=============================================================================== IBM QRadar Firmware Update tool 4531-XXX QRadar Appliances (5466 base servers) Change History Version 6.6.0 - 23/07/2019 =============================================================================== ========================================================================== System: IBM System x3650 M4 BD UEFI Flash Update Version 2.50, Build ID YOE132C, Critical Release date: June/2019 ========================================================================== -------------------------------------------------------------------------- 1.0 Overview -------------------------------------------------------------------------- Machine Types supported: 5466 Operating systems supported: Operating System Independent -------------------------------------------------------------------------- 2.0 Prerequisites and dependencies -------------------------------------------------------------------------- - The IMM firmware must be at BUILDID: 1AOO62W Version: 4.35 (ibm_fw_imm2_1aoo62w-4.35_anyos_noarch) or higher prior to installing UEFI version 1.10 or higher. If the IMM level is lower, the UEFI update module will be rejected as invalid because of additional security features implemented in this release. -------------------------------------------------------------------------- 3.0 Security Fixes -------------------------------------------------------------------------- FIX: 1. Updated OpenSSL code to address security vulnerabilities identified in CVE-2018-5407 2. Updated Intel's Processor Microcode to address security vulnerabilities identified in CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091. -------------------------------------------------------------------------- 4.0 Other Fixes -------------------------------------------------------------------------- FIX: 1. Fixed an issue when updating the UEFI boot mode option in setup. -------------------------------------------------------------------------- 5.0 Enhancements -------------------------------------------------------------------------- ENHANCEMENT: None -------------------------------------------------------------------------- 6.0 Other Changes -------------------------------------------------------------------------- CHANGE: None -------------------------------------------------------------------------- 7.0 Limitations -------------------------------------------------------------------------- LIMITATION: None =============================================================================== Integrated Management Module II (IMM2) Firmware Update Change History Version 7.20, 1AOO88B - Critical - Supports systems: HS23, HS23E, x3100 M4, x3100 M5, x3250 M4, x3250 M5, x3300 M4, x3500 M4, x3530 M4, x3550 M4, x3630 M4, x3650 M4, x3650 M4 BD, x3650 M4 HD, x3750 M4, x3850 X6, x3950 X6, dx360 M4, nx360 M4, x220, x222, x240, x440, x280, x480, x880 - Firmware changes to address security vulnerabilities: CVE-2018-0737, CVE-2019-6157 - Additional firmware changes to address security vulnerabilities in open source packages, but for which there is no IMM2 exposure: CVE-2015-5180, CVE-2018-11236, CVE-2018-15804 - Additional firmware changes in Service Data Log (FFDC) to stop from collecting the certificate and the private key of WS-MAN with hardware inventory =============================================================================== Dynamic System Analysis (DSA) Preboot Change History Version 9.65, Build ID DSYTE2Z o Problem(s) Fixed: SECURITY: CVE-2012-2806, CVE-2017-15232, CVE-2018-1152, CVE-2018-11813, CVE-2014-8128, CVE-2015-7554, CVE-2016-10095, CVE-2016-10266, CVE-2016-3632, CVE-2016-5318, CVE-2016-8331, CVE-2016-9535, SECURITY: CVE-2016-9540, CVE-2017-11613, CVE-2017-5225, CVE-2018-7456, CVE-2018-8905, CVE-2018-12015, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126, CVE-2018-0732, SECURITY: CVE-2008-1483, CVE-2016-10012, CVE-2016-10708, CVE-2017-15906, CVE-2018-11236, CVE-2018-0737, CVE-2015-8668, CVE-2016-5319, CVE-2017-17942, CVE-2018-10779, CVE-2018-14618, CVE-2015-9262, SECURITY: CVE-2015-5180, CVE-2017-15670, CVE-2017-15804, CVE-2018-14598, CVE-2018-14599, CVE-2018-14600, CVE-2018-14621, CVE-2018-14622, CVE-2017-9935, CVE-2018-16335, CVE-2018-17100, CVE-2018-17101, SECURITY: CVE-2018-17795, CVE-2018-14665, CVE-2018-15473, CVE-2018-15919, CVE-2018-16840, CVE-2018-16842, CVE-2015-8870, CVE-2016-3619, CVE-2016-3620, CVE-2016-3621, CVE-2016-9273, CVE-2017-9117, SECURITY: CVE-2017-9147, CVE-2018-12900, CVE-2018-18661, CVE-2018-16429, CVE-2016-10092, CVE-2016-10093, CVE-2016-10094 Version 9.65, Build ID DSYTE2X o Problem(s) Fixed: SECURITY: glibc CVE-2017-1000366 SECURITY: curl CVE-2017-1000100 SECURITY: curl CVE-2017-1000254 SECURITY: glibc CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 SECURITY: dhcp CVE-2017-3144 SECURITY: dhcp CVE-2018-5732 CVE-2018-5733 SECURITY: curl CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Version 9.65, Build ID DSYTE2W o Problem(s) Fixed: Disable SSLv2, 3DES, RC4 and Blowfish to fix sweet32 attack issue Version 9.65, Build ID DSYTE2V o Enhancement: Update LSI CIM provider to version:00.61.00.10. Version 9.65, Build ID DSYTE2T o Problem(s) Fixed: DSA version DSYE1S blocks 6990 port in BMU mode Use LXCA update the Flex System x222 (7916) server's FW stop with error in RXA Session step Version 9.65, Build ID DSYTE2S o Problem(s) Fixed: Takes too long to boot up when system is attached to lots of LUNs Version 9.65, Build ID DSYTE2P o Problem(s) Fixed: DSA hangs in certain situation with MT 8752 with Intel 520 NIC cards =============================================================================== ServeRAID 6GB SAS/SATA Controller Firmware Update Adapters Supported: ServeRAID M5110 SAS/SATA Controller for IBM System x (81Y4481) ServeRAID M5110e SAS/SATA Controller for IBM System x ServeRAID M5120 SAS/SATA Controller for IBM System x (81Y4478) ServeRAID M5016 SAS/SATA Controller for IBM System x (90Y4304) ServeRAID M5115 SAS/SATA Controller for IBM Flex System (90Y4390) ServeRAID M5016 SAS/SATA Controller for IBM System x (90Y4304) IBM Flex System Storage Expansion Node (Onboard 2208) NOTE TO SERVICE - Reference RETAIN #N/A Version 23.34.0-0023 - High Impact/High Probability of Occurrence -------------------- FW PACKAGE: 23.34.0-0023 MR FW: 3.460.145-8209 iMR FW: 3.460.144-8208 BIOS: 5.50.03.0 UEFI: 0x06110200 HII: 03.17.14.04 Fixes: - Fixed an issue where malformed incoming host commands could cause card reset in DataCenter. (SCGCQ01240574) - Fixed an issue where iMR Montask while installing on degraded R5. (SCGCQ01165519) - Fixed an issue where MRS section in the DDF is not updated when a drive is moved from rebuilding to online state. (SCGCQ01255906) - Fixed an issue where IN FAILED ARRAY bit is not being set when a VD is cleared. (SCGCQ01287457) - Fixed an issue where cache windows of physical drives with invalid signatures were not being accounted properly which was lead to an infinite loop and ultimately kill adapter. (SCGCQ01260339 Port of Defect SCGCQ01058771) - Fixed an issue where Users can't change default access policy of SVD when it blocked by SSC removal. (SCGCQ01260344 Port of Defect SCGCQ00814937) =============================================================================== BIOS and Firmware Update for ServeRAID M5200 Series SAS/SATA Controllers Adapters Supported: ServeRAID M5225-2GB SAS/SATA Controller ServeRAID M5210e SAS/SATA Controller for System x ServeRAID M5210 SAS/SATA Controller NOTE TO SERVICE - Reference RETAIN #N/A Version 24.21.0-0097 - Moderate Impact/Low Probability of Occurrence -------------------- PACKAGE: 24.21.0-0097 BIOS: 6.36.00.3 UEFI Driver: 0x06180203 HII: 03.25.05.12 MR NVDATA: 3.1705.00-0018 iMR NVDATA - 3.1705.01-0012 MR Firmware - 4.680.00-8458 iMR Firmware - 4.680.01-845 MR 6.14 SATA PD does not change to failed state after read medium error detected(SCGCQ01624704) - Repetitive OOB and LED prints observed in FW logs(SCGCQ01727104) - FW Crashes when user tries to fetch SMP PassThru Info using Host SLT(SCGCQ01937319) - Do not allow RAID config in JBOD-WB mode and prevent change of personality if WB mode is set(SCGCQ01685447) - dev defect - Setting defaults for JBOD-WB mode and code cleanup(SCGCQ01681100) - Cannot create or mount xfs filesystem using xfsprogs 4.19.x kernel 4.20(SCGCQ02027889) - xfs_info command run on an XFS file system created on a VD of strip size 1M shows sunit and swidth as 0(SCGCQ02056038) - CV going into WT mode during learn after upgrading to versions later than 24.18.0-0021 - FW fault after factory defaults(SCGCQ02060813) - After using hdparm to lock a SATA SSD JBOD drive the drive fails to be unlocked by the MR FW on reboot(SCGCQ02083536) - Kill adapter observed while running target reset on JBOD WB(SCGCQ01789188) - SMp command failure in OOB Path(SCGCQ01927021) - HDET_MR 6.14: OOB - SCSI PassThru Command fails with error code 0x2E (SCGCQ01936541) - Once pinnedcache is set to off not able to toggle field value in JBOD WB mode(SCGCQ01671213) - PL Fault observed while running target reset on JBOD WB(SCGCQ01676164) - MR 6.14: FW reported incorrect value for max data transfer request size as 4 MB in Storcli app.(SCGCQ02023160) - Kill Adapter observed while running task management on JBOD-WB with IO's (SCGCQ02009801) - Max number of PDs for PatrolRead to run concurrently should be in range from 1 to MR controller's max configurable PDs(SCGCQ02008420) - Some Configured drives may change to JBOD and Unconfigure Good after Set JBOD=on and reboot(SCGCQ02080101) - MR controller was missing in UEFI after reboot when the bootable JBOD drive was removed(SCGCQ02112533) - MR API - Incorrect value used for MR_DCMD_CTRL_SNAPDUMP_ONDEMAND (SCGCQ01882581) - MR 6.14 - PD show all StorCLI command fails for UBAD SAS & SATA drives (SCGCQ01915285) - With ESXi 6.7 OS or latter, a SATA SSD drive that is configured as EPD will be dropped by OS when driver reload is done(SCGCQ01969605) - Dev defect: Incorporate the new changes done in MR API(SCGCQ01760667) - Amber LED not seen for UBAD PD's (SCGCQ01770256) - Continuous SRAM correctable error prints followed by controller reset(SCGCQ02023839) - Able to create RAID configuration even after it has been disabled(SCGCQ01670086) - With a pending personality change, Global hot spares are allowed to be created and should be blocked.(SCGCQ01750315 port of SCGCQ01742187) - SMP pass through not working when the “PD 0” is BAD drive(SCGCQ01945674 port of SCGCQ01945602) - (CSETActivity) - MCTP over PCIe discovery(SCGCQ01904092 port of SCGCQ01184923) - CIT: Same EID assigned to 2 930-8i controllers(SCGCQ01886616 port ofSCGCQ01830180 ) - Controller OCR seen when DM multipathing issues read CDB with zero blocks(SCGCQ01822167 port of SCGCQ01808882) - Unable to recover config when changing security password before re-inserting drives(SCGCQ01874302 port of SCGCQ01715058) - 23=Flash programming error while upgrading the Controller FW causes the APP image corruption(SCGCQ02085501 port of SCGCQ02074630) EnhancementRequest: - RTTrace Enable/Disable API changes(SCGCQ01830211) - MR API changes to support EKMS over OOB(SCGCQ01874035) - API Changes for Driver/FW DCMD HandShake(SCGCQ01841266) - Added new events for unmap policy change(SCGCQ01871912) - Add secure boot key update complete event(SCGCQ01928254) - Including The Time Stamp for every Snap Dump created in the firmware.(SCGCQ01797424) - Unmap: Define new events for enhanced UNMAP support [MR7.8](SCGCQ01803319) - Deprecate the snap dump fields that are no longer needed for MR_SNAP_DUMP_PROPERTIES structure(SCGCQ01816724) - [MR 7.8] API change to return apt failure status for a personality change request(SCGCQ01853480) - Interrupt coalsecing setting per group of 8 replies queues (h/w VF registers (SCGCQ01886424) - HDET: Support smp passthrough storeliboob (API changes requirement(SCGCQ01916035) - Add secure boot support(SCGCQ01792416) - API change to provide learn complete timestamp(SCGCQ01845269) - POC in 6.14: WB support and Pinned Cache changes(SCGCQ01581022) - Aero FW - Reporting SSD wear gauge values for OEM specific customers(SCGCQ01798686) - Support SC_INQUIRY and SC_LOG_SENSE SCSI Passthrough commands on drives in bad state for a particular OEM(SCGCQ01888257) - FW changes for the configurable parameters(SCGCQ01609320) - Add the API to clear all the snap-dumps from firmware.(SCGCQ01824135) - API Changes - After Vision PSOC FW update, applications should ask the user for power cycle instead of reboot(SCGCQ01765150) - Add new MFI Status - MFI_STAT_PD_NOT_ELIGIBLE_FOR_LD (SCGCQ01818580) - HDET: Support smp passthrough in storlib and storeliboob (SCGCQ01799154) - Fail the drive and do not pin the cache(SCGCQ01584411) - Integrated Invader PL RO - SCGCQ02000507– phase 14, Version 14.00.11.00 to MR 6.14(SCGCQ02000920) - [MR 7.8] API change to export "disable least latency mode"(SCGCQ01887495) - Fix MR_CTRL_INFO to support backward compatibility(SCGCQ01946548) - Added customer serial number field to MFC Manufacturing 2 structure(SCGCQ01873417) - Added Support for Triggering SnapDump(SCGCQ01848759) - Add Board Support Package Image Type to MR_IMAGE_TYPE(SCGCQ01931637) =============================================================================== IBM Online SAS/SATA HDD/SSD Update Program. Version 1.23.02 Build ID: IBM12302 ************************************************************************** IBM SAS/SATA HDD/SSD Update Program Version 1.23.02 - Update Utility release for IBM x86 servers. SAS 3.5" - ST1000NM0045, ST2000NM0045, ST4000NM0025 to LK85 - ST6000NM0095 to LC85 SAS 2.5" -HUC101860CSS20E, HUC101890CSS20E, HUC101812CSS20E, HUC101830CSS20E to P2H6 ============================================================================= =============================================================================== Emulex 8Gb Fibre Channel Firmware Package =============================================================================== Firmware Version: 2.02x11 Boot Code Version: 5.30a6 Supported On: System x, BladeCenter and Flex Problems Fixed: - SAN boot stopped working after firmware/boot BIOS upgrade - Resolves issue with supported adapters not being detected when using package with Bootable Media Creator.(BoMC) Incremental Interoperability: - Company branded versions of formerly IBM branded products Known Issues: - To disable BFS after BOFM or IFM have been enabled, it must be done by setting BFS manually in the EFIBoot config utility or sending a BOFM default command to the port. This is working as expected and we are documenting it ===============================================================================