SmartCloud Provisioning 220.127.116.11 interim Fix 4 (iFix 18.104.22.168-CSI-ISCP-IF0004) is available for download from Fixcentral.
The following version of IBM SmartCloud Provisioning must be installed:
SmartCloud Provisioning 2.3.0 Fix Pack 1 or SmartCloud Provisioning Enterprise 2.3.0 Fix Pack 1 with any of the officially released 22.214.171.124 iFixes OR LA fixes.
It supercedes the previous SmartCloud Provisioning 126.96.36.199 iFixes 188.8.131.52-CSI-ISCP-IF0001, 184.108.40.206-CSI-ISCP-IF0002, and 220.127.116.11-CSI-ISCP-IF0003. It also supersedes 18.104.22.168-CSI-ISCP LA fixes LA0001 to LA0006.
The following issues and security vulnerabilities are addressed by this iFix:
APAR ZZ00236 - Image not being discovered by VIL (22.214.171.124-CSI-ISCP-IF0002)
APAR ZZ00240 - authentication error CTJCO0004E occurs in the self-service UI when users do not work in their default domain (126.96.36.199-CSI-ISCO-LA0001)
APAR ZZ00201 - BPM Proxy does not handle multipart/form-data content type (188.8.131.52-CSI-ISCO-LA0002)
APAR ZZ00234 - Event-based orchestration goes into endless loop if vSys instance has no associated pattern (184.108.40.206-CSI-ISCO-LA0003)
APAR IT00875 - iwd fails to allocate a disk (220.127.116.11-CSI-ISCO-LA0005)
APAR IT01808/SE59154 - SCO attempts to delete the hypervisor if it is not available over the network.(18.104.22.168-CSI-ISCO-LA0005)
APAR SE59130 - SCO change flavor updates are not reflected in the SCO UI (22.214.171.124-CSI-ISCO-LA0005)
APAR IT01591 - Deployed Virtual Instances in VMware Region show as deleted (126.96.36.199-CSI-ISCO-LA0005)
APAR ZZ00223 - Improve error message to advise to check for encrypted disks (188.8.131.52-CSI-ISCO-LA0005)
APAR SE58917 - Special characters in Resource Pool Names cause VMware region install to fail (184.108.40.206-CSI-ISCO-LA0005)
PMR 72121,999,000 - Virtual System Instances unable to be managed.(220.127.116.11-CSI-ISCO-LA0005)
APAR ZZ00244 - ReturnParameters in SCOrchestrator Toolkit cannot handle large outputParameterObject (18.104.22.168-CSI-ISCO-LA0006)
APAR ZZ00246 - Bigger JSON Content in GenericRest call (100kb) does not work (22.214.171.124-CSI-ISCO-LA0006)
DEFECT 137472 - Support for vCenter 5.5 in Vil (126.96.36.199-CSI-ISCP-IF0003)
APAR ZZ00233 - VIL checkout to vCenter fails (188.8.131.52-CSI-ISCP-IF0003)
APAR IT01260 - "Forgot your password" does not work in SCO 2.3 (184.108.40.206-CSI-ISCP-IF0003)
APAR IT00519 - Increasing workload deployer default log level causes system failure (220.127.116.11-CSI-ISCP-IF0003)
APAR IT02053 - SCO 2.3 Toolbar not showing for some VMs (18.104.22.168-CSI-ISCP-IF0003)
APAR ZZ00204 - Indexing of image and check-out operations failed for domain user with dots (22.214.171.124-CSI-ISCP-IF0003)
APAR ZZ00256 - SAAM can't get the running status of openstack services when SCO server OS locale is non-English (126.96.36.199-CSI-ISCP-IF0003)
APAR SE58688 - KVM compute nodes are going offline and can't deply any new patterns and VMs (188.8.131.52-CSI-ISCP-IF0003)
APAR ZZ00169 - ICCT extension of AIX NIM image didn't run properly (184.108.40.206-CSI-ISCP-IF0003)
APAR ZZ00242 - Config_network.sh does not work in a "real" environment (220.127.116.11-CSI-ISCP-IF0003)
APAR SE59389 - SCE fails to deploy to vCenter 5.1 U2 or vCenter 5.5. (18.104.22.168-CSI-ISCP-IF0003)
DEFECT 146765 - Bulk provisioning of vsys with NovaNotification enabled sometimes failed with 'No region information for vm <uuid>'
DEFECT 141765 - PDCollect does not collect fileserver logs and error.log (22.214.171.124-CSI-ISCP-IF0003)
APAR ZZ00260 - Fresh installation of VIL 126.96.36.199 failed with 1.5 JVM points to WAS JVM
APAR IT01643 - SCO Cannot set Access granted to for self service offering
PMR 60442,999,000 - IBM SCO creates /tmp/javasharedresources directory on Central-Server-3 with world-writable permissions
APAR IT02579 - Windows VM is marked as Linux in IWD
APAR IT03096 - Can not see hypervisors in the SCO UI
APAR IT02802 - Custom nodes will not scaleout automatically when instances are deployed by SCO
APAR ZZ00265 - Unable to get the virtual image library to synchronize with the VMcontrol system
APAR SE59132 - Can not contact VM's over the network with multiple NICs
APAR SE57862 - "Default add disk" doesn't work for Linux image in a Japanese VMware environment
APAR SE58494 - Cannot change SCE admin password if containing "!" char
CVE-2014-0076 - OpenSSL could allow a local attacker to obtain sensitive information (188.8.131.52-CSI-ISCP-IF0001)
CVE-2014-0160 - OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality
CVE-2014-0411 - Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 (184.108.40.206-CSI-ISCP-IF0002)
CVE-2013-5802 - Unspecified vulnerability in Oracle Java SE related to the JAXP component (220.127.116.11-CSI-ISCP-IF0002)
CVE-2013-5772 - Unspecified vulnerability in Oracle Java SE related to the jhat component (18.104.22.168-CSI-ISCP-IF0002)
CVE-2014-0473 - Django cross-site request forgery (22.214.171.124-CSI-ISCO-IF0003)
CVE-2014-0474 - Django data injection (126.96.36.199-CSI-ISCO-IF0003)
CVE-2014-0472 - Django django.core.urlresolvers.reverse() code execution (188.8.131.52-CSI-ISCO-IF0003)
CVE-2014-0224 - OpenSSL is vulnerable to a man-in-the-middle attack (184.108.40.206-CSI-ISCO-IF0003)
CVE-2014-0221 - OpenSSL is vulnerable to a denial of service (220.127.116.11-CSI-ISCO-IF0003)
CVE-2014-0195 - OpenSSL is vulnerable to a buffer overflow (18.104.22.168-CSI-ISCO-IF0003)
CVE-2014-0198 - OpenSSL is vulnerable to a denial of service (22.214.171.124-CSI-ISCO-IF0003)
CVE-2010-5298 - OpenSSL is vulnerable to a denial of service (126.96.36.199-CSI-ISCO-IF0003)
CVE-2014-3470 - OpenSSL is vulnerable to a denial of service (188.8.131.52-CSI-ISCO-IF0003)
CVE-2014-0453 - Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1;
and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
CVE-2014-0460 - An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity impact,
and no availability impact.
CVE-2014-0878 - A vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers potentially
allows an attacker to predict the output of the random number generator under certain circumstances.
CVE-2014-1418 - Django Vary and Cache-Control headers information disclosure.
Django could allow a remote attacker to obtain sensitive information, caused by the failure to properly remove Vary and Cache-Control headers
from HTTP responses. An attacker could exploit this vulnerability to obtain sensitive information.
CVE-2014-3730 - Django malformed URL security bypass.
Django could allow a remote attacker to bypass security restrictions, caused by the improper validation of malformed URLs. An attacker
could exploit this vulnerability to gain unauthorized access to the system.
CVE-2013-6491 - when using the qpid client. An attacker could exploit this vulnerability using man-in-the-middle techniques to obtain
sensitive information. The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections
when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-2237 - The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse
before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list,
which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
CVE-2014-0105 - The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0
does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances
via a large number of requests, related to an interaction between eventlet and python-memcached.
CVE-2014-2828 - The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to
cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."