IBM Support

IBM PureApplication Version 2.2.5.3

Download


Release Date

25 January 2019

Abstract

This document lists the fixes contained in IBM PureApplication Version 2.2.5.3.

Download Description

To download the interim fix, go to the IBM PureApplication System product page on IBM Fix Central .

Version 2.2.5.3 includes fixes for these security vulnerabilities:
 

CVEID: CVE-2017-16997
DESCRIPTION: GNU C Library could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the elf/dl-load.c. By using a Trojan horse library, an attacker could exploit this vulnerability to gain elevated privileges on the system.
 

CVEID: CVE-2018-1723
DESCRIPTION: IBM Spectrum Scale could allow a GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node.
 

CVEID: CVE-2018-1783
DESCRIPTION: IBM GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS.
 

CVEID: CVE-2018-2952

DESCRIPTION: An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
 

CVEID: CVE-2018-3136
DESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
 

CVEID: CVE-2018-3139
DESCRIPTION: An unspecified vulnerability in related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
 

CVEID: CVE-2018-3180
DESCRIPTION: An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
 

CVEID: CVE-2018-3214
DESCRIPTION: An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
 

CVEID: CVE-2018-3615
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature and Intel software guard extensions (Intel SGX). By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to leak information residing in the L1 data cache from an enclave and read data belonging to different security contexts.
 

CVEID: CVE-2018-3620
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack.


CVEID: CVE-2018-3639
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or "SpectreNG".
 

CVEID: CVE-2018-3646
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker with guest OS privilege could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts.

CVEID: CVE-2018-6972
DESCRIPTION: VMware ESXi, Workstation, and Fusion are vulnerable to a denial of service, caused by a NULL pointer dereference in RPC handler. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the virtual machine to crash.
 

CVEID: CVE-2018-6974
DESCRIPTION: VMware ESXi, Workstation, and Fusion could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in SVGA device. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
 

CVEID: CVE-2018-6981
DESCRIPTION: VMware ESXi, Workstation, and Fusion could allow a remote attacker to execute arbitrary code on the system, caused by an issue with uninitialized stack memory usage in the vmxnet3 virtual network adapter. If vmxnet3 is enabled, an attacker could exploit this vulnerability to execute arbitrary code and gain elevated privileges on the host system.
 

CVEID: CVE-2018-6982
DESCRIPTION: VMware ESXi, Workstation, and Fusion could allow a remote attacker to obtain sensitive information, caused by an issue with uninitialized stack memory usage in the vmxnet3 virtual network adapter. If vmxnet3 is enabled, an attacker could exploit this vulnerability to obtain sensitive information leaked from the host to the guest domain.


CVEID: CVE-2018-13785
DESCRIPTION: libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
 

CVEID: CVE-2018-1000001
DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib/canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges.
 

The following tables contain the Authorized Program Analysis Reports (APARs) and other fixes that are included in this release. If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.2.5.3.

 
IBM PureApplication System APARs

APAR

Abstract

IT23679

Compute Nodes lost connection to virtualization management system.

IT24120

Unable to create snapshot due to storage error

IT24394

VM not powering on - CWZIP8732E Information about the port group for VLAN ID null could not be obtained

IT24890

IPv6_IP Group Creation Error

IT24922

CWZIP6041E Compute node was put into quiesced because the compute node does not have any cache LUN.

IT25067

External profile for VM console access
IT25393 Timed out waiting for some virtual machines

IT25494

VDCS error when attempting to delete cloud group

IT25498

VMs inside PAS are failing test ping

IT25513

BMLs - replication status showing as unconfigured

IT26005

CWZIP6211W Connection timed out waiting for the resource lock

IT26037

Is IPAS able to use host name based NTP-servers

IT26042

Error ID = 987301: Connection to a configured remote cluster has been lost

IT26203

CWZIP8819W The storage pool on storage node has changed to the degraded state

IT27006

Compute Node in Discovering state

 
IBM PureApplication Software APARs

APAR

Abstract

IT22975

DB2 VIP Linux add NIC fails

IT23949

Refresh of environment profile values fail (Part2)

IT24084

Remove scripts are not executed at the deletion of a multi-system instances

IT24420

Unable to assign users to shared services

IT24691

Linux Cloud VM - Weak Permissions on Service Directory

IT24874

Problem with listing virtual instances for restricted access LDAP users

IT24926

Issue with shared service under IPAS version

IT25060

Script package is executed simultaneously resulting in http 500 error

IT25272

Network update job fails with DB2 exception

IT25283

IBM Endpoint Manager shared service 1.0.5.0 does not work with external BigFix platform 9.5.9.62

IT25547

Health check - Foundation Pattern Type for PureApplication

IT25558

When removing a large pattern instance the UI performance degrades to unusable levels

IT25696

Uploading collection sets with Call home does not work

IT25812

Problem with deploying instances

IT25833

Locked password in read-only pattern can be read by any user with read access

IT25853

GPFS client not starting after reboot of RHEL7 system

IT25975

Emergency fixes: Some IBM OS Images added at applicable to list are not applicable

IT26196

Pattern level parameter Description

IT26268

IBM Endpoint Manager shared service 1.0.5.0 multi-rack issue

IT26598

PureApplication Software Logical workload environment
IT26825 Migration of GPFS environment to other rack

Off
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSM8NY","label":"PureApplication System"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"2.2.5.3;2.2.5.2;2.2.5.1;2.2.5.0","Edition":"All editions","Line of Business":{"code":"","label":""}}]

Problems (APARS) fixed
IT22975; IT23679; IT23949; IT24084; IT24120; IT24394; IT24420; IT24691; IT24874; IT24890; IT24922; IT24926; IT25060; IT25067; IT25272; IT25283; IT25393; IT25494; IT25498; IT25513; IT25547; IT25558; IT25696; IT25812; IT25833; IT25853; IT25975; IT26005; IT26037; IT26042; IT26196; IT26203; IT26268; IT26598; IT26825; IT27006;

Document Information

Modified date:
27 September 2019

UID

ibm10795320

Page Feedback