IBM Support

QRadar Firmware 6.0.0 for xSeries M4 2U Appliances (USB local installs)

Release Notes


Abstract

This firmware update (6.0.0) provided by IBM® is the latest firmware for your QRadar® xSeries M4 2U appliances. Firmware fix pack 6.0.0 for QRadar M4 2U appliances include several firmware updates and remediations for reported security issues. These instructions are intended for administrators who are on-premise with the appliance to complete a local firmware update with a USB key.

Content


Important: Select a tab to read each step of the firmware procedure.

Part 1: About the M4 firmware 6.0.0 update

Creating your USB flash drive for the firmware update requires a Windows host and the administrator or USB drive must be on-site with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator is required to reboot the appliance after the firmware install completes. Firmware updates are intended to be ccompleted during planned maintenance for your QRadar appliances. If your Data Center does not allow USB keys, instructions and a download are available for administrators who have Integrated Management Module (IMM2) interfaces. For information about other installation options, see: http://ibm.biz/qradarfirmware .
This firmware update applies to the following IBM Security QRadar M4 (2U form factor) appliances, server type, or Machine type models:
Hardware Details Size
Appliance QRadar 1400 Data Node (4380-Q1E)
QRadar Event Processor 1605 (4380-Q1E)
QRadar Flow Processor 1705 (4380-Q1E)
QRadar Event Processor 1628 (4380-Q2E)
QRadar Flow Processor 1728 (4380-Q2E)
QRadar 3105 (All-in-One) (4380-Q1E)
QRadar 3105 (Console) (4380-Q1E)
QRadar 3128 (All-in-One) (4380-Q2E)
QRadar 3128 (Console) (4380-Q2E)
QRadar Log Manager 3105 (All-in-One) (4380-Q1E)
QRadar Log Manager 3105 Console (4380-Q1E)
QRadar Log Manager 3128 (All-in-One) (4380-Q2E)
QRadar Log Manager 3128 (Console) (4380-Q2E)
QRadar Vulnerability Manager (4380-Q1E)
QRadar Risk Manager (4380-Q1E)
IBM Security QRadar Incident Forensics xx28 (4531-G1E)
IBM Security QRadar Packet Capture xx28 (4531-G2E)
IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E)
2U
Server Type x3650 M4 BD 2U
Server Machine Type 5466 2U
Appliance Machine type models (MTM) 4380-Q1E
4380-Q2E
4531-G1E
4531-G2E
4531-G3E
2U
Table 1: List of appliances that the M4 appliance firmware v6.0.0 can update.

Important information and prerequisites in this firmware update

Firmware v6.0.0 includes the following software updates in the Base System Pack and HDD update. Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the prerequisite versions outlined in the table 2, the administrator must contact IBM QRadar Support to have a custom upgrade path defined for the M4 appliance.
Component Prerequisite version Firmware version in this update File name 
IMM2 4.35 or later 1aoo88b-7.20 ibm_fw_imm2_1aoo88b-7.20_anyos_noarch.uxz
UEFI/BIOS  None yoe132c-2.50 ibm_fw_uefi_yoe132c-2.50_anyos_32-64.uxz
DSA  None dsyte2z-9.65 ibm_fw_dsa_dsyte2z-9.65_anyos_32-64.uxz
RAID Controller M5110 None 6gb-23.34.0-0023 ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64.bin
RAID Controller M5210 None 5200-24.21.0-0097 ibm_fw_sraidmr_5200-24.21.0-0097_linux_32-64.bin
HDD Update  None sas-1.23.02 ibm_fw_hddlenovo_sas-1.23.02_linux_32-64.bin
Emulex None fc_15b-2.02x11-40 elx_fw_fc_15b-2.02x11-40_linux_32-64.bin
Table 2: Firmware updates for the M4 QRadar 2U form factor appliances are noted in this table.
NOTES
  • Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944 .
  • A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
  • The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack can be listed when the tool compares available firmware to the hardware in the appliance and display a status of "undetected".
  • For general firmware questions and information, see: http://ibm.biz/qradarfirmware.

Security issues resolved in this firmware update

This table defines the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.

Component File name  CVEs resolved in this package
UEFI/BIOS ibm_fw_uefi_yoe132c-2.50_anyos_32-64 Updated OpenSSL code to address security vulnerabilities identified in CVE-2018-5407.

Updated Intel® Processor Microcode to address security vulnerabilities identified in CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.

Intel is a registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
IMM2 ibm_fw_imm2_1aoo88b-7.20_anyos_noarch CVE-2018-0737 and CVE-2019-6157
 
DSA  ibm_fw_dsa_dsyte2z-9.65_anyos_32-64 SECURITY: CVE-2012-2806, CVE-2017-15232, CVE-2018-1152, CVE-2018-11813, CVE-2014-8128, CVE-2015-7554, CVE-2016-10095, CVE-2016-10266, CVE-2016-3632, CVE-2016-5318, CVE-2016-8331, and CVE-2016-9535.
   
SECURITY: CVE-2016-9540, CVE-2017-11613, CVE-2017-5225, CVE-2018-7456, CVE-2018-8905, CVE-2018-12015, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126, and CVE-2018-0732.

SECURITY: CVE-2008-1483, CVE-2016-10012, CVE-2016-10708, CVE-2017-15906, CVE-2018-11236, CVE-2018-0737, CVE-2015-8668, CVE-2016-5319, CVE-2017-17942, CVE-2018-10779, CVE-2018-14618, and CVE-2015-9262.

SECURITY: CVE-2015-5180, CVE-2017-15670, CVE-2017-15804, CVE-2018-14598, CVE-2018-14599, CVE-2018-14600, CVE-2018-14621, CVE-2018-14622, CVE-2017-9935, CVE-2018-16335, CVE-2018-17100, and CVE-2018-17101.

SECURITY: CVE-2018-17795, CVE-2018-14665, CVE-2018-15473, CVE-2018-15919, CVE-2018-16840, CVE-2018-16842, CVE-2015-8870, CVE-2016-3619, CVE-2016-3620, CVE-2016-3621, CVE-2016-9273, and CVE-2017-9117.

SECURITY: CVE-2017-9147, CVE-2018-12900, CVE-2018-18661, CVE-2018-16429, CVE-2016-10092, CVE-2016-10093, and CVE-2016-10094.
RAID Controller M5110 ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64 None
RAID Controller M5210 ibm_fw_sraidmr_5200-24.21.0-0097_linux_32-64 None
HDD Update  ibm_fw_hddlenovo_sas-1.23.02_linux_32-64 None
Emulex elx_fw_fc_15b-2.02x11-40_linux_32-64.bin None
Other Security Fixes None Additional firmware changes to address security vulnerabilities in open source packages, but for which there is no IMM2 exposure:

CVE-2015-5180, CVE-2018-11236, and CVE-2018-15804.
Table 3: Security issues resolved in the M4 firmware update v6.0.0.

Full Release Notes from Lenovo for firmware 6.0.0 updates

These attached text files contain the full release notes provided by Lenovo to IBM for resolved issues that administrators might want to review.

QRadar_M4_2U_MT5466_x3650_6_0_0.txt

Part 2. Create the USB

 
To create a bootable USB key, you must have access to the following tools and software:
  • An 8 GB or larger USB flash drive.
  • IBM Fix Central to download the appliance firmware.
  • A desktop or notebook system running one the following operating systems:
    • Windows 10
    • Windows 7
    • Windows 2008R2
    • Windows 2008
    • Windows Vista
    • Windows XP
      NOTE: Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
 

Creating the bootable USB drive

  1. Download the M4 6.0.0 firmware IMG file from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.1-QRADAR-FIRMWARE-M4_2U_USB-QRadar-QNI-PCAP-QIF-6.0.0&includeSupersedes=0&source=fc.
     
  2. Download the Rufus Bootable USB Tool.
     
  3. Insert the USB flash drive into a USB port on your Windows laptop or workstation.
     
  4. Open Rufus and configure the properties.
    Parameter Value
    Device Select your USB drive
    Boot Selection Select Qradar_IMG_M4_2U_MT5466_x3650_6_0_0.img
    Partition scheme MBR (Default)
    Target system BIOS (or UEFI-CSM) (Default)
    File system FAT32 (Default)
    Cluster size
    This value will default to the best option based on size of the USB drive.
    image-20191031220716-1
     
  5. Click Start. The image is loaded on the USB drive.
    image-20191031223531-2
     
  6. After the installation finishes, safely eject the USB flash drive from your computer.

    Results
    The bootable drive is ready to be used to install firmware on the M4 appliance.
 

 

 

Part 3. Installing the Firmware on the QRadar M4 appliance

These instructions are intended for M4 appliances that are not configured as HA (high-availability) pairs. If your appliance is in a HA pair, you must use the High-Availability update instructions found here:  http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .

Booting from the USB Drive

  1. Insert the USB drive that has the bootable image into the QRadar appliance.
    IMPORTANT: Do not remove the USB flash drive until the IBM ToolsCenter completes the firmware installation.
     
  2. From the terminal of the KVM switch for the appliance, log in by using the root credentials.
     
  3. From the command prompt, type: reboot.

     
  4. As the appliance is rebooting, press the F12 key to select a boot device.
     
  5. Select the bootable firmware image, for example, USB Storage and Press Enter.

     
  6. When prompted, select the Updates option.
  7. Verify that the bootable media shows the correct machine type for the appliance.
    Hardware Details
    Server Type x3650 M4 BD
    Server Machine Type 5466
  8. To start the update, select Click here to start update.
    NOTE: Verify that the Updates list contains x3650 M4 BD -- machine type 5466 in the updates list.

     
  9. Select your language and click I accept the terms in the license agreement to continue.
    image-20190110163313-1
  10. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.

     
  11. From the list of selected firmware items, verify that the selected items match the firmware items to update.
    image-20190114093209-1
     
  12. To start applying the updates, click Next on the Update Options page.
    The bootable media creator starts to install firmware on the M4 appliance.
     
  13. Verify that all the firmware updates are applied, and click Next to complete the update.
    image-20190114093759-5
     
  14. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
    image-20190114122837-1
     
  15. Select the USB flash drive and click OK.
  16. When all updates are complete, click Finish to reboot the appliance.

    Results
    After the appliance boots, the system is ready to be used normally.  If you experience any installation issues, you can contact QRadar Support for assistance and open a hardware case for your appliance. The support representative will request the firmware logs.
 

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Hardware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
08 June 2020

UID

ibm11102323