Release Notes
Abstract
This firmware update (6.0.0) provided by IBM® is the latest firmware for your QRadar® xSeries M4 2U appliances. Firmware fix pack 6.0.0 for QRadar M4 2U appliances include several firmware updates and remediations for reported security issues. These instructions are intended for administrators who are on-premise with the appliance to complete a local firmware update with a USB key.
Content
Important: Select a tab to read each step of the firmware procedure.
Tab navigation
Part 1: About the M4 firmware 6.0.0 update
Creating your USB flash drive for the firmware update requires a Windows host and the administrator or USB drive must be on-site with the appliance. The firmware update can take up to 60 minutes complete per appliance and the administrator is required to reboot the appliance after the firmware install completes. Firmware updates are intended to be ccompleted during planned maintenance for your QRadar appliances. If your Data Center does not allow USB keys, instructions and a download are available for administrators who have Integrated Management Module (IMM2) interfaces. For information about other installation options, see: http://ibm.biz/qradarfirmware .
This firmware update applies to the following IBM Security QRadar M4 (2U form factor) appliances, server type, or Machine type models:
Hardware | Details | Size |
Appliance | QRadar 1400 Data Node (4380-Q1E) QRadar Event Processor 1605 (4380-Q1E) QRadar Flow Processor 1705 (4380-Q1E) QRadar Event Processor 1628 (4380-Q2E) QRadar Flow Processor 1728 (4380-Q2E) QRadar 3105 (All-in-One) (4380-Q1E) QRadar 3105 (Console) (4380-Q1E) QRadar 3128 (All-in-One) (4380-Q2E) QRadar 3128 (Console) (4380-Q2E) QRadar Log Manager 3105 (All-in-One) (4380-Q1E) QRadar Log Manager 3105 Console (4380-Q1E) QRadar Log Manager 3128 (All-in-One) (4380-Q2E) QRadar Log Manager 3128 (Console) (4380-Q2E) QRadar Vulnerability Manager (4380-Q1E) QRadar Risk Manager (4380-Q1E) IBM Security QRadar Incident Forensics xx28 (4531-G1E) IBM Security QRadar Packet Capture xx28 (4531-G2E) IBM Security QRadar Packet Capture Data Node xx28 (4531-G3E) | 2U |
Server Type | x3650 M4 BD | 2U |
Server Machine Type | 5466 | 2U |
Appliance Machine type models (MTM) | 4380-Q1E 4380-Q2E 4531-G1E 4531-G2E 4531-G3E | 2U |
Important information and prerequisites in this firmware update
Firmware v6.0.0 includes the following software updates in the Base System Pack and HDD update. Administrators must ensure that their M4 appliance includes the minimum version outlined in the Prerequisite version column. If your M4 appliance does not meet the prerequisite versions outlined in the table 2, the administrator must contact IBM QRadar Support to have a custom upgrade path defined for the M4 appliance.
Component | Prerequisite version | Firmware version in this update | File name |
IMM2 | 4.35 or later | 1aoo88b-7.20 | ibm_fw_imm2_1aoo88b-7.20_anyos_noarch.uxz |
UEFI/BIOS | None | yoe132c-2.50 | ibm_fw_uefi_yoe132c-2.50_anyos_32-64.uxz |
DSA | None | dsyte2z-9.65 | ibm_fw_dsa_dsyte2z-9.65_anyos_32-64.uxz |
RAID Controller M5110 | None | 6gb-23.34.0-0023 | ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64.bin |
RAID Controller M5210 | None | 5200-24.21.0-0097 | ibm_fw_sraidmr_5200-24.21.0-0097_linux_32-64.bin |
HDD Update | None | sas-1.23.02 | ibm_fw_hddlenovo_sas-1.23.02_linux_32-64.bin |
Emulex | None | fc_15b-2.02x11-40 | elx_fw_fc_15b-2.02x11-40_linux_32-64.bin |
NOTES
- Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944 .
- A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
- The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack can be listed when the tool compares available firmware to the hardware in the appliance and display a status of "undetected".
- For general firmware questions and information, see: http://ibm.biz/qradarfirmware.
Security issues resolved in this firmware update
This table defines the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.
Component | File name | CVEs resolved in this package |
---|---|---|
UEFI/BIOS | ibm_fw_uefi_yoe132c-2.50_anyos_32-64 | Updated OpenSSL code to address security vulnerabilities identified in CVE-2018-5407. Updated Intel® Processor Microcode to address security vulnerabilities identified in CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091. Intel is a registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. |
IMM2 | ibm_fw_imm2_1aoo88b-7.20_anyos_noarch | CVE-2018-0737 and CVE-2019-6157 |
DSA | ibm_fw_dsa_dsyte2z-9.65_anyos_32-64 | SECURITY: CVE-2012-2806, CVE-2017-15232, CVE-2018-1152, CVE-2018-11813, CVE-2014-8128, CVE-2015-7554, CVE-2016-10095, CVE-2016-10266, CVE-2016-3632, CVE-2016-5318, CVE-2016-8331, and CVE-2016-9535. SECURITY: CVE-2016-9540, CVE-2017-11613, CVE-2017-5225, CVE-2018-7456, CVE-2018-8905, CVE-2018-12015, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126, and CVE-2018-0732. SECURITY: CVE-2008-1483, CVE-2016-10012, CVE-2016-10708, CVE-2017-15906, CVE-2018-11236, CVE-2018-0737, CVE-2015-8668, CVE-2016-5319, CVE-2017-17942, CVE-2018-10779, CVE-2018-14618, and CVE-2015-9262. SECURITY: CVE-2015-5180, CVE-2017-15670, CVE-2017-15804, CVE-2018-14598, CVE-2018-14599, CVE-2018-14600, CVE-2018-14621, CVE-2018-14622, CVE-2017-9935, CVE-2018-16335, CVE-2018-17100, and CVE-2018-17101. SECURITY: CVE-2018-17795, CVE-2018-14665, CVE-2018-15473, CVE-2018-15919, CVE-2018-16840, CVE-2018-16842, CVE-2015-8870, CVE-2016-3619, CVE-2016-3620, CVE-2016-3621, CVE-2016-9273, and CVE-2017-9117. SECURITY: CVE-2017-9147, CVE-2018-12900, CVE-2018-18661, CVE-2018-16429, CVE-2016-10092, CVE-2016-10093, and CVE-2016-10094. |
RAID Controller M5110 | ibm_fw_sraidmr_6gb-23.34.0-0023_linux_32-64 | None |
RAID Controller M5210 | ibm_fw_sraidmr_5200-24.21.0-0097_linux_32-64 | None |
HDD Update | ibm_fw_hddlenovo_sas-1.23.02_linux_32-64 | None |
Emulex | elx_fw_fc_15b-2.02x11-40_linux_32-64.bin | None |
Other Security Fixes | None | Additional firmware changes to address security vulnerabilities in open source packages, but for which there is no IMM2 exposure: CVE-2015-5180, CVE-2018-11236, and CVE-2018-15804. |
Full Release Notes from Lenovo for firmware 6.0.0 updates
These attached text files contain the full release notes provided by Lenovo to IBM for resolved issues that administrators might want to review.
Part 2. Create the USB
To create a bootable USB key, you must have access to the following tools and software:
- An 8 GB or larger USB flash drive.
- IBM Fix Central to download the appliance firmware.
- A desktop or notebook system running one the following operating systems:
- Windows 10
- Windows 7
- Windows 2008R2
- Windows 2008
- Windows Vista
- Windows XP
NOTE: Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Creating the bootable USB drive
- Download the M4 6.0.0 firmware IMG file from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.1-QRADAR-FIRMWARE-M4_2U_USB-QRadar-QNI-PCAP-QIF-6.0.0&includeSupersedes=0&source=fc.
- Download the Rufus Bootable USB Tool.
- Insert the USB flash drive into a USB port on your Windows laptop or workstation.
- Open Rufus and configure the properties.
Parameter Value Device Select your USB drive Boot Selection Select Qradar_IMG_M4_2U_MT5466_x3650_6_0_0.img Partition scheme MBR (Default) Target system BIOS (or UEFI-CSM) (Default) File system FAT32 (Default) Cluster size This value will default to the best option based on size of the USB drive.
- Click Start. The image is loaded on the USB drive.
- After the installation finishes, safely eject the USB flash drive from your computer.
Results
The bootable drive is ready to be used to install firmware on the M4 appliance.
Part 3. Installing the Firmware on the QRadar M4 appliance
These instructions are intended for M4 appliances that are not configured as HA (high-availability) pairs. If your appliance is in a HA pair, you must use the High-Availability update instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .Booting from the USB Drive
- Insert the USB drive that has the bootable image into the QRadar appliance.
IMPORTANT: Do not remove the USB flash drive until the IBM ToolsCenter completes the firmware installation.
- From the terminal of the KVM switch for the appliance, log in by using the root credentials.
- From the command prompt, type:
reboot
.
- As the appliance is rebooting, press the F12 key to select a boot device.
- Select the bootable firmware image, for example, USB Storage and Press Enter.
- When prompted, select the Updates option.
- Verify that the bootable media shows the correct machine type for the appliance.
Hardware Details Server Type x3650 M4 BD Server Machine Type 5466 - To start the update, select Click here to start update.
NOTE: Verify that the Updates list contains x3650 M4 BD -- machine type 5466 in the updates list.
- Select your language and click I accept the terms in the license agreement to continue.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
- From the list of selected firmware items, verify that the selected items match the firmware items to update.
- To start applying the updates, click Next on the Update Options page.
The bootable media creator starts to install firmware on the M4 appliance.
- Verify that all the firmware updates are applied, and click Next to complete the update.
- After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
- Select the USB flash drive and click OK.
- When all updates are complete, click Finish to reboot the appliance.
Results
After the appliance boots, the system is ready to be used normally. If you experience any installation issues, you can contact QRadar Support for assistance and open a hardware case for your appliance. The support representative will request the firmware logs.
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Hardware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
08 June 2020
UID
ibm11102323