes included in the HMC 5.2 Update corrective service package, please see Enhancements and changes in HMC 5.2.

PTF MH00521

HMC 5.2 Recovery Media images.

The HMC 5.2 Recovery Media images can be used to upgrade your HMC from HMC 5.1 to 5.2, or to perform a clean installation of HMC 5.2.

Package information
Package name Size (bytes) Checksum APAR # PTF#
HMC_Recovery_V5R2.0_1.iso
HMC_Recovery_V5R2.0_2.iso
1540292608
1075544064
00985
11116
MB00004 MH00521
Splash panel information displayed after installation
Version: 5
Release: 2.0
HMC Build level 20060210.1
","base_version=V5.2.0

Enhancements and fixes

For enhancements and fixes included in the HMC 5.2 Recovery Media package, please see Enhancements and changes in HMC 5.2.

Enhancements and changes in HMC 5.2

HMC 5.2 enhancements for the Hardware Management Console include:

Server and Partition Management

System plans

Repair and verify

HMC Command Line

National Language Support

Known issues in HMC 5.2.0

Upgrading from HMC Version 4 to HMC Version 5

Server and Partition

LIC Code Update

National Language Support

Languages Supported or Not Supported Locales
English Supported en_US, en_GB, en_GB@euro, en_AU, en_BE, en_BE@preeuro, en_CA, en_HK, en_Ne, en_IE, en_IE@preeuro, en_NZ, en_PH, en_PK, en_ZA, en_SG
German Supported de_DE, de_DE@preeuro, de_CH, de_AT, de_AT@preeuro, de_LU, de_LU@euro
French Supported fr_FR, fr_FR@preeuro, fr_CH, fr_CA, fr_BE, fr_BE@euro, fr_LU, fr_LU@euro
Italian Supported it_IT, it_IT@preeuro, it_CH
Spanish Supported es_ES, es_ES@preeuro, es_AR, es_BO, es_CL, es_CO, es_CR, es_DO, es_EC,es_SV, es_GT, es_HN, es_MX, es_NI, es_PA, es_PY,es_PE, es_PR, es_US, es_UY,es_VE
Brazilian Portuguese Supported pt_BR
Japanese Supported ja_JP
Simplified Chinese Supported zh_CN, zh_SG
Traditional Chinese Supported zh_TW, zh_HK
Korean Supported ko_KR
Hungarian Supported hu_HU
Dutch Supported nl_NL, nl_NL@preeuro, nl_BE, nl_BE@preeuro
Russian Supported ru_RU
Czech Supported cs_CZ
Slovakian Supported sk_SK

Miscellaneous Functions

Security fixes in HMC 5.2.0
Reference Abstract
CAN-2005-0109 OpenSSL update
CAN-2005-2969 OpenSSL fix for potential SSL 2.0 Rollback vulnerability
CVE-2004-0175 OpenSSH SCP Client File Corruption Vulnerability
CVE-2002-0839
CVE-2002-0840
CVE-2002-0843
Apache HTTPD Multiple Vulnerabilities
CVE-2001-0572 SSHv1 Protocol Available
CAN-2003-0989 tcpdump remote DOS
CAN-2004-0078 mutt remote buffer overflow
CAN-2004-0110 libxml2 URI Parsing Remote Buffer Overflow
CAN-2004-0109
CAN-2004-0181
Linux kernel ISO9660/JFS local privilege escalation, info leak
CAN-2004-0183 tcpdump ISAKMP remote DOS
CAN-2004-0427
CAN-2004-0424
CAN-2004-0229
CAN-2004-0228
CAN-2004-0394
Linux kernel privilege escalation, local DoS
CAN-2004-0174
CAN-2003-0020
CAN-2003-0993
CAN-2003-0542
apache - multiple vulnerabilities
CAN-2004-0554 Linux kernel "__clear_fpu()" Macro local DoS
CAN-2004-0523 kerberos aname_to_localname remote root compromise
CAN-2004-0492 apache: remote overflow in mod_proxy
CAN-2004-0460
CAN-2004-0461
VU#317350
VU#654390
dhcp-server: remote system compromise
CVE-2002-1363 libpng remote DoS
CAN-2004-0590 Certificate chain authentication in Openswan pluto
CAN-2004-0649 L2tpd: remote execution of arbitrary files w/ privs of l2tpd user
VU#388984
VU#236656
VU#160448
VU#477512
VU#817368
VU#286464
CAN-2004-0597
CAN-2004-0598
CAN-2004-0599
libpng: multiple vulnerabilities
CAN-2004-0415 kernel: local privilege escalation, race condition in file offset pointer handling
VU#550464
CAN-2004-0644
krb5: remote unauthenticated DoS
CAN-2004-0817 imlib: local execution via heap overflow
CAN-2004-0687
CAN-2004-0688
xf86: multiple buffer overflows with malformed xpm images
CAN-2004-0966 gettext: Insecure temporary file handling
CAN-2004-0804
CAN-2004-0886
tiff: Buffer overflows in image decoding
CAN-2004-0884 Cyrus-sasl2: (ver2.1.7)Insecure handling of environment variable
CAN-2004-0971 krb5: krb5-workstation: Possible symlink attack, priv escalation via temproary file mishandling
CAN-2004-0989 libxml: remote code execution, buffer overflow
CAN-2004-0975 Openssl: possible symlink attack via temp file mishandling
CAN-2004-0940 Apache: local buffer overflow in get_tag function in mod_include
SUSE-SA:2004:041 xf86: SuSE security updates for libxpm
CAN-2004-0782 mlib: SuSE xpm security updates in imlib
CAN-2004-1010 zip: buffer overflow in info-zip when using recursive folder compression
CAN-2004-1308 tiff: multiple buffer overflows
CAN-2004-0986 iptables: variable init failure can cause failure to load firewall rules
CAN-2004-0883
CAN-2004-0949
CAN-2004-1070
CAN-2004-1071
CAN-2004-1072
CAN-2004-1073
CAN-2004-1074
kernel: SuSE update for multiple local and remote DoS vulnerabilities
CAN-2005-0155

CAN-2004-0452
CAN-2005-0077
Perl: SuSE security update to address two priv escalation and a buffer overflow condition
CAN-2005-0449
CAN-2005-0209
CAN-2005-0529
CAN-2005-0530
CAN-2005-0532
CAN-2005-0384
CAN-2005-0210
CAN-2005-0504
CAN-2004-0814
CAN-2004-1333
CAN-2005-0003
SuSE updates for multiple issues on 2.4-2.6.11 kernels
CAN-2005-1993 sudo: vulnerabilities allow execution of arbitrary commands
CAN-2005-1267
CAN-2005-1278
CAN-2005-1279
CAN-2005-1280
tcpdump: fix for several DOS vulnerabilities
CAN-2005-1151
CAN-2005-1152
CAN-2005-1349
CAN-2005-0103
CAN-2005-0104
CAN-2005-1455
CAN-2005-1454
CAN-2004-1456-CAN-2004-1470
tiff: buffer overflow allows execution of arbitrary code

Hints and Tips for the HMC Desktop

eServer i5 and p5 Education available on Resource Link

The following customer courses will be available from Resource Link for the Product Announce on May 4, 2004.

Access to these courses requires an IBM Registration ID and Resource Link Access.

To obtain an IBM Registration ID

  1. Go to http://www.ibm.com/servers/resourcelink
  2. Select "Register" under New users
  3. On the My IBM Registration, fill in an e-mail address for IBM ID and password, and the Security question and answer and the Country of residence and then click Continue and fill in the rest of the User information and click Submit.

Resource Link Access for New Users

  1. Go to http://www.ibm.com/servers/resourcelink
  2. Select "Sign in" enter the IBM ID and password you used to register above
  3. Select "Customer"
  4. Click "Submit" Once submitted it will take an hour before the access takes effect

To view a course

  1. Sign in to Resource Link
  2. Select Education in the navigation bar on the left
  3. From the Education page, select "eServer i5 and p5 courses"
  4. Select "How to Use the eServer i5 and p5 Hardware Management Console"
  5. Select "Performing Licensed Internal Code Maintenance"
  6. Double-click the link to open the course.

Notes:

  1. The courses are browser based. For optimal viewing, we recommend Microsoft Internet Explorer 6.0 or higher with your display set at 1024 x 768. To set your display, go to My Computer -> Display -> Settings
  2. Course pages can be book marked for easy retrieval.
  3. Course simulations open in a separate window. Use the X in the upper right corner of the window to close the simulation.
  4. If there are QuickTime videos in the course, you need to have the QuickTime viewer installed. A link to the free viewer is on each Resource Link course page and on the related page within each course.

HMC documentation

Documentation, installation guides, cumulative PTF history, best practices, and related support information:

Translate this page