IBM Support

Fix readme for 2.0.0-IBM-IMA-FP0002

Fix Readme


Abstract

This readme describes the contents and fixes included in new fixpack 2.0.0-IBM-IMA-FP0002

Content

Fix: 2.0.0-IBM-IMA-FP0002
Date: October 5, 2017
Build: 20170929-1925
IBM MessageSight 2.0.0.2 Cumulative Fix Pack

(Note: all MessageSight 2.x ifixes are cumulative. In addition, because of the nature of the fix packaging for 2.0, any published fix can be used for the base install of MessageSight. It is recommend to install the latest IFIX or FP as the initial install of the product.)

Fix:

Componentmd5sumFile
Server4babf47dc8773ad6b5ccb8fa906f462f2.0.0-IBM-IMA-FP0002-Server.tz
WebUIa78bb7d4dc4bc8133ec058c6aef1453c2.0.0-IBM-IMA-FP0002-WebUI.tz

Product Features introduced in this build:

1. Run WebUI as non-root user
2. New AllowNullPassword configuration option for SecurityProfile

APARs fixed in this build:

Most of the critical apars fixed in this fixpack were already released in previous IFIX releases. All official fix images released by MessageSight are cumulative, and included all fixes delivered in previous fix images. For your convenience, included below is the list of IFIX releases since the release of 2.0.0-IBM-IMA-FP0001, and the apars fixed:

2.0.0.1-IBM-IMA-IFIT22403:

APARDescription
IT22403Unable to login to WebUI after updating to recent builds
IT22433Server does not detect it is running in a container

2.0.0.1-IBM-IMA-IFIT22355:

APARDescription
IT22355WebUI does not allow the hyphen character in hostnames
IT22267Add ability to set alternate tmp dir for rpm install scripts

2.0.0.1-IBM-IMA-IFIT22196:

APARDescription
IT22196Multiple vulnerabilities in Java affect IBM MessageSight
IT22023MessageSight service files have invalid restart specifier
IT22240Remove server information from default endpoint landing page
IT22267Add ability to set alternate tmp dir for rpm install scripts

2.0.0.1-IBM-IMA-IFIT21549:

APARDescription
IT21549Multiple vulnerabilities in Liberty Profile affect IBM MessageSight

2.0.0.1-IBM-IMA-IFIT20660:

APARDescription
IT20660Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight
IT20450Memory free metric not accurately reflecting actually available memory

2.0.0.1-IBM-IMA-IFIT20051:

APARDescription
IT20051Interim fix preparing for future fixpack release

2.0.0.1-IBM-IMA-IFIT19586:

APARDescription
IT19586MessageSight affected by CVE-2016-2183 CVE-2017-3289 CVE-2017-3272 CVE-2017-3241 CVE-2017-3260 CVE-2016-5546 CVE-2017-3253 CVE-2016-5548 CVE-2016-5549 CVE-2017-3252 CVE-2016-5547 CVE-2016-5552 CVE-2017-3261 CVE-2017-3231 CVE-2017-3259

2.0.0.1-IBM-IMA-IFIT19270:

APARDescription
IT19072Server can trap when client publishes will retain message to full subscription queue

2.0.0.1-IBM-IMA-IFIT18788:

APARDescription
IT187882.0 migration code won't migrate appliances with old server version in config file
IT18986CA cert soft links broken after migration to 2.0
IT18993Reordering policies in WebUI has no effect

2.0.0.1-IBM-IMA-IFIT18441:

APARDescription
IT18441Update Liberty to 16.0.0.4 for CVE-2016-5983
IT18208Authorization checking issues with non-admin users

2.0.0.1-IBM-IMA-IFIT18037:

APARDescription
IT18037Update Liberty for CVE-2016-5983
IT18064Possible memory corruption in connection monitoring

2.0.0.1-IBM-IMA-IFIT17737:

APARDescription
IT17737Update Java for CVE-2016-3598
IT17733Possible memory corruption compacting store generations when HA is enabled
IT17730Bypass authentication when it's not required
IT17729Sending authorization request for a closed connection
IT17728Improve scheduling of oath/ltpa requests
IT17727Incorrect initialization of structure used for storing parsed oauth data
IT17726Possible incorrect memory allocation for user authentication info
IT17736Improve initialization of curl to avoid unnecessary locks


Before you install:

We strongly recommend performing a backup before upgrading the product software:

Backup and restore instructions

Preparing to install the fix:

1. Prepare the IBM IoT MessageSight .tz files for installation.

For more information, see Preparing the IBM IoT MessageSight .tz packages for installation.

Installing the fix in an rpm environment:

2. Updating the MessageSight Server package if Server is installed:

cd imaserver
sudo yum -y --nogpgcheck update IBMIoTMessageSightServer*.rpm
systemctl start IBMIoTMessageSightServer

3. Updating the MessageSight Server package if the WebUI is installed:

cd imawebui
sudo yum -y --nogpgcheck update IBMIoTMessageSightWebUI*.rpm
systemctl start IBMIoTMessageSightWebUI

(NOTE: these packages can also be installed using:
rpm -Uvh IBMIoTMessageSight*.rpm

However, you must never update using:

yum install IBMIoTMessageSightServer*.rpm

or uninstall and reinstall with rpm or yum (if you wish to preserve your existing data), since this will remove all of your data and config under /var/messagesight.)

OR:

Installing the fix in a Docker environment:

2. Build the IBM IoT MessageSight Docker image.

Build the IBM IoT MessageSight server image by issuing the following command:

cd imaserver
mv *.rpm imaserver.rpm
docker build --force-rm=true -t imaserver:2.0 .

3. Build the IBM IoT MessageSight Web UI image by issuing the following command:

cd imawebui
mv *.rpm imawebui.rpm
docker build --force-rm=true -t imawebui:2.0 .

4. Stop the existing containers.

Stop the server container by issuing the following command:

docker stop <server_container_name>

where <server_container_name> is the name of the container in which the IBM IoT MessageSight server is running. For example,

docker stop IMA

5. Stop the Web UI container by issuing the following command:

docker stop <webui_container_name>

where <webui_container_name> is the name of the container in which the IBM IoT MessageSight Web UI is running. For example,

docker stop IMAWEBUI

6. Remove the containers.

Remove the server container by issuing the following command:

docker rm <server_container_name>

where <server_container_name> is the name of the container in which the IBM IoT MessageSight server was running. For example,

docker rm IMA

Remove the Web UI container by issuing the following command:

docker rm <webui_container_name>

where <webui_container_name> is the name of the container in which the IBM IoT MessageSight Web UI was running. For example,

docker rm IMAWEBUI

7. Remove the old MessageSight images.

Remove the IBM IoT MessageSight server image by issuing the following command:

docker rmi -f $(docker ps | grep imaserver | awk '{print $3}')

Remove the IBM IoT MessageSight Web UI image by issuing the following command:

docker rmi -f $(docker ps | grep imawebui | awk '{print $3}')

8. Start the containers. Use the same Docker run command that you used previously before applying the update.

For example, to start the IBM IoT MessageSight server container, use a command similar to the following command:

docker run --cap-add SYS_ADMIN --net=host -P -it --name=IMA -env-file=IBMIoTMessageSightServer-docker.env -m <memory> -v /mnt/messagesight:/var/messagesight -v /mnt/tmp:/var/tmp -d imaserver:2.0

To start the IBM IoT MessageSight Web UI container, use a command similar to the following command:

docker run --cap-add SYS_ADMIN --net=host -P -it --name=IMAW --env-file=IBMIoTMessageSightServer-docker.env
-m <memory> -v /mnt/messagesight:/var/messagesight -v /mnt/tmp:/var/tmp -d imawebui:2.0

Verifying the installation:

If this is your initial install of the product see Configuring the licensed usage for IBM IoT MessageSight and accepting the license by using REST Administration APIs for accepting the product license.

If this is an update, then you can verify the status of the server see Viewing the status of an IBM IoT MessageSight server and services by using REST Administration APIs.

[{"Product":{"code":"SSCGGQ","label":"IBM MessageSight"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Maintenance","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg22009273