Critical updates for IBM WebSphere DataPower SOA appliances

Flash (Alert)


Abstract

This document lists the critical updates, HIPER (Highly Pervasive) APAR fixes which should be applied to IBM WebSphere DataPower SOA appliances.

Content

This document is kept current to provide you with the latest information. You can monitor for updates to this document using My Notifications. Important support information is also posted on Twitter.
This document describes Critical Actions you should take to mitigate or prevent problem. and Critical Updates (including HIPER APARs which are APARs where the problem is Highly Pervasive) along with circumventions where possible.

Table of contents:

Part 1. Critical Actions

Part 2. Critical Updates




Critical Actions



Important: Create a privileged user id as a back up for the "admin" user id. This will allow you to reset the "admin" user id's password in case that password is lost or forgotten, or in case the "admin" id is locked out.

In order to increase the security features of the appliance, the lockout duration feature was added. APAR IC65339 reports a problem where the "admin" id is locked out when an incorrect password is entered multiple times for this id. The "admin" is continues to be locked out after the lock out duration has expired. Another privileged user id can reset the "admin" id's password regardless if the APAR fix is applied or not.

See: "admin" password lost or forgotten for IBM WebSphere DataPower SOA Appliances




Critical Updates


Important:


06/19/2014: Critical updates: Apply fix packs.

APAR Description Resolution
IT02314 Symptom: CVE-2014-0224 - VULNERABILITY IN SSL CHANGECIPHERSPEC PROCESSING

Users Affected: Customers vulnerable to CVE-2014-0224

Circumvention: Apply fix packs 5.0.0.15, 6.0.0.7, or 6.0.1.3
Fixpacks:

6.0.1.x
6.0.0.x
5.0.0.x


04/06/2014: Critical updates: Apply fix packs.

APAR Description Resolution
IC98330 Symptom: SSL CLOSURES MIGHT CAUSE A DATAPOWER APPLIANCE TO TEMPORARILY BE UNRESPONSIVE.

Users Affected: Customers noting that the appliance is no responding temporarily to any traffic. For example, all transactions and user interaction might stall for several seconds.

Circumvention: Apply fix packs 5.0.0.13, 6.0.0.5, or 6.0.1.1
Fixpacks:

5.0.0.x
6.0.0.x
6.0.1.x
IC99305 Symptom: 9235 APPLIANCE MIGHT INCORRECTLY REPORT THE FAILURE OF TWO POWER SUPPLIES.

Users Affected
: Customers receiving messages regarding the intermittent reporting of two power supplies on 9235 appliances.

Circumvention: Apply fix packs higher than 5.0.0.13 or 6.0.0.5.
Fixpacks:

6.0.0.x
5.0.0.x

03/05/2014: Critical updates: Apply fix packs.

APAR Description Resolution
IC95229 Symptom: CLICKING "RAID BATTERY BACKUP STATUS" IN WEBGUI LEADS TO A RESTART

Users Affected: Customers who Click on "RAID Battery Backup Status" in the WebGUI leads to a restart while using DataPower firmware levels 6.0.0.0 to 6.0.0.2.

Circumvention: Apply fix pack 6.0.0.3, or 6.0.1.0.
Fixpacks:

6.0.0.x
6.0.1.x
02/05/2014: Critical updates: Apply fix packs.

APAR Description Resolution
IC97930 Symptom: HIGH LATENCY MIGHT OCCUR ON 5.0.0.0 OR LATER FIRMWARE

Users Affected: Customers wishing to address performance concerns.

Circumvention: Apply fix pack 5.0.0.12, 6.0.0.4, or 6.0.1.1.
Fixpacks:

5.0.0.x
6.0.0.x
6.0.1.x
IC97354 Symptom: A DATAPOWER APPLIANCE'S DNS CONFIGURATION SET TO ROUND ROBIN DOES NOT HONOR THE TIME TO LIVE (TTL) SETTING

Users Affected
: Only configurations using DNS with round-robin algorithm are affected

Circumvention: Apply fix pack 5.0.0.12, 6.0.0.4, or 6.0.1.0
Fixpacks:

5.0.0.x
6.0.0.x
6.0.1.x
08/30/2013: Critical updates: Apply fix packs.

APAR Description Resolution
IC91969 Symptom: RESTART MIGHT OCCUR DURING SHOW DOCUMENT-* AFTER A HANG ON GET REQUEST FOR MULTI-PROTOCOL GATEWAY WITH DOCUMENT CACHE POLICY.

Users Affected: Critical for users running the 5.0.0.x or 4.0.2.x firmware on DataPower appliances and using the document cache

Circumvention: Apply fix pack 4.0.2.14, 5.0.0.9, 6.0.0.0 or newer.
Fixpacks:

6.0.0.x
5.0.0.x
4.0.2.x
IC92257 Symptom: WHEN A DATAPOWER APPLIANCE IS UNDER HEAVY WORKLOAD, A RACE CONDITION EXISTS THAT MIGHT RESULT IN AN APPLIANCE RESTART.

Users Affected
: Critical for users running the 5.0.0.x firmware on DataPower appliances.

Circumvention: Apply fix pack 5.0.0.9 and 6.0.0.0 or newer
Fixpacks:


6.0.0.x
5.0.0.x
IC91444 Symptom: A RESTART MIGHT OCCUR UNDER CERTAIN CONDITIONS LOADING A DOMAIN CONTAINING SLM PEERING OBJECTS.

Users Affected
: Critical for users running the 5.0.0.x or 4.0.2.x firmware on DataPower appliances and using SLM policies.

Circumvention: Apply fix pack 4.0.2.14, 5.0.0.9, 6.0.0.0 or newer.
Fixpacks:

6.0.0.x
5.0.0.x
4.0.2.x
IC92190 Symptom: SUSTAINED HIGH CPU IS SEEN DUE TO SSL CHURNING.

Users Affected
: Critical for users running the 5.0.0.x firmware on DataPower appliances using SSL

Circumvention: Apply fix pack 5.0.0.9 and 6.0.0.0 or newer
6.0.0.x
5.0.0.x
08/09/2013: Critical updates: Apply fix packs.

APAR Description Resolution
IC94606 Symptom: REINIT COMMAND REMOVES INACTIVE LICENSES.

Users Affected: Critical for those users running the 6.0.0.0 firmware on DataPower appliances that were purchased through PPA.

Circumvention: Apply fix pack 6.0.0.1 or newer.
Fixpacks:

6.0.0.x
IC93979 Symptom: GLOBALIZATION FILES MISSING IN XG45 SOFTWARE IMAGES

Users Affected
: Critical for users running 6.0.0.0 images for 7198 physical appliances and virtual XG45 appliances.

Circumvention: Apply fix pack 6.0.0.1 or newer.
Fixpacks:

6.0.0.x
IC94513 Symptom: A DATAPOWER APPLIANCE MIGHT HANG AFTER REMOVING A FRONT-SIDE HANDLER.

Users Affected
: Critical for those users running the 6.0.0.0 firmware on DataPower appliances.

Circumvention: Apply fix pack 6.0.0.1 or newer.
Fixpacks:

6.0.0.x

05/31/2013: Critical updates: Apply fix packs.

APAR Description Resolution
IC91206 Symptom: 9235 WITH XG3NG OR XG4NG RUNNING v5.0.0.0-5.0.0.6, AN UNEXPECTED RESTART MAY OCCUR WHEN USING ETH1 OR ETH2

Users Affected
: Critical for users running 9235 and DP 5.0.

Circumvention: Apply fix pack 5.0.0.8 or newer.
Fixpacks:

5.0.0.x
IC90458 Symptom: HIGH LATENCY MAY BE OBSERVED DURING DNS FIRST ALIVE RESOLUTION

Users Affected
: Critical for users running with DNS First Alive on 401, 402, or 500.

Circumvention: Apply fix pack 4.0.1.17, 4.0.2.13, 5.0.0.8 or newer.
Fixpacks:

5.0.0.x
4.0.2.x
4.0.1.x
IC90924 Symptom: APPLICATION OPTIMIZATION (AO) SELF BALANCING INCREASED LATENCY AND SENDING ICMP FRAGMENTATION REQUIRED

Users Affected
: Critical for users running DP 5.0 and AO Self-Balancing.

Circumvention: Apply fix pack 5.0.0.8 or newer.
Fixpacks:

5.0.0.x
IC91091 Symptom: THE BACKSIDE MQ QUEUE MANAGER OBJECT ON DATAPOWER SHOWS AN "UP" STATUS EVEN IF THERE IS A NETWORK ERROR.

Users Affected: Critical for users running DP 5.0 and using MQ.

Circumvention: Apply fix pack 5.0.0.8 or newer.
Fixpacks:

5.0.0.x


10/03/2012: Critical updates: Apply fix packs.

APAR Description Resolution
IC81933 Symptom: CRYPTO ENGINE HSM2 RUNTIME ERROR CODE 6 ON MACHINE TYPE 7199 / 7198 WITH HSM

Users Affected: Those with m/t 7199 or m/t 7198 appliances with the HSM feature installed and running 4.0.2 (This does not affect other releases )

Circumvention: Apply fix pack 4.0.2.6 or newer.
Fixpacks:

4.0.2.x

04/05/2012: Critical updates: Apply fix packs.

APAR Description Resolution
IC81486 Symptom: Possible SSL Connection hangs or failures using 4.0.2

Users Affected: Those with SSL configurations running 4.0.1 or 4.0.2 without this fix. (This does not affect 3.8.2 firmware users)

Circumvention: Apply fix packs.
Fixpacks:

4.0.2.x
IC81912 Symptom: Message "Not permitting connection due to Normal throttling"is presented and intermittent connection rejections may occur unexpectedly.

Users Affected: Those using the memory throttler. This problem is more likely to be seen when using 4.0.2.

Circumvention: Apply fix packs.
Fixpacks:

4.0.2.x

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM DataPower Gateways
General

Software version:

4.0.2, 5.0.0, 6.0.0, 6.0.1

Operating system(s):

Firmware

Reference #:

1390112

Modified date:

2014-06-20

Translate my page

Machine Translation

Content navigation