PTF Cover Letter
PTF ( Program Temporary Fixes ) Cover letter
Disable the default configuration of 3DES
Pre/Co-Requisite PTF / Fix List
REQ LICENSED PTF/FIX LEVEL
TYPE PROGRAM REL NUMBER MIN/MAX OPTION
---- -------- --- ------- ------- ------
PRE 5770SS1 710 SI50077 00/00 0000
PRE 5770SS1 710 SI47650 00/00 0000
PRE 5770SS1 710 SI44775 00/00 0000
PRE 5770SS1 710 SI44802 00/00 0000
PRE 5770SS1 710 SI44807 00/00 0000
PRE 5770SS1 710 SI44821 00/00 0000
DIST 5770999 710 MF99007 00/00 0000
DIST 5733SC1 610 SI49904 NONE 0001
DIST 5770SS1 710 SI45609 NONE 0003
NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels. This PTF may be a prerequisite
for future PTFs. By applying this PTF you authorize and agree to the
foregoing.
This PTF is subject to the terms of the license agreement which
accompanied, or was contained in, the Program for which you are obtaining
the PTF. You are not authorized to install or use the PTF except as part
of a Program for which you have a valid Proof of Entitlement.
SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.
The applicable license agreement may have been provided to you in printed
form and/or may be viewed using the Work with Software Agreements (WRKSFWAGR)
CL command.
APAR Error Description / Circumvention
-------------------------------------------------
3DES is an old symmetric algorithm which may cause a
vulnerability known as the SWEET32 Birthday attack. By capturing
large amounts of encrypted traffic between the SSL/TLS server
and the client, a remote attacker able to conduct a
man-in-the-middle attack could exploit this vulnerability to
recover the plaintext data and obtain sensitive information.
At a high level, the suggested remediation is to disable (by
default) 3DES for TLS or VPN.
CORRECTION FOR APAR 'SE65684' :
-------------------------------
For CIMOM server, in order to avoid the potential risk of 3DES,
this fix disables 3DES in cipher suite(by default) for TLS or
VPN.
CIRCUMVENTION FOR APAR 'SE65684' :
----------------------------------
None.
Activation Instructions
None.
Special Instructions
********************************************************************
THE FOLLOWING ARE SUPERSEDED SPECIAL INSTRUCTIONS. IF THE SUPERSEDED
PTF HAS ALREADY BEEN APPLIED AND ITS SPECIAL INSTRUCTION FOLLOWED,
IT IS NOT NECESSARY TO FOLLOW THAT SPECIAL INSTRUCTION AGAIN.
********************************************************************
1. Stop CIMOM server.
2. Install this CIMOM PTF SI62516.
3. This CIMOM PTF set prereq PTFs SI50077(5770SS1 V7R1M0) and distreq
MF99007(5770999 V7R1M0). But please double check to make sure SI50077
and MF99007 are already installed on the system before startup CIMOM.
In order to enable this fix, you should do:
1. Stop CIMOM server.
2. Make sure OpenSSL version 0.9.8 or above is installed. The minimum
PTF version for V6R1 is SI49904.
3. Install CIMOM PTF SI61209.
4. Back up default key file path
"/Qopensys/QIBM/UserData/UME/Pegasus/ssl/keystore". Then delete this
directory and all the files under this. Please note default key file
path could be configured by changing server property sslKeyFilePath and
sslCertificateFilePath.
5. Start CIMOM server, a new certificate should be automatically
created under "/Qopensys/QIBM/UserData/UME/Pegasus/ssl/keystore".
Default Instructions
THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.
Supersedes
PTF/FIX NO(S). APAR TITLE LINE
-------------- ------------------------------------------------------------
SI62516 Remove PTF check in QUME_StorageExtentProvider
SI61209 Change CIM default OpenSSL certificate and key to SHA512with
SI59244 OSP-OTHER To fix the potential risk of SLOTH, we are disabli
SI57743 OSP-UNPRED Fix the issue that Timestamp retrieved is incorre
SI57434 OSP-UNPRED Fix the issue that after apply PTF SI57128 STRTCP
SI57128 OSP-OTHER Fix Poodle vulnerability issue
SI55063 OSP-UNPRED enable new feature to support setting CIM server
SI51896 OSP-UNPRED CIM repository reshipped after IPL
SI51788 OSP-UNPRED Fix bug that message queue indication could not b
SI50885 OSP-UNPRED Implement a new method to enable Activation Engin
SI50606 OSP-UNPRED Fix bug that CIM could not retrieve storage pool
SI50075 OSP-UNPRED Implement new performance metrics, disk unit inst
SI49063 OSP-UNPRED Implement some new performance metrics and enhanc
SI48633 OSP-UNPRED Fix three 5770-UME problems.
SI47798 OSP-UNPRED Implement new performance metrics, cache battery
SI47798 OSP-UNPRED Include all the new/updated messages in SI47798 i
SI43552 OSP-UNPRED Implement new performance metrics, link aggregati
SI46881 OSP-UNPRED Enhance Message Queue monitor provider of 5770-UM
SI45460 OSP-UNPRED New runtime configuration options for indication
SI41540 OSP-UNPRED Upgrade OpenPegasus version of 5770-UME from 2.8.
SI41540 OSP-UNPRED DELETE PEGASUS-2.5.1 CODE of 5770-UME IN V1R3M0F.
SI41540 OSP-UNPRED Update Message Queue code of 5770-UME
SI41540 OSP-UNPRED Update Pegasus 2.10 source code of 5770-UME
SI36447 For v1r3 ptf: TVT dat files
SI39334 cimconfig command reports incorrect exit status (bug7908)
SI39334 getservbyname() is not thread safe(bug8010)
SI39334 File rename operations should be atomic(bug7800)
SI39334 GetLine mishandles multibyte characters(bug8111)
SI39334 IndicationService is called after it is destructed(bug8281)
SI39334 Socket::timedConnect does not handle EAGAIN(bug7957)
SI39334 cimserver may hang on start-up exception(bug8253)
SI39334 Repository _resolveInstance logic is not thread safe (bug789
SI39334 invalid arguments are passed to activateFilter (bug8091)
SI39334 Interoperability issue with wbemservices CIMOM - CLASSORIGIN
SI39334 NoSuchProperty exception while returning instances without a
SI39334 Delete Provider Module fails when CMPI Provider Manager was
SI39334 Disabling object normalization does not work (bug7924)
SI39334 cimprovagt crash if tracing is enabled(bug7941)
SI39334 high cpu consumption of cimprovagt processes
SI39334 TestOOPModuleFailure fails
SI39334 exitThread() may crash
SI39334 CMPI threads are not joinable
SI39334 AtomicInt implementation is broken on PowerPC Architecture
SI39334 multiple creations of CMPI_ThreadContext::contextKey
SI39334 CIMStopAllProvidersRequestMessage is processed twice (bug 85
SI39334 Memory leak in snmpIndicationHandler (bug7998)
SI39334 Memory is leaking on releasing cloned CMPIArray (bug 8560)
SI39334 CQLValueRep: Wrong switch statement in array comparison (bug
SI39334 CIM operation in provider using its cimom handle fails after
SI39334 System::isLoopBack() doest not handle all allowed IPv4 loopb
SI39334 enumProviderProfileCapabilityInstances does not work if chec
SI39334 CMPIClassCache::getClass() does not handle all exceptions (b
SI39334 pthread_attr_destroy not called on pthread_create failure. (
SI39334 CMGetObjectPath() returns incorrect ObjectPath (bug 8655)
SI39334 unhandled exception in instGetObjectPath (bug 8321)
SI39334 newThread() may cause provider hangs (bug 8699)
SI39334 time_wait() implementation is incorrect for pthread semaphor
SI39334 CMPIError objects are leaking (bug 8555)
SI39334 incorrect check for local and target interface type in creat
SI39334 SLP Provider not advertizing Registered Profiles
SI39087 cimserver doesn't start while QIBM_USE_DESCRIPTOR_STDIO is s
SI39087 splf for QUMECIMOM created
SI39087 Director consumer create spool files and indication provider
SI39087 i5provider msg makefile
SI39087 Provider interface is invalid when gi PG_ShutdownService
SI36868 Fix all v1r3m0 bugs in the first v1r3m0f - integrate to one
SI41685 OSP-UNPRED Update CIM Schema of 5770-UME to 2.26 and update
SI37733 change the onwnership of files: cit, lpume.log
Summary Information
System.............................. | i |
Models.............................. | |
Release............................. | V1R3M0 |
Licensed Program............... | 5770UME |
APAR Fixed.......................... | View details for APAR SE65684 |
Superseded by:...................... | View fix details for PTF SI63489 |
Recompile........................... | N |
Library............................. | QUME |
MRI Feature ........................ | NONE |
Cum Level........................... | NONE |
IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.
Was this topic helpful?
Document Information
Modified date:
27 October 2016