=============================================================================== DSS-G RELEASE NOTES =============================================================================== Software name Lenovo Distributed Storage Solution for IBM Storage Scale (DSS-G) Version 5.0c Issue date August 06, 2024 Prerequisites: 1. Confluent management server 2. RHEL 9.2 3. Lenovo DSS-G building block hardware 4. Quorum node (e.g. a dedicated GUI node or the Confluent management server) when the Storage Scale storage cluster consists of a single DSS-G2xy building block =============================================================================== WHAT THIS PACKAGE INCLUDES =============================================================================== This release contains: - DSS-G software bundle - Storage Scale Data Access Edition / Data Management Edition - Mellanox OFED software This software distribution is packaged in the following Linux tarballs (and associated OpenPGP signatures) based on the Storage Scale edition and release needed: 1. dss-g-5.0c-standard-5.1.tgz dss-g-5.0c-standard-5.1.tgz.asc leverages IBM Storage Scale for DSS, Data Access Edition, version 5.1 2. dss-g-5.0c-advanced-5.1.tgz dss-g-5.0c-advanced-5.1.tgz.asc leverages IBM Storage Scale for DSS, Data Management Edition, version 5.1 Note: Each of these tarballs may be used as a new install. Reference the appropriate documentation as needed. Documentation is distributed separately from the tarballs in a ZIP archive at the same location where the tarballs are located. DSS-G-5.0c-docs.zip =============================================================================== INSTALLATION INSTRUCTIONS =============================================================================== Review the procedures below on how to install the Lenovo DSS-G software. - Download the DSS-G standard or advanced tarball and detached signature to the management server from the Lenovo ESD (Electronic Software Delivery) website: https://serviceconnect.lenovo.com * Example: Download the dss-g-5.0c-standard-5.1.tgz tarball and the corresponding dss-g-5.0c-standard-5.1.tgz.asc signature to /opt/lenovo/dss on the management server. - Optional signing verification of the downloaded files: Set up the OpenPGP environment: * Fetch Lenovo's public release signing key. The key can be obtained from a public keyserver ("gpg2 recv-keys 6591BA31"), or by downloading the KEYS file from the Lenovo ESD site and importing it ("gpg2 --import KEYS"). * Verify the key's fingerprint. * Sign the key to establish its trust level ("gpg2 --sign-key 6591BA31"). Verify the authenticity of the DSS-G tarball: * Change to install directory: cd /opt/lenovo/dss * Validate the signature (example): gpg2 --verify dss-g-5.0c-standard-5.1.tgz.asc - Extract the DSS-G tarball onto the Confluent server (as root): * Change to install directory: cd /opt/lenovo/dss * Extract tarball: tar xvfz dss-g-5.0c-standard-5.1.tgz ( Extracts into: /opt/lenovo/dss/dss-g-5.0c-standard-5.1 ) * Change to release directory: cd /opt/lenovo/dss/dss-g-5.0c-standard-5.1 - Extract documentation from zip file (optional): * Extract documentation: unzip DSS-G-5.0c-docs*.zip - Follow installation instructions from the "DSS-G Installation & Integration Guide". =============================================================================== VERSION HISTORY =============================================================================== The following lists the most significant changes in DSS-G. See the DSSGversion file for details on all software and firmware levels. ---------- DSS-G 5.0c ---------- Released 2024-08-06 This DSS-G release supports gen2 to gen4 DSS servers (Lenovo ThinkSystem SR6x0 / SR6x0 V2 / SR655 V3) only. Deployment is supported with a Confluent management server only. This release brings back support for the Storage Scale GUI for DSS-G2xy configurations deployed with DSS-G release 5.0 only. Updates and fixes ----------------- - DSS-G code and documentation * Added back and revisited the DSS-G GUI documentation * GUI: restored deployment of GUI nodes with dssg-gui-install via the Confluent management server * GUI: added support for SR655 V3 servers and D4390 external enclosures * onecli.sh: added timeout to work around occasional hangs when checking UEFI settings at bootup * [DSS-G2xy] drive firmware: added LENOVO (vs LENOVO-X) references in firmwareTable.drive for D4390 enclosures ---------- DSS-G 5.0b ---------- Released 2024-04-11 This DSS-G release supports gen2 to gen4 DSS servers (Lenovo ThinkSystem SR6x0 / SR6x0 V2 / SR655 V3) only. Deployment is supported with a Confluent management server only. The Storage Scale GUI is not supported with DSS-G 5.0. New features ------------ - Storage * [DSS-G2xy] 22TB NL-SAS HDD (Lenovo FRU 03LC215) for the D4390 enclosure * Add support for hybrid DSS-G2xy configurations with SR655 V3 servers and D4390+D1224 enclosures * Add support for expanding DSS-G2xy configurations with SR655 V3 servers and D4390 enclosures * Add back support for legacy DSS-G2xy configurations with SR650 / SR650 V2 servers and D3284 and/or D1224 enclosures * Add back support for legacy DSS-G100 ECE configurations with SR630 / SR630 V2 servers Updates and fixes ----------------- - Aligns with Lenovo EveryScale Best Recipe release 23C.4 https://www.lenovo.com/lesi_br#BR23C.4 Highlights: * [DSS-G2xy] changed OPA stack to 10.11.1.3.1 using inbox RHEL 9.2 drivers * [DSS-G100] Intel/Cornelis Omni-Path is not supported on the Lenovo SR630 / SR630 V2 servers - Operating system * updated RHEL 9.2 kernel to 5.14.0-284.59.1 (all DSS-G editions) - IBM Spectrum Scale * [DSS-G2xy] updated DME/DAE release 5.1 to 5.1.9-PTF2-efix9 (5.1.9-2.9); see https://www.ibm.com/docs/en/storage-scale/5.1.9?topic=summary-changes * [DSS-G100] updated ECE release 5.1 to 5.1.9-PTF2 (5.1.9-2); see https://www.ibm.com/docs/en/storage-scale-ece/5.1.9?topic=summary-changes * the list of IBM Spectrum Scale APARs resolved in 5.1.9.x is available at https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale_apars_519x.html - DSS-G code and documentation * fauxonecli: re-introduced and expanded use of the fast (minimal) implementation of OneCli that was leveraged by dssghealthmon in DSS-G 4.5 (undocumented) * dssghealthmon: check Confluent version when specifying optional management server upon startup * dssghealthmon: reload/trigger/shutdown: always check daemon status and warn when operation fails on node(s) where dssghealthmond is not active * dssghealthmon: fixed checking drive SMART status over all drive paths if needed * dssghealthmon: changed ERF class 6 from quorumError (loss of quorum) to outageError (no active DSS-G server) * DSS-G deployment: dssg-install: multiple improvements and minor fixes * DSS-G deployment: further improved deployment speed by supporting additional pre-built resources for the target OS levels * [DSS-G2xy] drive firmware: updated firmware levels for selected storage HDDs * [DSS-G2xy] enclosure firmware: updated D1224/D3284 firmware to 52CF; added support for offline update via dsschfw-enclosure in dssgloader * dssg_init.sh: reworked to verify the UEFI settings or update/reboot the server otherwise; reworked handling of the "up and running" message * dsschfw-adapter: fixed to no longer update NVRAM-related settings when HBA firmware did not need updating * dsschfw-baseboard: removed legacy code to bring up the NIC over USB; improved log messages * dsschfw-enclosure: revisited to support hybrid configurations with D4390+D1224 and to leverage the enclosure dssgloader utility * dsschfw-lom: fixed obtaining the installed firmware level for the Intel X722 LOM * dsschfw-ofed: added support for pre-built Mellanox EN device driver; added support for updating OPA/OPX adapter firmware only when needed * dsschmod-drive: fixed to turn on verbose mode when specifying single drive with -u * dssgckdisks: fixed to validate topology before profiling drives; fixed detecting non-uniform drive capacities especially with hybrids * dssgcktopology: fixed detecting non-uniform drive capacities especially with hybrids * dssgmk-env: fixed ssh delays by installing custom PAM profile; added systemd services to display "up and running" message once dssg_init.sh is complete * dsslsfw-enclosure: added support for hybrid configurations with D4390+D1224 enclosures * dssmk-settings: fixed to enforce UEFI settings only when UEFI firmware has been updated and thus UEFI settings have been reset to defaults * dssClientConfig.sh|dssServerConfig.sh: fixed to correctly detect available/active ports also with RoCE setups * onecli.sh: added wrapper to fauxonecli or OneCli as fallback - Enhancements to address security vulnerabilities * For the status of current advisories for IBM Storage Scale on Linux, refer to: https://www.ibm.com/docs/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * The following lists the resolved CVEs from the previous DSS-G release based on RHEL 9.2: CVE ID Resolution Component ------ ---------- --------- CVE-2020-12762 RHSA-2024:1086 libfastjson CVE-2022-0480 RHSA-2024:1304 kernel CVE-2022-38096 RHSA-2024:1018 kernel CVE-2023-4244 RHSA-2024:1018 kernel CVE-2023-6546 RHSA-2024:1018 kernel CVE-2023-6817 RHSA-2024:1018 kernel CVE-2023-6931 RHSA-2024:1018 kernel CVE-2023-7104 RHSA-2024:1081 sqlite CVE-2023-51042 RHSA-2024:1018 kernel CVE-2023-51043 RHSA-2024:1018 kernel CVE-2024-0193 RHSA-2024:1018 kernel CVE-2024-0553 RHSA-2024:1082 gnutls CVE-2024-0565 RHSA-2024:1532 kernel CVE-2024-0567 RHSA-2024:1082 gnutls CVE-2024-1085 RHSA-2024:1018 kernel CVE-2024-1086 RHSA-2024:1018 kernel CVE-2024-26602 RHSA-2024:1532 kernel ---------- DSS-G 5.0a ---------- Released 2024-02-29 This DSS-G release supports gen4 DSS servers (Lenovo ThinkSystem SR655 V3) and D4390 storage enclosures in DSS-G2x0 configurations only. Deployment is supported with a Confluent management server only. New features ------------ - Operating system * RHEL 9.2 with kernel 5.14.0-284.52.1 (all DSS-G editions) - Storage * Support for SR655 V3 with D4390 storage enclosures in DSS-G2x0 configurations only Updates and fixes ----------------- - Aligns with Lenovo EveryScale Best Recipe release 23C.3 https://www.lenovo.com/lesi_br#BR23C.3 Highlights: * updated Mellanox OFED and EN to 23.10-1.1.9.0 * updated Mellanox firmware manager to LES_23C_OFED-23.10-1_build4 - IBM Spectrum Scale * updated DME/DAE release 5.1 to 5.1.9-PTF1 (5.1.9-1); see https://www.ibm.com/docs/en/storage-scale/5.1.9?topic=summary-changes * the list of IBM Spectrum Scale APARs resolved in 5.1.9.x is available at https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale_apars_519x.html - DSS-G code and documentation * DSS-G deployment: extended dssg-install to handle most server firmware update out of band from the Confluent management server * DSS-G deployment: dssg-install: added support for options -f, -F, and -X; refer to section 7.4.1 of the DSS-G Concepts & Administration Guide * DSS-G deployment: reduced deployment time by updating firmware only when needed and by providing multiple pre-built resources * DSS-G deployment: removed xCAT resources * removed deprecated and undocumented enclosure-related utilities * enclosure dssgloader: rewritten to improve robustness and provide extensive logs centralized under /var/log/dssg/dssgloader per server * drive firmware: updated firmware levels for selected storage HDDs * blkid-py: added new script to speed up mmgetpdisktopology used by many DSS-G utilities * dsschfw-adapter: added support for 450W-16 HBAs and pre-built device driver; added -F option to update adapter firmware forcefully (mutually exclusive with -f) * dsschfw-baseboard: deprecated all options except -h; changed to reload UEFI settings to default only when the UEFI firmware has been updated * dsschfw-enclosure: added support for D4390 enclosures only * dsschfw-lom: added support for pre-built device driver; removed support for in-band OCP firmware update; fixed detecting Confluent server after updating LOM firmware * dsschfw-ofed: added support for pre-built MOFED resources * dsschfw-raid: removed support for in-band RAID adapter firmware update * dsschmod-drive: changed default verbosity; added -v (--verbose) option * dssgcktopology: fixed ordering of drives reporting issues * dssgmk-env: added support for pre-built gpfs.gplbin RPM * dsslsadapters: changed output format and listed data; refer to section 7.4.11 of the DSS-G Concepts & Administration Guide * dsslsfw-enclosure: added support for D4390 enclosures only * dssgmkdbscripts: removed (replaced by dssgmkcompdb) * dssmk-ntp: removed (was leveraged via xCAT deployment only) * storcli2.sh: added new wrapper script to the storcli2 utility managing 450W-16e HBAs on the SR655 V3 server - Enhancements to address security vulnerabilities * For the status of current advisories for IBM Storage Scale on Linux, refer to: https://www.ibm.com/docs/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * The following lists the resolved CVEs from the base RHEL 9.2 distribution: CVE ID Resolution Component ------ ---------- --------- CVE-2021-35937 RHSA-2024:0453 rpm CVE-2021-35938 RHSA-2024:0453 rpm CVE-2021-35939 RHSA-2024:0453 rpm CVE-2022-3545 RHSA-2024:0448 kernel CVE-2022-4904 RHSA-2023:7368 c-ares CVE-2022-27672 RHSA-2023:7370 kernel CVE-2022-40982 RHSA-2023:7370 kernel CVE-2022-41858 RHSA-2024:0448 kernel CVE-2022-45869 RHSA-2023:4377 kernel CVE-2022-46329 RHSA-2024:0449 linux-firmware CVE-2022-46663 RHSA-2023:3725 less CVE-2023-0458 RHSA-2023:4377 kernel CVE-2023-0464 RHSA-2023:3722 openssl CVE-2023-0465 RHSA-2023:3722 openssl CVE-2023-0466 RHSA-2023:3722 openssl CVE-2023-1074 RHSA-2024:0723 kernel CVE-2023-1192 RHSA-2024:0448 kernel CVE-2023-1255 RHSA-2023:3722 openssl CVE-2023-1637 RHSA-2023:5069 kernel CVE-2023-1998 RHSA-2023:4377 kernel CVE-2023-2002 RHSA-2023:3723 kernel CVE-2023-2124 RHSA-2023:3723 kernel CVE-2023-2162 RHSA-2024:0448 kernel CVE-2023-2163 RHSA-2024:0448 kernel CVE-2023-2166 RHSA-2024:0448 kernel CVE-2023-2176 RHSA-2024:0448 kernel CVE-2023-2194 RHSA-2023:3723 kernel CVE-2023-2235 RHSA-2023:3723 kernel CVE-2023-2602 RHSA-2023:5071 libcap CVE-2023-2603 RHSA-2023:5071 libcap CVE-2023-2650 RHSA-2023:3722 openssl CVE-2023-2828 RHSA-2023:4099 bind CVE-2023-3090 RHSA-2023:4377 kernel CVE-2023-3341 RHSA-2023:5689 bind CVE-2023-3390 RHSA-2023:5069 kernel CVE-2023-3567 RHSA-2024:0448 kernel CVE-2023-3609 RHSA-2023:7370 kernel CVE-2023-3610 RHSA-2023:5069 kernel CVE-2023-3776 RHSA-2023:5069 kernel CVE-2023-3777 RHSA-2024:0448 kernel CVE-2023-3812 RHSA-2023:7370 kernel CVE-2023-3899 RHSA-2023:4708 subscription-manager CVE-2023-3972 RHSA-2023:6282 insights-client CVE-2023-4001 RHSA-2024:0456 grub2 CVE-2023-4004 RHSA-2023:5069 kernel CVE-2023-4015 RHSA-2024:0448 kernel CVE-2023-4128 RHSA-2023:7370 kernel CVE-2023-4147 RHSA-2023:5069 kernel CVE-2023-4206 RHSA-2023:7370 kernel CVE-2023-4207 RHSA-2023:7370 kernel CVE-2023-4208 RHSA-2023:7370 kernel CVE-2023-4527 RHSA-2023:5453 glibc CVE-2023-4622 RHSA-2024:0448 kernel CVE-2023-4623 RHSA-2024:0448 kernel CVE-2023-4806 RHSA-2023:5453 glibc CVE-2023-4813 RHSA-2023:5453 glibc CVE-2023-4911 RHSA-2023:5453 glibc CVE-2023-5178 RHSA-2023:7370 kernel CVE-2023-5363 RHSA-2024:0500 openssl CVE-2023-5388 RHSA-2024:0107 nss CVE-2023-5717 RHSA-2024:0448 kernel CVE-2023-5981 RHSA-2024:0451 gnutls CVE-2023-6135 RHSA-2024:0791 nss CVE-2023-6356 RHSA-2024:0723 kernel CVE-2023-6535 RHSA-2024:0723 kernel CVE-2023-6536 RHSA-2024:0723 kernel CVE-2023-6606 RHSA-2024:0723 kernel CVE-2023-6610 RHSA-2024:0723 kernel CVE-2023-6679 RHSA-2024:0448 kernel CVE-2023-6932 RHSA-2024:0723 kernel CVE-2023-7192 RHSA-2024:0723 kernel CVE-2023-20569 RHSA-2024:0448 kernel CVE-2023-20569 RHSA-2024:0449 linux-firmware CVE-2023-20593 RHSA-2023:5068 linux-firmware CVE-2023-20593 RHSA-2023:5069 kernel CVE-2023-21102 RHSA-2023:5069 kernel CVE-2023-22652 RHSA-2023:4347 libeconf CVE-2023-24329 RHSA-2023:3595 python3.9 CVE-2023-24534 RHSA-2023:3366 kernel CVE-2023-24537 RHSA-2023:3536 NetworkManager CVE-2023-24538 RHSA-2023:3366 kernel CVE-2023-24538 RHSA-2023:3536 NetworkManager CVE-2023-27043 RHSA-2024:0454 python3.9 CVE-2023-28321 RHSA-2023:4354 curl CVE-2023-28322 RHSA-2023:4354 curl CVE-2023-28466 RHSA-2023:3723 kernel CVE-2023-28484 RHSA-2023:4349 libxml2 CVE-2023-28486 RHSA-2024:0811 sudo CVE-2023-28487 RHSA-2024:0811 sudo CVE-2023-29469 RHSA-2023:4349 libxml2 CVE-2023-29491 RHSA-2023:7361 ncurses CVE-2023-30079 RHSA-2023:4347 libeconf CVE-2023-30630 RHSA-2023:5061 dmidecode CVE-2023-31248 RHSA-2023:5069 kernel CVE-2023-32067 RHSA-2023:3559 c-ares CVE-2023-32233 RHSA-2023:3723 kernel CVE-2023-32681 RHSA-2023:4350 python-requests CVE-2023-34969 RHSA-2023:4569 dbus CVE-2023-35001 RHSA-2023:5069 kernel CVE-2023-35788 RHSA-2023:4377 kernel CVE-2023-38408 RHSA-2023:4412 openssh CVE-2023-38409 RHSA-2024:0448 kernel CVE-2023-38545 RHSA-2023:5763 curl CVE-2023-38546 RHSA-2023:5763 curl CVE-2023-39191 RHSA-2024:0448 kernel CVE-2023-40217 RHSA-2023:5462 python3.9 CVE-2023-40283 RHSA-2024:0448 kernel CVE-2023-42465 RHSA-2024:0811 sudo CVE-2023-42753 RHSA-2023:7370 kernel CVE-2023-44466 RHSA-2023:5069 kernel CVE-2023-44487 RHSA-2023:5838 nghttp2 CVE-2023-45862 RHSA-2024:0723 kernel CVE-2023-45871 RHSA-2024:0448 kernel CVE-2023-46218 RHSA-2024:0452 curl CVE-2023-46813 RHSA-2024:0448 kernel CVE-2023-48795 RHSA-2024:0455 openssh CVE-2023-48795 RHSA-2024:0499 libssh CVE-2023-51385 RHSA-2024:0455 openssh CVE-2024-0646 RHSA-2024:0723 kernel Known issues ------------ * This special release provides no support for legacy hardware, hybrid configurations, expansion, and the GUI. * The documentation ZIP archive does not provide guides for the GUI, DSS-G expansion, and DSS-G upgrade. * Setting up optimized UEFI parameters on the SR655 V3 server is performed in the dssg_init.service unit and requires up to two more server reboots upon first deployment. * Identification LED for storage drives in the D4390 enclosure cannot be controlled via the "mmvdisk pdisk change --identify" command. * D4390 IOM device handle missing causes all pdisk paths to incorrectly be marked as missing (https://support.lenovo.com/solutions/TT1979) ---------- DSS-G 4.5a ---------- Released 2023-10-25 This DSS-G release supports gen2 and gen3 DSS servers (Lenovo ThinkSystem SR6x0 and SR6x0 V2) only. Deployment is supported with a Confluent management server only. Updates and fixes ----------------- - Aligns with Lenovo EveryScale (formerly LeSI, Lenovo Scalable Infrastructure) Best Recipe release 23B.2 https://www.lenovo.com/lesi_br#BR23B.2 Highlights: * updated Mellanox OFED and EN to 23.07-0.5.0.0 * updated Mellanox firmware manager to LeSI_23B_OFED-23.07-0_build1 * [DSS-G2xy] updated Cornelis OPXS to 10.12.1.0.7 * [DSS-G100] Intel/Cornelis Omni-Path is not supported on the Lenovo SR630 and SR630 V2 servers - Operating system * updated RHEL 8.6 kernel to 4.18.0-372.75.1 (all DSS-G editions) - IBM Storage Scale (formerly IBM Spectrum Scale) * [DSS-G2xy] updated DME/DAE release 5.1 to 5.1.8-PTF2-efix6 (5.1.8-2.6); see https://www.ibm.com/docs/en/storage-scale/5.1.8?topic=summary-changes * [DSS-G100] updated ECE release 5.1 to 5.1.8-PTF2 (5.1.8-2); see https://www.ibm.com/docs/en/storage-scale-ece/5.1.8?topic=summary-changes * the list of IBM Storage Scale APARs resolved in 5.1.8.x is available at https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale_apars_518x.html - DSS-G code and documentation * changed all Spectrum Scale references to Storage Scale * added instructions to program the DSS-G solution S/N in the servers' XCC; refer to section 3.3.5 of the DSS-G Concepts & Administration Guide * dssghealthmon|dssgdiskIOHang: added records for DSS-G version and solution S/N in the error report files (ERFs) * dssgcallhome: revisited tool and improved success rate in opening tickets to Lenovo support (leveraging the DSS-G solution S/N) * DSS-G deployment: removed support for an xCAT management server; related resources are still included but no longer maintained * DSS-G deployment: added more node attributes in the deployment summary with a Confluent management server; moved postscripts around * DSS-G deployment: changed net.core.somaxconn=4096 (from 1024) and net.ipv4.neigh.default.gc_thresh1=2048 (from 1024) in /etc/sysctl.d/dssg.conf * DSS-G deployment: enabled the postfix service to help send emails from the dssghealthmon and dssgdiskIOHang systems * DSS-G deployment: improved stability in fetching packages from the management server by cleaning the yum metadata cache first * [DSS-G2xy] drive firmware: updated firmware levels for selected storage HDDs * [DSS-G2xy] enclosure firmware: updated to 52C2; updated and improved loader to leverage new uutUpdate firmware update utility * dsschfw-lom: fixed waiting for effective bring up of the administrative interface after LOM/OCP firmware update * dssgmkcompdb: added topology checks for DSS-G2xy configurations to ensure enclosure ordering is correct * dssgmkcompdb: fixed counting number of racks required to accomodate configurations moved to or split over the next rack * dssClientConfig.sh: fixed detecting requirement for installed infiniband-diags package * dssClientConfig.sh|dssServerConfig.sh: fixed to actually skip setting verbsPorts for node(s) with no active IB or OPA ports - Enhancements to address security vulnerabilities * For the status of current advisories for IBM Storage Scale on Linux, refer to: https://www.ibm.com/docs/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * This release ships with the following Java JDK provided in Spectrum Scale 5.1.8-2: openjdk version "11.0.20.1" 2023-08-24 OpenJDK Runtime Environment Temurin-11.0.20.1+1 (build 11.0.20.1+1) For the status of current advisories regarding the OpenJDK, refer to: https://openjdk.org/groups/vulnerability/advisories/ * The following lists the resolved CVEs from the previous DSS-G release based on RHEL 8.6: CVE ID Resolution Component ------ ---------- --------- CVE-2016-3709 RHSA-2023:4767 libxml2, python3-libxml2 CVE-2020-36558 RHSA-2023:5627 kernel, perf, python3-perf CVE-2021-33656 RHSA-2023:4789 kernel, perf, python3-perf CVE-2022-2503 RHSA-2023:5627 kernel, perf, python3-perf CVE-2022-2873 RHSA-2023:5627 kernel, perf, python3-perf CVE-2022-2879 RHSA-2023:3613 kernel, perf, python3-perf CVE-2022-2880 RHSA-2023:3613 kernel, perf, python3-perf CVE-2022-2996 RHSA-2022:7398 NetworkManager CVE-2022-3564 RHSA-2023:3388 kernel, perf, python3-perf CVE-2022-4304 RHSA-2023:3408 openssl CVE-2022-4378 RHSA-2023:3388 kernel, perf, python3-perf CVE-2022-4450 RHSA-2023:3408 openssl CVE-2022-27664 RHSA-2023:3613 kernel, perf, python3-perf CVE-2022-28693 RHSA-2022:7110 kernel, perf, python3-perf CVE-2022-32149 RHSA-2023:3613 kernel, perf, python3-perf CVE-2022-32190 RHSA-2023:3613 kernel, perf, python3-perf CVE-2022-36879 RHSA-2023:5627 kernel, perf, python3-perf CVE-2022-39188 RHSA-2023:3388 kernel, perf, python3-perf CVE-2022-41715 RHSA-2023:3613 kernel, perf, python3-perf CVE-2022-42703 RHSA-2023:3388 kernel, perf, python3-perf CVE-2022-42896 RHSA-2023:4789 kernel, perf, python3-perf CVE-2022-42898 RHSA-2022:8662 krb5-devel, libkadm5 CVE-2022-46149 RHSA-2023:1408 NetworkManager CVE-2022-48303 RHSA-2023:5610 tar CVE-2023-0215 RHSA-2023:3408 openssl CVE-2023-0361 RHSA-2023:3361 gnutls CVE-2023-0461 RHSA-2023:1841 kernel, perf, python3-perf CVE-2023-0590 RHSA-2023:5627 kernel, perf, python3-perf CVE-2023-1095 RHSA-2023:5627 kernel, perf, python3-perf CVE-2023-1206 RHSA-2023:5627 kernel, perf, python3-perf CVE-2023-1281 RHSA-2023:4130 kernel, perf, python3-perf CVE-2023-1637 RHSA-2023:4789 kernel, perf, python3-perf CVE-2023-1829 RHSA-2023:4789 kernel, perf, python3-perf CVE-2023-2002 RHSA-2023:4789 kernel, perf, python3-perf CVE-2023-2124 RHSA-2023:4789 kernel, perf, python3-perf CVE-2023-2235 RHSA-2023:5627 kernel, perf, python3-perf CVE-2023-2828 RHSA-2023:4101 bind-libs, python3-bind CVE-2023-3022 RHSA-2023:1130 kernel, perf, python3-perf CVE-2023-3090 RHSA-2023:5627 kernel, perf, python3-perf CVE-2023-3341 RHSA-2023:5473 bind-libs, python3-bind CVE-2023-3390 RHSA-2023:4789 kernel, perf, python3-perf CVE-2023-3899 RHSA-2023:4705 dnf-plugin-subscription-manager, python3-cloud-what, subscription-manager CVE-2023-4004 RHSA-2023:5627 kernel, perf, python3-perf CVE-2023-4128 RHSA-2023:5627 kernel, perf, python3-perf CVE-2023-4911 RHSA-2023:5476 glibc CVE-2023-20593 RHSA-2023:4789 kernel, perf, python3-perf CVE-2023-23916 RHSA-2023:1842 curl, libcurl CVE-2023-24329 RHSA-2023:3777 python2 CVE-2023-24329 RHSA-2023:3796 platform-python, python3-libs CVE-2023-24329 RHSA-2023:3810 python2 CVE-2023-24329 RHSA-2023:3931 python2 CVE-2023-24329 RHSA-2023:3932 python2 CVE-2023-24540 RHSA-2023:3409 NetworkManager CVE-2023-28466 RHSA-2023:4789 kernel, perf, python3-perf CVE-2023-28617 RHSA-2023:1931 emacs-filesystem CVE-2023-32067 RHSA-2023:3662 c-ares CVE-2023-32233 RHSA-2023:4130 kernel, perf, python3-perf CVE-2023-34969 RHSA-2023:5193 dbus CVE-2023-35001 RHSA-2023:5627 kernel, perf, python3-perf CVE-2023-35788 RHSA-2023:4789 kernel, perf, python3-perf CVE-2023-38408 RHSA-2023:4413 openssh CVE-2023-40217 RHSA-2023:5531 platform-python, python3-libs CVE-2023-40217 RHSA-2023:5991 python2 CVE-2023-44487 RHSA-2023:5769 libnghttp2 ---------- DSS-G 4.4a ---------- Released 2023-04-12 This DSS-G release supports gen2 and gen3 DSS servers (Lenovo ThinkSystem SR6x0 and SR6x0 V2) only. It is the last to support deployment with an xCAT management server. New features ------------ - Storage * [DSS-G2xy] 20TB NL-SAS HDD (Lenovo FRU 02JH108) for the D3284 enclosure * added support for nVidia/Mellanox ConnectX-7 NDR200 adapters * GUI: added automated deployment of GUI server(s) with a Confluent management server * DSS-G Health Monitor (dssghealthmon): added SMART monitoring for storage drives and improved handling of offline enclosures * dssghealthmon: added utilities to check status of the dssghealthmond daemon and to immediately trigger a new monitoring cycle Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 23A.1 https://www.lenovo.com/lesi_br#BR23A.1 Highlights: * updated Mellanox OFED and EN to 5.9-0.5.6.0 * updated Mellanox firmware manager to LeSI_23A_OFED-5.9-0_build2 * [DSS-G2xy] updated Cornelis OPXS to 10.12.1.0.7 * [DSS-G100] Intel/Cornelis Omni-Path is not supported on the Lenovo SR630 and SR630 V2 servers - Operating system * updated RHEL 8.6 kernel to 4.18.0-372.51.1 (all DSS-G editions) - IBM Spectrum Scale * [DSS-G2xy] updated DME/DAE release 5.1 to 5.1.6-PTF1-efix9 (5.1.6-1.9); see https://www.ibm.com/docs/en/spectrum-scale/5.1.6?topic=summary-changes * [DSS-G2xy] fixed GUI issues with drive 0 in Lenovo D1224 enclosures * [DSS-G100] updated ECE release 5.1 to 5.1.6-PTF1-efix9 (5.1.6-1.9); see https://www.ibm.com/docs/en/spectrum-scale-ece/5.1.6?topic=summary-changes * the list of IBM Spectrum Scale APARs resolved in 5.1.6.x is available at https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale_apars_516x.html - DSS-G code and documentation * dssghealthmon: fixed case sensitivity issue with configuration keywords such as contactEmail * dssghealthmon: fixed reporting the host name for a server with NVR pdisk issue in DSS-G2xy configurations * dssghealthmon: fixed minor issues around leveraging the component database (compDB) * dssgdiskIOHang: fixed/revisited to force power cycling the hung drive directly from the external enclosure * dssgcallhome: revisited to keep improving the tool to open tickets to Lenovo support * added man pages for most DSS-G utilities (separate package) derived from the command references in the DSS-G Concepts & Administration Guide PDF document * added DSS-G version in most DSS-G utilities * DSS-G deployment: worked around deployment failure with xCAT postscripts disabling the NetworkManager service when the network-scripts RPM is already installed * DSS-G deployment: clarified further the final warning for missing NVR device(s) when upgrading configurations with existing recovery groups * dssg_init.sh: changed to load again the mpt3sas device driver when booting up in production mode (revert from DSS-G 4.1a) * dsschfw-adapter: fixed timeout for HBA firmware upgrade depending on number of installed adapters * dsschfw-lom: added delay waiting for the management server to respond again after OCP/LOM firmware upgrade * dsschfw-ofed: added installing the nVidia/Mellanox MST software tool driver set to update HCA firmware; added support for NDR200 adapters and for deployment of GUI server(s) * dsschmod-drive: improved further final summary; fixed disregarding log file when using -u/--udev option * dssgmkcompdb: fixed dry run mode to also apply to the script setting up displayID; fixed handling of extra parameters (ignored) * dssgmk-env: added installing the network-scripts RPM if needed; fixed installing the just-built gpfs.gplbin RPM depending on context (deployment/maintenance) * dssgmkmc: added support for -p/--prefix and -s/--suffix options; fixed to no longer shut down mmfsd on the storage and remote clusters * dssgmkMfgFS: improved to greatly speed up identifying DSS-G hybrid configuration * dssgmkstorage: added better (atomic) handling of nodeclass and recovery groups such as creating/deleting upon script failure * dsslsadapters: fixed to support non-DSS-G nodes such as GUI server(s) * dssmk-sys: added reformating of /etc/fstab; removed the rd.driver.pre=megaraid_sas,mpt3sas kernel parameter from GRUB configuration (revert from DSS-G 4.1a) * pdiskToSesID: revisited to fix multiple issues * dssgMZloader: revisited to properly handle script options and log operations into a single /var/log/dssgMZloader.log file - Enhancements to address security vulnerabilities * For the status of current advisories for IBM Spectrum Scale on Linux, refer to: https://www.ibm.com/docs/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * This release ships with the following Java JDK provided in Spectrum Scale 5.1.6-1: openjdk version "11.0.15" 2022-04-19 IBM Semeru Runtime Open Edition 11.0.15.0 (build 11.0.15+10) For the status of current advisories regarding the OpenJDK, refer to: https://openjdk.org/groups/vulnerability/advisories/ * The following lists the resolved CVEs from the previous DSS-G release based on RHEL 8.6: CVE ID Resolution Component ------ ---------- --------- CVE-2021-4235 RHSA-2022:7398 NetworkManager CVE-2022-1705 RHSA-2022:7398 NetworkManager CVE-2022-2601 RHSA-2023:0048 grub2-common CVE-2022-2879 RHSA-2022:7398 NetworkManager CVE-2022-2880 RHSA-2022:7398 NetworkManager CVE-2022-2964 RHSA-2023:1130 kernel CVE-2022-2964 RHSA-2023:1130 perf CVE-2022-2964 RHSA-2023:1130 python3-perf CVE-2022-2995 RHSA-2022:7398 NetworkManager CVE-2022-3162 RHSA-2022:7398 NetworkManager CVE-2022-3172 RHSA-2022:7398 NetworkManager CVE-2022-3259 RHSA-2022:7398 NetworkManager CVE-2022-3466 RHSA-2022:7398 NetworkManager CVE-2022-3775 RHSA-2023:0048 grub2-common CVE-2022-4139 RHSA-2023:0440 kernel CVE-2022-4139 RHSA-2023:0440 perf CVE-2022-4139 RHSA-2023:0440 python3-perf CVE-2022-4269 RHSA-2023:1130 kernel CVE-2022-4269 RHSA-2023:1130 perf CVE-2022-4269 RHSA-2023:1130 python3-perf CVE-2022-4318 RHSA-2023:1033 kernel CVE-2022-4318 RHSA-2023:1033 perf CVE-2022-4318 RHSA-2023:1033 python3-perf CVE-2022-26373 RHSA-2023:0440 kernel CVE-2022-26373 RHSA-2023:0440 perf CVE-2022-26373 RHSA-2023:0440 python3-perf CVE-2022-27664 RHSA-2022:7398 NetworkManager CVE-2022-30631 RHSA-2022:7398 NetworkManager CVE-2022-32148 RHSA-2022:7398 NetworkManager CVE-2022-32189 RHSA-2022:7398 NetworkManager CVE-2022-32190 RHSA-2022:7398 NetworkManager CVE-2022-41222 RHSA-2023:1130 kernel CVE-2022-41222 RHSA-2023:1130 perf CVE-2022-41222 RHSA-2023:1130 python3-perf CVE-2022-41715 RHSA-2022:7398 NetworkManager CVE-2022-41717 RHSA-2023:1268 kernel CVE-2022-41717 RHSA-2023:1268 perf CVE-2022-41717 RHSA-2023:1268 python3-perf CVE-2022-47629 RHSA-2023:0594 libksba CVE-2023-0266 RHSA-2023:1554 kernel CVE-2023-0266 RHSA-2023:1554 perf CVE-2023-0266 RHSA-2023:1554 python3-perf CVE-2023-0286 RHSA-2023:1441 openssl CVE-2023-0386 RHSA-2023:1554 kernel CVE-2023-0386 RHSA-2023:1554 perf CVE-2023-0386 RHSA-2023:1554 python3-perf CVE-2023-0767 RHSA-2023:1369 nss CVE-2023-22809 RHSA-2023:0283 sudo CVE-2023-25725 RHSA-2023:1268 kernel CVE-2023-25725 RHSA-2023:1268 perf CVE-2023-25725 RHSA-2023:1268 python3-perf ---------- DSS-G 4.3b ---------- Released 2023-03-07 This DSS-G release supports gen2 and gen3 DSS servers (Lenovo ThinkSystem SR6x0 and SR6x0 V2) only. Updates and fixes ----------------- - DSS-G code and documentation * reverted firmware for the OCP (Broadcom NIC in SR6x0 V2) to the level in DSS-G 4.2 to work around multiple issues (https://support.lenovo.com/solutions/TT1001) * updated nVidia/Mellanox Adapter Firmware package to mlxfwmanager_LeSI_22C_OFED-5.8-0_build2 * [DSS-G2xy] drive firmware: added support for newer drive references; fixed wrong LKL2 firmware, replaced with LCL3 (https://support.lenovo.com/solutions/TT1012) * dssghealthmon system: fixed the dssghealthmond service to correctly detect the management server (https://support.lenovo.com/solutions/HT514667) ---------- DSS-G 4.3a ---------- Released 2022-12-16 This DSS-G release supports gen2 and gen3 DSS servers (Lenovo ThinkSystem SR6x0 and SR6x0 V2) only. New features ------------ - Operating system * RHEL 8.6 with kernel 4.18.0-372.36.1 (all DSS-G editions) - Storage * overhauled the DSS-G Health Monitor (dssghealthmon) and added new features; refer to section 5.4.1 of the DSS-G Concepts & Administration Guide * revisited the DSS-G callback for hung storage drives (dssgdiskIOHang); refer to section 5.5.1 of the DSS-G Concepts & Administration Guide * improved DSS-G Call Home (dssgcallhome) and added support for reports from dssgdiskIOHang Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 22C.2 https://www.lenovo.com/lesi_br#BR22C.2 Highlights: * updated Mellanox OFED and EN to 5.8-1.0.1.1 * updated Mellanox firmware manager to LeSI_22C_OFED-5.8-0_build1 * [DSS-G2xy] updated Cornelis OPXS to 10.12.0.0.22 * [DSS-G2xy] migrated FirmwareTools, UEFI levels from Intel to Cornelis packages * [DSS-G100] Intel/Cornelis Omni-Path is not supported on the Lenovo SR630 and SR630 V2 servers - IBM Spectrum Scale * [DSS-G2xy] updated DME/DAE release 5.1 to 5.1.5-PTF1-efix20 (5.1.5-1.20); see https://www.ibm.com/docs/en/spectrum-scale/5.1.5?topic=summary-changes * [DSS-G100] updated ECE release 5.1 to 5.1.5-PTF1 (5.1.5-1); see https://www.ibm.com/docs/en/spectrum-scale-ece/5.1.5?topic=summary-changes * the list of IBM Spectrum Scale APARs resolved in 5.1.5.x is available at https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale_apars_515x.html - DSS-G code and documentation * dssgdiskIOHang system: renamed path from diskIOHang to dssgdiskIOHang for consistency * component specifications: enabled support of enclosure displayId in the component database; moved unsupported hardware to companion file * DSS-G deployment: fixed mode change of IB adapters caused by loading default settings after UEFI upgrade (backup/restore procedure) * DSS-G deployment: fixed minor issues with the "up and running" message in /etc/issue on the deployed nodes * DSS-G deployment: fixed erroneous final warning for missing NVR device(s) when re-installing on configurations where recovery groups were not yet created * DSS-G deployment: moved logs generated by the OneCli utility to /var/log/onecli on the deployed nodes * DSS-G deployment: disabled dnf-makecache and dnf-makecache.timer services; improved handling of hung processes * xCAT deployment: fixed long-standing issue with unset /etc/hostname on the deployed nodes by listing the xCAT hardeths postscript in dssgserver.stanza * [DSS-G2xy] enclosure firmware: updated to 52AE * dsschmod-drive: improved detection and report of OCT-enabled drives; improved final summary * dssgckdisks: fixed occasional inconsistent performance figures for one or multiple drives (regression from DSS-G 4.1a) * dssgmkcompdb: added support for recording displayId in the component database; fixed setting displayId > 7 on enclosures; fixed issue with configurations over 2 racks * dssgmkdbscripts: fixed to not set displayId with DSS-G100 ECE configuration * dssgmk-env: added support to build and install the GPFS OSPL (GPL) as gpfs.gplbin RPM * dssg.snap: added support to collect /var/log/onecli logs from the DSS nodes * dssClientConfig.sh: fixed prefetchThreads value from 128 to 341 to improve performance - Enhancements to address security vulnerabilities * For the status of current advisories for IBM Spectrum Scale on Linux, refer to: https://www.ibm.com/docs/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * This release ships with the following Java JDK provided in Spectrum Scale 5.1.5-1: openjdk version "11.0.15" 2022-04-19 IBM Semeru Runtime Open Edition 11.0.15.0 (build 11.0.15+10) For the status of current advisories regarding the OpenJDK, refer to: https://openjdk.org/groups/vulnerability/advisories/ * The following lists the resolved CVEs from the base RHEL 8.6 distribution: CVE ID Resolution Component ------ ---------- --------- CVE-2015-20107 RHSA-2022:6457 platform-python CVE-2015-20107 RHSA-2022:6457 python3-libs CVE-2018-25032 RHSA-2022:2201 rsync CVE-2020-28915 RHSA-2022:5316 kernel CVE-2020-28915 RHSA-2022:5316 perf CVE-2020-28915 RHSA-2022:5316 python3-perf CVE-2020-35525 RHSA-2022:7108 sqlite CVE-2020-35527 RHSA-2022:7108 sqlite CVE-2021-3695 RHSA-2022:5095 grub2-common CVE-2021-3695 RHSA-2022:5095 mokutil CVE-2021-3695 RHSA-2022:5095 shim-x64 CVE-2021-3696 RHSA-2022:5095 grub2-common CVE-2021-3696 RHSA-2022:5095 mokutil CVE-2021-3696 RHSA-2022:5095 shim-x64 CVE-2021-3697 RHSA-2022:5095 grub2-common CVE-2021-3697 RHSA-2022:5095 mokutil CVE-2021-3697 RHSA-2022:5095 shim-x64 CVE-2021-40528 RHSA-2022:5311 libgcrypt CVE-2022-0391 RHSA-2022:6457 platform-python CVE-2022-0391 RHSA-2022:6457 python3-libs CVE-2022-0494 RHSA-2022:7110 kernel CVE-2022-0494 RHSA-2022:7110 perf CVE-2022-0494 RHSA-2022:7110 python3-perf CVE-2022-1012 RHSA-2022:5819 kernel CVE-2022-1012 RHSA-2022:5819 perf CVE-2022-1012 RHSA-2022:5819 python3-perf CVE-2022-1158 RHSA-2022:8809 kernel CVE-2022-1158 RHSA-2022:8809 perf CVE-2022-1158 RHSA-2022:8809 python3-perf CVE-2022-1271 RHSA-2022:4991 xz CVE-2022-1292 RHSA-2022:5818 openssl CVE-2022-1353 RHSA-2022:7110 kernel CVE-2022-1353 RHSA-2022:7110 perf CVE-2022-1353 RHSA-2022:7110 python3-perf CVE-2022-1586 RHSA-2022:5809 pcre2 CVE-2022-1621 RHSA-2022:5319 vim-common CVE-2022-1629 RHSA-2022:5319 vim-common CVE-2022-1729 RHSA-2022:5564 kernel CVE-2022-1729 RHSA-2022:5564 perf CVE-2022-1729 RHSA-2022:5564 python3-perf CVE-2022-1785 RHSA-2022:5813 vim-common CVE-2022-1897 RHSA-2022:5813 vim-common CVE-2022-1927 RHSA-2022:5813 vim-common CVE-2022-2068 RHSA-2022:5818 openssl CVE-2022-2097 RHSA-2022:5818 openssl CVE-2022-2509 RHSA-2022:7105 gnutls CVE-2022-2526 RHSA-2022:6206 systemd CVE-2022-2588 RHSA-2022:7110 kernel CVE-2022-2588 RHSA-2022:7110 perf CVE-2022-2588 RHSA-2022:7110 python3-perf CVE-2022-2639 RHSA-2022:8809 kernel CVE-2022-2639 RHSA-2022:8809 perf CVE-2022-2639 RHSA-2022:8809 python3-perf CVE-2022-3515 RHSA-2022:7089 libksba CVE-2022-21123 RHSA-2022:6460 kernel CVE-2022-21123 RHSA-2022:6460 perf CVE-2022-21123 RHSA-2022:6460 python3-perf CVE-2022-21125 RHSA-2022:6460 kernel CVE-2022-21125 RHSA-2022:6460 perf CVE-2022-21125 RHSA-2022:6460 python3-perf CVE-2022-21166 RHSA-2022:6460 kernel CVE-2022-21166 RHSA-2022:6460 perf CVE-2022-21166 RHSA-2022:6460 python3-perf CVE-2022-22576 RHSA-2022:5313 curl CVE-2022-22576 RHSA-2022:5313 libcurl CVE-2022-23816 RHSA-2022:7110 kernel CVE-2022-23816 RHSA-2022:7110 perf CVE-2022-23816 RHSA-2022:7110 python3-perf CVE-2022-23825 RHSA-2022:7110 kernel CVE-2022-23825 RHSA-2022:7110 perf CVE-2022-23825 RHSA-2022:7110 python3-perf CVE-2022-24903 RHSA-2022:4799 rsyslog CVE-2022-25313 RHSA-2022:5314 expat CVE-2022-25314 RHSA-2022:5314 expat CVE-2022-27666 RHSA-2022:5316 kernel CVE-2022-27666 RHSA-2022:5316 perf CVE-2022-27666 RHSA-2022:5316 python3-perf CVE-2022-27774 RHSA-2022:5313 curl CVE-2022-27774 RHSA-2022:5313 libcurl CVE-2022-27776 RHSA-2022:5313 curl CVE-2022-27776 RHSA-2022:5313 libcurl CVE-2022-27782 RHSA-2022:5313 curl CVE-2022-27782 RHSA-2022:5313 libcurl CVE-2022-28733 RHSA-2022:5095 grub2-common CVE-2022-28733 RHSA-2022:5095 mokutil CVE-2022-28733 RHSA-2022:5095 shim-x64 CVE-2022-28734 RHSA-2022:5095 grub2-common CVE-2022-28734 RHSA-2022:5095 mokutil CVE-2022-28734 RHSA-2022:5095 shim-x64 CVE-2022-28735 RHSA-2022:5095 grub2-common CVE-2022-28735 RHSA-2022:5095 mokutil CVE-2022-28735 RHSA-2022:5095 shim-x64 CVE-2022-28736 RHSA-2022:5095 grub2-common CVE-2022-28736 RHSA-2022:5095 mokutil CVE-2022-28736 RHSA-2022:5095 shim-x64 CVE-2022-28737 RHSA-2022:5095 grub2-common CVE-2022-28737 RHSA-2022:5095 mokutil CVE-2022-28737 RHSA-2022:5095 shim-x64 CVE-2022-29154 RHSA-2022:6180 rsync CVE-2022-29824 RHSA-2022:5317 libxml2 CVE-2022-29824 RHSA-2022:5317 python3-libxml2 CVE-2022-29900 RHSA-2022:7110 kernel CVE-2022-29900 RHSA-2022:7110 perf CVE-2022-29900 RHSA-2022:7110 python3-perf CVE-2022-29901 RHSA-2022:7110 kernel CVE-2022-29901 RHSA-2022:7110 perf CVE-2022-29901 RHSA-2022:7110 python3-perf CVE-2022-30629 RHSA-2022:6102 NetworkManager CVE-2022-32206 RHSA-2022:6159 curl CVE-2022-32206 RHSA-2022:6159 libcurl CVE-2022-32208 RHSA-2022:6159 curl CVE-2022-32208 RHSA-2022:6159 libcurl CVE-2022-32250 RHSA-2022:5819 kernel CVE-2022-32250 RHSA-2022:5819 perf CVE-2022-32250 RHSA-2022:5819 python3-perf CVE-2022-34903 RHSA-2022:6463 gnupg2 CVE-2022-37434 RHSA-2022:7106 zlib CVE-2022-38177 RHSA-2022:6778 bind-libs CVE-2022-38177 RHSA-2022:6778 python3-bind CVE-2022-38178 RHSA-2022:6778 bind-libs CVE-2022-38178 RHSA-2022:6778 python3-bind CVE-2022-40674 RHSA-2022:6878 expat CVE-2022-41974 RHSA-2022:7192 kpartx CVE-2022-42010 RHSA-2022:8812 dbus CVE-2022-42011 RHSA-2022:8812 dbus CVE-2022-42012 RHSA-2022:8812 dbus CVE-2022-42898 RHSA-2022:8662 krb5-libs ---------- DSS-G 4.2b ---------- Released 2022-08-31 This DSS-G release supports gen2 and gen3 DSS servers (Lenovo ThinkSystem SR6x0 and SR6x0 V2) only. Updates and fixes ----------------- - Operating system * updated RHEL 8.4 kernel to 4.18.0-305.57.1 (all DSS-G editions) - IBM Spectrum Scale * [DSS-G2xy] updated DME/DAE release 5.1 to 5.1.3-PTF1.efix27 (5.1.3-1.27) * [DSS-G100] updated ECE release 5.1 to 5.1.3-PTF1.efix27 (5.1.3-1.27) * improved hard disk drive utilization and overall drive life by remodeling an internal GFPS metadata structure (AU log) via the nsdRAIDAUAllocSpinningPolicy setting - DSS-G code and documentation * improved documentation for DSS-G deployment using a Confluent management server * xCAT deployment: dssg-install: fixed value for provmethod in dry run mode; fixed leading comma in groups attribute * dssghealthmon system: fixed multiple issues with the server and enclosure daemons; fixed dssghealthmon_startup with ECE nodes * dssg.snap: added /root/dssg-ks*log files for each DSS-G node; fixed nuisance by disabling colored output when fetching node data - Enhancements to address security vulnerabilities * The following lists the resolved CVEs from the previous DSS-G release based on RHEL 8.4: CVE ID Resolution Component ------ ---------- --------- CVE-2020-29368 RHSA-2022:5626 kernel CVE-2021-3695 RHSA-2022:5096 grub2-common CVE-2021-3695 RHSA-2022:5098 shim-x64 CVE-2021-3695 RHSA-2022:5100 shim-x64 CVE-2021-3696 RHSA-2022:5096 grub2-common CVE-2021-3696 RHSA-2022:5098 shim-x64 CVE-2021-3696 RHSA-2022:5100 shim-x64 CVE-2021-3697 RHSA-2022:5096 grub2-common CVE-2021-3697 RHSA-2022:5098 shim-x64 CVE-2021-3697 RHSA-2022:5100 shim-x64 CVE-2021-4197 RHSA-2022:5626 kernel CVE-2021-4203 RHSA-2022:5626 kernel CVE-2022-1012 RHSA-2022:5626 kernel CVE-2022-1271 RHSA-2022:4993 xz CVE-2022-1729 RHSA-2022:5626 kernel CVE-2022-28733 RHSA-2022:5096 grub2-common CVE-2022-28733 RHSA-2022:5098 shim-x64 CVE-2022-28733 RHSA-2022:5100 shim-x64 CVE-2022-28734 RHSA-2022:5096 grub2-common CVE-2022-28734 RHSA-2022:5098 shim-x64 CVE-2022-28734 RHSA-2022:5100 shim-x64 CVE-2022-28735 RHSA-2022:5096 grub2-common CVE-2022-28735 RHSA-2022:5098 shim-x64 CVE-2022-28735 RHSA-2022:5100 shim-x64 CVE-2022-28736 RHSA-2022:5096 grub2-common CVE-2022-28736 RHSA-2022:5098 shim-x64 CVE-2022-28736 RHSA-2022:5100 shim-x64 CVE-2022-28737 RHSA-2022:5096 grub2-common CVE-2022-28737 RHSA-2022:5098 shim-x64 CVE-2022-28737 RHSA-2022:5100 shim-x64 CVE-2022-32250 RHSA-2022:5626 kernel ---------- DSS-G 4.2a ---------- Released 2022-07-28 This DSS-G release supports gen2 and gen3 DSS servers (Lenovo ThinkSystem SR6x0 and SR6x0 V2) only. New features ------------ - Management server * added support for a Confluent management server as an alternative to xCAT * support for xCAT will be removed in a future release - DSS-G configurations * [DSS-G2xy] added support for 430-16e SAS adapter in SR650 V2 servers Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 22B.1 https://www.lenovo.com/lesi_br#BR22B.1 Highlights: * updated Mellanox OFED to 5.6-1.0.3.3 and added Mellanox EN 5.6-1.0.3.5 * updated Mellanox firmware manager to 5.6-1_build2 * [DSS-G2xy] updated software stack for Intel Omni-Path to Cornelis OPXS 10.11.1.3.1 * [DSS-G2xy] migraded software stack for Intel Omni-Path to Cornelis TMM 10.11.2.0.2 * [DSS-G100] Intel Omni-Path is not supported on the Lenovo SR630 and SR630 V2 servers - Operating system * updated RHEL 8.4 kernel to 4.18.0-305.49.1 (all DSS-G editions) - IBM Spectrum Scale * [DSS-G2xy] removed Spectrum Scale 5.0 (End of Support on April 30, 2022) * [DSS-G2xy] updated DME/DAE release 5.1 to 5.1.3-PTF1 (5.1.3-1) * [DSS-G100] updated ECE release 5.1 to 5.1.3-PTF1 (5.1.3-1) - DSS-G code and documentation * added support for Confluent management server for deployment, in DSS-G utilities and for GUI resources, and in documentation * added support for (color) emphasis in the console output of all DSS-G utilities except dssClientConfig.sh (see section 8.6.5 of the DSS-G Concepts & Administration Guide) * added udev 99-add-disk.rules to run dsschmod-drive; fixed udev 01-disk-gpt.rules to only apply upon added drive * xCAT deployment: dssg-install: added support for partition script and associated -u or -o options (see section 8.4.1 of the DSS-G Concepts & Administration Guide) * xCAT deployment: dssg-install: fixed setting xCAT group when node names contain "dssg" * xCAT deployment: added support to detect prior DSS-G installation; added final warning for missing NVR device(s) upon upgrade or re-install * dssgcallhome system: fixed multiple issues - Note: DSS-G Call Home is still under development * dssghealthmon system: added support for cron jobs such as the new dssghealthmon_erflist utility; added dssghealthmon_setcrontab utility * dssghealthmon system: fixed to support component database from dssgmkcompdb; fixed enclosure handling; fixed pdFailed callback to support multiple nodeclasses * dsschfw-adapter: fixed removal of the /tmp directory when building the mpt3sas device driver; fixed timeout when updating HBA firmware * dsschfw-ofed: added support for Mellanox EN device driver in configurations with Intel OPA; updated to support Cornelis TMM * dsschmod-drive: added -u option to target specific device; added summary of changes * dssgckdisks,dssgcktopology: fixed checks for drive capacities with DSS-G2xy hybrid configurations; fixed how issues are reported * dssgCleanUp (Manufacturing only): relaxed usage requirements and aligned output; fixed to check provided node list * dssgmkcluster: added -d (dry run) option; fixed -F option not flagged deprecated * dssgmkcompdb: fixed default behaviour to turn on dry run and verbose modes so that the component database remains unchanged * dssgmk-env: added support for 99-add-disk.rules; fixed lvm.conf global_filter for ECE configuration * dssgmkstorage: added support to reformat all NVMe drives in ECE configuration using best format option * dsslsadapters: fixed to stop on error when the requested node list turns out empty * dsslsfw-adapter: added support for 430-16e HBA on SR650 V2 servers * dssmk-raid: fixed again backup and restore of NVR devices; added repairing of missing NVR partition label * dssClientConfig.sh,dssServerConfig.sh: added -d (dry run) option enforced by -D (debug); fixed handling of nodeclass argument; fixed -V option to leverage active IB ports only - Enhancements to address security vulnerabilities * For the status of current advisories for IBM Spectrum Scale on Linux, refer to: https://www.ibm.com/docs/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * This release ships with the following Java SDK provided in Spectrum Scale 5.1.3-1: openjdk version "11.0.14.1" 2022-02-08 IBM Semeru Runtime Open Edition 11.0.14.1 (build 11.0.14.1+1) For the status of current advisories regarding the Java SDK, refer to: https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities * The following lists the resolved CVEs from the previous DSS-G release based on RHEL 8.4: CVE ID Resolution Component ------ ---------- --------- CVE-2018-25032 RHSA-2022:2198 rsync CVE-2018-25032 RHSA-2022:4845 zlib CVE-2021-4037 RHSA-2022:4829 kernel CVE-2021-4083 RHSA-2022:1455 kernel CVE-2021-20322 RHSA-2022:4829 kernel CVE-2022-0492 RHSA-2022:1455 kernel CVE-2022-0778 RHSA-2022:1071 openssl CVE-2022-1271 RHSA-2022:1676 gzip CVE-2022-23852 RHSA-2022:4834 expat CVE-2022-24903 RHSA-2022:4802 rsyslog CVE-2022-25235 RHSA-2022:1012 expat CVE-2022-25236 RHSA-2022:1012 expat CVE-2022-25315 RHSA-2022:1012 expat CVE-2022-25636 RHSA-2022:1455 kernel CVE-2022-27666 RHSA-2022:4829 kernel ---------- DSS-G 4.1b ---------- Released 2022-03-31 This DSS-G release supports gen2 and gen3 DSS servers (Lenovo ThinkSystem SR6x0 and SR6x0 V2) only. Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 22A https://www.lenovo.com/lesi_br#BR22A.0 Highlights: * updated Mellanox OFED to 5.5-2.1.7.0 - Operating system * updated RHEL 8.4 kernel to 4.18.0-305.40.2 (all DSS-G editions) - DSS-G code and documentation * updated UEFI level for the SR650 V2 and SR630 V2 servers * updated firmware level and added out-of-box i40e device driver for the Intel NIC on the SR650 and SR630 servers * [DSS-G2xy] enclosure firmware: downgraded from 5291 to 5280 along with legacy firmware update utility * fixed erroneous/missing data in the DSSGversion file * fixed dssgxdsh() to prepend the local node name for the standard error (regression from DSS-G 4.1a) * dsschfw-lom: added support for building the i40e device driver from source * dsschfw-ofed: tuned for deployment of the new Mellanox/nVidia OFED level * dsschfw-osdrive: fixed to support a single firmware package for the servers' internal drives - Enhancements to address security vulnerabilities * The following lists the resolved CVEs from the previous DSS-G release based on RHEL 8.4: CVE ID Resolution Component ------ ---------- --------- CVE-2021-0920 RHSA-2022:0777 kernel CVE-2021-4028 RHSA-2022:0777 kernel CVE-2022-0330 RHSA-2022:0777 kernel CVE-2022-0435 RHSA-2022:0777 kernel CVE-2022-0516 RHSA-2022:0777 kernel CVE-2022-0847 RHSA-2022:0831 kernel CVE-2022-22942 RHSA-2022:0777 kernel ---------- DSS-G 4.1a ---------- Released 2022-03-01 This DSS-G release supports gen2 and gen3 DSS servers (Lenovo ThinkSystem SR6x0 and SR6x0 V2) only. New features ------------ - Operating system * RHEL 8.4 with kernel 4.18.0-305.34.2 (all DSS-G editions) * added source RPMs for all RHEL advisories included in the DSS-G installation packages - IBM Spectrum Scale * added back support for the DSS-G GUI with release 5.1 * [DSS-G2xy] added back support for release 5.0 with 5.0.5-PTF11 (5.0.5-11) augmented with log4j efixes for gpfs.gui and gpfs.java (5.0.5-11.2) * removed packages for gpfs.kafka and gpfs.librdkafka * removed package gpfs.java from deployed DSS-G servers; used only when deploying optional GUI server - Storage * added DSS-G Call Home (dssgcallhome) ease-of-use system to open tickets to Lenovo Support for hardware issues * added support for new product identifier / part number (PID 2U24ENCLJ12ESM3P / 4587LC2) for the D1224 enclosure * added support for offline HBA firmware update with mmchfirmware --type host-adapter Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 22B https://support.lenovo.com/us/en/solutions/HT514050 Highlights: * updated Mellanox OFED to 5.5-1.0.3.2 * [DSS-G2xy] migrated software stack for Intel Omni-Path to Cornelis OPXS 10.11.1.1.1 * [DSS-G100] Intel Omni-Path is not supported on the Lenovo SR630 and SR630 V2 servers - IBM Spectrum Scale * [DSS-G2xy] updated release 5.1 to 5.1.2-PTF2-efix3 (5.1.2-2.3) containing log4j efix * [DSS-G100] updated ECE release 5.1 to 5.1.2-PTF2-efix3 (5.1.2-2.3) - DSS-G code and documentation * better handle non-DSS nodes and speed up utilities that detect DSS-G configurations versus full topology; consistently check supported OS release * consistently use DRYRUN log prefix for DSS-G utilities supporting dry run mode * xCAT deployment: dssg-install: improved to clean up xCAT groups attributes for servers deployed with older DSS-G releases; fixed error reporting of unknown machine type models * xCAT deployment: swapped order of lom_dd and ofed_dd due to dependencies of the OCP device driver on SR6x0 V2 servers * GUI: added resources for support nodes; improved layout for rack display in GUI hardware panel * component specifications: added support for new PID for the D1224 enclosure; fixed support for expansion to DSS-G202 (SSD) configuration * dssgcallhome system: added dssgcallhome script and support utilities documented in section 4.6 of the DSS-G Concepts & Administration Guide * dssghealthmon system: added support for dssgcallhome; added originating node in the error report file (ERF); fixed potential mismatch with server names that would prevent generating the ERF for enclosures * [DSS-G2xy] drive firmware: updated firmware levels for selected storage HDDs; improved logging for loader * [DSS-G2xy] enclosure firmware: updated to 5291; updated and improved loader to leverage new firmware update utility * dssg_init.sh: changed to no longer load the mpt3sas device driver therein; the rd.driver.pre=megaraid_sas,mpt3sas kernel parameter is now set in GRUB configuration * dsschfw-adapter: added support to build DSS-G specific mpt3sas level (37.00.03.00) that addresses potential RDMA issues * dsschfw-enclosure: added support for new tool to update enclosure firmware and for new PID for the D1224 enclosure * dsschfw-lom: added support to install both Ethernet and RoCE device drivers for the OCP (SR6x0 V2 servers only) * dsschfw-ofed: updated to support Cornelis OPXS on Intel OPA configurations as well as newer Mellanox OFED level * dsschfw-raid: fixed to bring up the LAN over USB interface for the recovery procedure introduced in DSS-G 4.0a * dsschmod-enclosure: added support for new PID for the D1224 enclosure and improved logs * dssg.snap: added option -f to obtain mmdf data from first node only; fixed once again to collect data from all nodes in the storage cluster * dssgckdisks: added checks for drive location and capacities; improved to use a single sub-process per drive rather than per drive path * dssgcktopology: added check for consistent drive capacities; reordered checks and fixed warnings * dssgmk-env: added support for sdparm and new PID for D1224 enclosure; fixed handling of Lenovo patches; fixed support for SR6x0 V2; fixed issue with /etc/logrotate.d/syslog * dssgmkcompdb: added new utility to generate component database resources for the whole storage cluster; replacement to dssgmkdbscripts * dssgmkdbscripts: removed -s (--suffix) option; fixed missing support for --blockname long option; fixed handling of SR630 V2 and of unreachable nodes * dssgmkfs: fixed handling of unreachable nodes * dsslsadapters: fixed to correctly report non-DSS nodes; fixed to not prematurely exit on unreachable nodes * dsslsfw-enclosure: added support for new tool to query enclosure firmware and for new PID for the D1224 enclosure * dssmk-raid: fixed how NVRAM devices are saved/restored during DSS-G deployment or upgrade * dssmk-sys: added rd.driver.pre=megaraid_sas,mpt3sas kernel parameter to the GRUB configuration to load these device drivers early in the boot sequence - Enhancements to address security vulnerabilities * For the status of current advisories for IBM Spectrum Scale on Linux, refer to: https://www.ibm.com/docs/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * This release ships with the following Java SDK provided in Spectrum Scale 5.1.2-2 and 5.0.5-11: openjdk version "11.0.10" 2021-01-19 OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.10+9) For the status of current advisories regarding the Java SDK, refer to: https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities * The following lists the resolved CVEs from the base RHEL 8.4 distribution: CVE ID Resolution Component ------ ---------- --------- CVE-2020-14372 RHSA-2021:2566 fwupd CVE-2020-25632 RHSA-2021:2566 fwupd CVE-2020-25647 RHSA-2021:2566 fwupd CVE-2020-25648 RHSA-2021:3572 nspr CVE-2020-26541 RHSA-2021:2570 kernel CVE-2020-27749 RHSA-2021:2566 fwupd CVE-2020-27779 RHSA-2021:2566 fwupd CVE-2020-36385 RHSA-2021:4056 kernel CVE-2021-0512 RHSA-2021:4056 kernel CVE-2021-3421 RHSA-2021:2574 python3-rpm CVE-2021-3501 RHSA-2021:2168 kernel CVE-2021-3516 RHSA-2021:2569 libxml2 CVE-2021-3517 RHSA-2021:2569 libxml2 CVE-2021-3518 RHSA-2021:2569 libxml2 CVE-2021-3520 RHSA-2021:2575 lz4-libs CVE-2021-3521 RHSA-2022:0254 python3-rpm CVE-2021-3537 RHSA-2021:2569 libxml2 CVE-2021-3541 RHSA-2021:2569 libxml2 CVE-2021-3543 RHSA-2021:2168 kernel CVE-2021-3560 RHSA-2021:2238 polkit CVE-2021-3609 RHSA-2021:3057 kernel CVE-2021-3621 RHSA-2021:3151 libsss_autofs CVE-2021-3653 RHSA-2021:3548 kernel CVE-2021-3656 RHSA-2021:4056 kernel CVE-2021-3733 RHSA-2021:4057 platform-python CVE-2021-4034 RHSA-2022:0266 polkit CVE-2021-4154 RHSA-2022:0186 kernel CVE-2021-4155 RHSA-2022:0186 kernel CVE-2021-20225 RHSA-2021:2566 fwupd CVE-2021-20233 RHSA-2021:2566 fwupd CVE-2021-20271 RHSA-2021:2574 python3-rpm CVE-2021-20317 RHSA-2021:4650 kernel CVE-2021-22543 RHSA-2021:3057 kernel CVE-2021-22555 RHSA-2021:3057 kernel CVE-2021-22918 RHSA-2021:3075 libuv CVE-2021-22922 RHSA-2021:3582 curl CVE-2021-22923 RHSA-2021:3582 curl CVE-2021-22924 RHSA-2021:3582 curl CVE-2021-22946 RHSA-2021:4059 curl CVE-2021-22947 RHSA-2021:4059 curl CVE-2021-25217 RHSA-2021:2359 dhcp-client CVE-2021-27218 RHSA-2021:3058 glib2 CVE-2021-27219 RHSA-2021:2170 glib2 CVE-2021-28950 RHSA-2021:4650 kernel CVE-2021-32399 RHSA-2021:2714 kernel CVE-2021-33034 RHSA-2021:2570 kernel CVE-2021-33909 RHSA-2021:2714 kernel CVE-2021-33910 RHSA-2021:2717 systemd CVE-2021-33928 RHSA-2021:4060 libsolv CVE-2021-33929 RHSA-2021:4060 libsolv CVE-2021-33930 RHSA-2021:4060 libsolv CVE-2021-33938 RHSA-2021:4060 libsolv CVE-2021-36222 RHSA-2021:3576 krb5-devel CVE-2021-37576 RHSA-2021:3447 kernel CVE-2021-37750 RHSA-2021:3576 krb5-devel CVE-2021-38201 RHSA-2021:3447 kernel CVE-2021-42574 RHSA-2021:4596 binutils CVE-2021-42574 RHSA-2021:4598 annobin CVE-2021-43267 RHSA-2021:4650 kernel CVE-2021-43527 RHSA-2021:4909 nss CVE-2022-0185 RHSA-2022:0186 kernel CVE-2022-24407 RHSA-2022:0668 cyrus-sasl-lib ---------- DSS-G 4.0a ---------- Released 2021-10-21 This DSS-G release supports gen3 DSS servers (Lenovo ThinkSystem SR6x0 V2) and Spectrum Scale 5.1 only. Support for gen2 servers (ThinkSystem SR6x0) will be re-introduced in a future release. Support for Spectrum Scale 5.0 will be re-introduced in a future release. The DSS-G GUI is not supported with ThinkSystem SR6x0 V2 servers at this time and is removed in this release. New features ------------ - IBM Spectrum Scale * added Spectrum Scale ECE 5.1 in the DSS-G distribution with 5.1.1-PTF3 (5.1.1-3) - DSS-G configurations * Lenovo ThinkSystem SR650 V2 (MTM 7Z73CTOLWW) and SR630 V2 (MTM 7Z71CTOLWW) servers (DSS-G gen3) * [DSS-G2xy] support for up to 10x external storage enclosures per building block * [DSS-G2xy] G290 with 9x Lenovo D3284 enclosures (HDDs) * [DSS-G2xy] G2A0 with 10x Lenovo D3284 enclosures (HDDs) * [DSS-G2xy] G272, G281, G282, G291 hybrids (HDDs + SSDs) * [DSS-G100/ECE] support 6x to 32x SR630 V2 servers with 4x to 10x NVMe storage drives each - Storage * [DSS-G2xy] 18TB 3.5" NL-SAS HDD (Lenovo FRU 02JH900) for the D3284 enclosure Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 21B.2 https://www.lenovo.com/lesi_br Highlights: * support for RHEL 8.2 is specific to DSS-G * updated Mellanox OFED to 5.4-1.0.3.0 * Intel Omni-Path is not supported in this release - IBM Spectrum Scale * [DSS-G2xy] updated release 5.1 to 5.1.1-PTF3 (5.1.1-3) - Operating system * updated RHEL 8.2 kernel to 4.18.0-193.65.2 (all DSS-G editions) - DSS-G code and documentation * added support for SR650 V2 and SR630 V2 servers and new DSS-G configurations with up to 10x storage enclosures * changed how dssServerConfig.sh is leveraged during deployment; no longer runs from within dssgmkcluster but must be manually invoked after creating recovery groups (with dssgmkstorage) * improved listing of nodes and building blocks when identifying DSS-G2xy configurations * documentation: the guides for DSS-G Upgrade, Expansion, and the GUI are omitted from this release * documentation: all references to SR650 (V1) and SR630 (V1) servers should be ignored * xCAT deployment: fixed missing dssmk-raid log (RAID setup) from early deployment step * [DSS-G2xy] drive firmware: added support for new drive families; updated firmware levels and product IDs for selected storage HDDs * dsschfw-baseboard: changed order for XCC then UEFI firmware updates and reworked loading of UEFI defaults; increased timeout thresholds * dsschfw-ofed: fixed misleading yum messages when locking OFED levels * dsschfw-raid: added recovery procedure when updating the RAID adapter firmware fails * dssg.snap: added support to capture RAID adapter configuration and logs on each DSS server * dssgckdisks: added warning for drive count mismatch between actually profiled and expected drives * dssgmkMfgFS: added "--block-size auto" to mmdf listing; fixed mounting FS on all cluster nodes if not using -N option * dssgmkcluster: removed running dssServerConfig.sh when creating a storage cluster; removed -F option accordingly * dssgmkdbscripts: added support for rack height -H option (default: 42U); changed default rack type to 1410O42; enforced dry run when rack space smaller than detected DSS-G2xy configuration * dssgmkfs: fixed detection of revovery groups ignoring provided node list * dssgmkstorage: removed setting for nsdRAIDFirmwareDirectory * dssmk-raid: fixed again parsing of -f option * dssmk-settings: removed loading of UEFI defaults before setting DSS-G values * dssClientConfig.sh: aligned with dssServerConfig.sh; added options -F (IB fabric number) and -I (see below) * dssServerConfig.sh: shrinked number of parameters changed after RG creation; added options -V (enable verbs-related settings) and -I (configure IB ports individually); fixed option handling (using bash vs mmksh) - Enhancements to address security vulnerabilities * For the status of current advisories for IBM Spectrum Scale on Linux, refer to: https://www.ibm.com/support/knowledgecenter/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * This release ships with the following Java SDK provided in Spectrum Scale 5.1.1-3: openjdk version "11.0.10" 2021-01-19 OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.10+9) For the status of current advisories regarding the Java SDK, refer to: https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities * The following lists the resolved CVEs from the previous DSS-G release based on RHEL 8.2: CVE ID Resolution Component ------ ---------- --------- CVE-2020-10543 RHSA-2021:2792 perl CVE-2020-10878 RHSA-2021:2792 perl CVE-2020-25704 RHSA-2021:2718 kernel CVE-2020-26116 RHSA-2021:3366 platform-python CVE-2020-26541 RHSA-2021:2718 kernel CVE-2020-35508 RHSA-2021:2718 kernel CVE-2021-0512 RHSA-2021:3446 kernel CVE-2021-3421 RHSA-2021:2791 python3-rpm CVE-2021-3609 RHSA-2021:3363 kernel CVE-2021-3621 RHSA-2021:3365 libsss_autofs CVE-2021-3715 RHSA-2021:3446 kernel CVE-2021-20271 RHSA-2021:2791 python3-rpm CVE-2021-22543 RHSA-2021:3363 kernel CVE-2021-22555 RHSA-2021:3363 kernel CVE-2021-25217 RHSA-2021:2420 dhcp-client CVE-2021-32399 RHSA-2021:3363 kernel CVE-2021-33034 RHSA-2021:2718 kernel CVE-2021-33909 RHSA-2021:2718 kernel CVE-2021-33910 RHSA-2021:2721 systemd CVE-2021-37576 RHSA-2021:3446 kernel ---------- DSS-G 3.2a ---------- Released 2021-06-09 This DSS-G release supports gen2 DSS servers (Lenovo ThinkSystem SR6x0) only New features ------------ - Operating system * RHEL 8.2 with kernel 4.18.0-193.56.1 (all DSS-G editions) * [DSS-G100] replaced CentOS with RHEL for the DSS-G erasure edition - IBM Spectrum Scale * added support for release 5.1 with 5.1.1-PTF0 (5.1.1-0) * the DSS-G GUI does not support Spectrum Scale 5.1 at this time * removed support for release 4.2 - Storage * DSS-G callback for hung storage drives (dssgdiskIOHang system) * DSS-G health monitor (dssghealthmon system) is now managed via systemd Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 21B https://support.lenovo.com/us/en/solutions/HT512514 Highlights: * support for RHEL 8.2 is specific to DSS-G * updated Mellanox OFED to 5.3-1.0.0.1 * [DSS-G2xy] updated Intel OPA IFS to 10.11.0.0.577 * [DSS-G100] Intel Omni-Path is not supported on the Lenovo SR630 server - IBM Spectrum Scale * [DSS-G2xy] updated release 5.0 to 5.0.5-PTF7 (5.0.5-7) * [DSS-G100] updated enablement for Spectrum Scale ECE to 5.1.1-PTF0 (5.1.1-0) that must be obtained from IBM - DSS-G configurations * [DSS-G100] at least 6x SR630 servers (versus 4x previously) are now required for DSS-G100 ECE configurations - DSS-G code and documentation * documentation: added list of abbreviations * component specifications: fixed configuration part numbers and descriptions * removed DSS-G resources relevant to Spectrum Scale 4.2 which is no longer supported * xCAT deployment: added early DSS-G version info; split dssg_ofed into dssg_ofed_dd and dssg_ofed_fw postscripts; fixed synchronization of non-existing DSS-G files * added timeout feature to DSS-G deployment utilites for better handling/reporting of potential hangs * added support to all DSS-G utilities for order-independent options and -h/--help with short purpose description; improved support for manual aborts (keep logs, propagate to remote nodes) * [DSS-G2xy] drive firmware: updated firmware levels and product IDs for selected storage HDDs * [DSS-G2xy] enclosure firmware: updated to 5273; updated and improved loader * dsschfw-baseboard: added options to update baseboard component driver/firmware individually (default: all options); change update order * dsschfw-lom: changed -d/-f options from mutually exclusive to cumulative (default: all options); improve logs * dsschfw-ofed: added cumulative -d/-f options to install the OFED stack and/or adapter firmware (default: all options) * [DSS-G2xy] dsschfw-osdrive: fixed potential firmware update of the external storage by temporarily disabling drive discovery * dsschfw-raid: changed -d/-f options from mutually exclusive to cumulative (default: all options); improve logs * dssg.snap: added options -h (help), -g (generate gpfs.snap tarball), -d (skip collecting enclosure ddump) and -N (select nodes/nodeclass); include /var/log/dssg/ logs from all nodes * dssglsda: fixed -y option showing server info * dssgmk-env: added support for dssgdiskIOHang, dssghealthmon services, and copying of IBM Spectrum Scale license files; fixed regression with SSH service using insecure crypto after transitioning to RHEL 8.x * [DSS-G100] dssgmk-env: enabled weekly trim service for the NVMe storage; fixed patching of mmgetpdisktopology for NVMe not picked up when using absolute path * dssgmkcluster: added support for -F option passed to v5.worker.dssServerConfig * dssgmkstorage: added support for Spectrum Scale 5.1; fixed return status not reflecting failure with any configuration (regression from DSS-G 3.0a) * dsslsfw-adapter: fixed changing vendor name in /etc/redhat-release upon script exit (regression from DSS-G 3.0a for CentOS support) * dssmk-settings: added dependency checks between UEFI firmware update (dsschfw-baseboard) and UEFI settings (dssmk-settings) that should run in sequence with intermediate reboot during deployment or maintenance * pdiskToSesID: improved format checking for input pdisk parameter * v5.worker.dssServerConfig: added -F option (Spectrum Scale IB fabric number) for verbsPorts; added log file; deprecated -M/-P options (pagepool is now set by mmvdisk); tuned parameters for mmvdisk/dssgdiskIOHang/slow drives; set numaMemoryInterleave=yes - Enhancements to address security vulnerabilities * This release adresses Spectrum Scale CVE-2021-29740 (https://www.ibm.com/support/pages/node/6457629) For the status of current advisories for IBM Spectrum Scale on Linux, refer to: https://www.ibm.com/support/knowledgecenter/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin * This release ships with the following Java SDK provided in Spectrum Scale 5.1.1-0 and 5.0.5-7: openjdk version "11.0.10" 2021-01-19 OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.10+9) For the status of current advisories regarding the Java SDK, refer to: https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities * The following lists the resolved CVEs from the base RHEL 8.2 distribution: CVE ID Resolution Component ------ ---------- --------- CVE-2019-3016 RHSA-2020:3010 kernel CVE-2019-11756 RHSA-2020:3280 nspr CVE-2019-17006 RHSA-2020:3280 nspr CVE-2019-17023 RHSA-2020:3280 nspr CVE-2019-19807 RHSA-2020:3010 kernel CVE-2019-20908 RHSA-2020:3218 kernel CVE-2020-0444 RHSA-2021:0765 kernel CVE-2020-0466 RHSA-2021:2185 kernel CVE-2020-1971 RHSA-2020:5422 openssl CVE-2020-2732 RHSA-2020:2102 kernel CVE-2020-8177 RHSA-2020:5417 curl CVE-2020-8559 RHBA-2020:4197 NetworkManager CVE-2020-8616 RHSA-2020:2338 bind-export-libs CVE-2020-8617 RHSA-2020:2338 bind-export-libs CVE-2020-8625 RHSA-2021:0922 bind-export-libs CVE-2020-9283 RHBA-2020:3179 kernel CVE-2020-10711 RHSA-2020:2102 kernel CVE-2020-10713 RHSA-2020:3216 grub2-common CVE-2020-10754 RHSA-2020:3011 NetworkManager CVE-2020-10757 RHSA-2020:3010 kernel CVE-2020-10766 RHSA-2020:3010 kernel CVE-2020-10767 RHSA-2020:3010 kernel CVE-2020-10768 RHSA-2020:3010 kernel CVE-2020-11080 RHSA-2020:2755 libnghttp2 CVE-2020-11501 RHSA-2020:1998 gnutls CVE-2020-11884 RHSA-2020:2102 kernel CVE-2020-12049 RHSA-2020:3014 dbus CVE-2020-12114 RHSA-2021:2185 kernel CVE-2020-12321 RHSA-2020:5416 linux-firmware CVE-2020-12351 RHSA-2020:4286 kernel CVE-2020-12352 RHSA-2020:4286 kernel CVE-2020-12362 RHSA-2021:2185 kernel CVE-2020-12402 RHSA-2020:3280 nspr CVE-2020-12653 RHSA-2020:3010 kernel CVE-2020-12654 RHSA-2020:3010 kernel CVE-2020-12657 RHSA-2020:2427 kernel CVE-2020-12662 RHSA-2020:2416 python3-unbound CVE-2020-12663 RHSA-2020:2416 python3-unbound CVE-2020-12723 RHSA-2021:2184 perl CVE-2020-12825 RHSA-2020:3654 libcroco CVE-2020-12888 RHSA-2020:3010 kernel CVE-2020-13777 RHSA-2020:2637 gnutls CVE-2020-14308 RHSA-2020:3216 grub2-common CVE-2020-14309 RHSA-2020:3216 grub2-common CVE-2020-14310 RHSA-2020:3216 grub2-common CVE-2020-14311 RHSA-2020:3216 grub2-common CVE-2020-14331 RHSA-2020:4286 kernel CVE-2020-14351 RHSA-2021:0765 kernel CVE-2020-14352 RHSA-2020:3658 librepo CVE-2020-14372 RHSA-2021:0697 grub2-common CVE-2020-14382 RHSA-2021:0258 cryptsetup-libs CVE-2020-14385 RHSA-2020:4286 kernel CVE-2020-14386 RHSA-2020:4286 kernel CVE-2020-15586 RHBA-2020:4197 NetworkManager CVE-2020-15586 RHBA-2020:5123 iptables CVE-2020-15705 RHSA-2020:3216 grub2-common CVE-2020-15706 RHSA-2020:3216 grub2-common CVE-2020-15707 RHSA-2020:3216 grub2-common CVE-2020-15780 RHSA-2020:3218 kernel CVE-2020-15862 RHSA-2020:5420 net-snmp-libs CVE-2020-15999 RHSA-2020:4951 freetype CVE-2020-16166 RHSA-2020:5418 kernel CVE-2020-16845 RHBA-2020:4197 NetworkManager CVE-2020-16845 RHBA-2020:5123 iptables CVE-2020-25211 RHSA-2021:0765 kernel CVE-2020-25632 RHSA-2021:0697 grub2-common CVE-2020-25641 RHSA-2021:0073 kernel CVE-2020-25647 RHSA-2021:0697 grub2-common CVE-2020-25705 RHSA-2021:0765 kernel CVE-2020-27749 RHSA-2021:0697 grub2-common CVE-2020-27779 RHSA-2021:0697 grub2-common CVE-2020-28374 RHSA-2021:2185 kernel CVE-2020-29661 RHSA-2021:0765 kernel CVE-2021-3156 RHSA-2021:0219 sudo CVE-2021-3347 RHSA-2021:1272 kernel CVE-2021-3449 RHSA-2021:1063 openssl CVE-2021-3560 RHSA-2021:2237 polkit CVE-2021-20225 RHSA-2021:0697 grub2-common CVE-2021-20233 RHSA-2021:0697 grub2-common CVE-2021-20277 RHSA-2021:1213 libldb CVE-2021-20305 RHSA-2021:1246 gnutls CVE-2021-25215 RHSA-2021:2024 bind-export-libs CVE-2021-27219 RHSA-2021:2171 glib2 CVE-2021-27363 RHSA-2021:1272 kernel CVE-2021-27364 RHSA-2021:1272 kernel CVE-2021-27365 RHSA-2021:1272 kernel ---------- DSS-G 3.1b ---------- Released 2020-09-24 This DSS-G release supports gen2 DSS servers (Lenovo ThinkSystem SR6x0) only Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 20B https://support.lenovo.com/us/en/solutions/HT511104 Highlights: * updated ThinkSystem SR630/SR650 UEFI firmware and LXPM firmware ---------- DSS-G 3.1a ---------- Released 2020-09-18 This DSS-G release supports gen2 DSS servers (Lenovo ThinkSystem SR6x0) only New features ------------ - Storage * DSS-G health monitor (dssghealthmon system) for servers and storage; replaces email notification for failed JBOD drives Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 20B https://support.lenovo.com/us/en/solutions/HT511104 Highlights: * support for RHEL 8.1 / CentOS 8.1 is specific to DSS-G * updated Mellanox OFED to 5.1-0.6.6.0 * [DSS-G2xy] updated Intel OPA IFS to 10.10.3.1.1 * [DSS-G100] Intel Omni-Path is not supported on the Lenovo SR630 server - IBM Spectrum Scale * [DSS-G2xy] updated release 5.0 to 5.0.5-PTF1-efix3 (5.0.5-1.3) * [DSS-G100] updated enablement for Spectrum Scale ECE to 5.0.5-PTF2 (5.0.5-2) - Operating system * [DSS-G2xy] updated RHEL 8.1 kernel to 4.18.0-147.24.2 (DSS-G standard or advanced edition) * [DSS-G100] updated CentOS 8.1 kernel to 4.18.0-147.8.1 (DSS-G erasure edition) - DSS-G code and documentation * removed the dssgcrcb and dssgpdfailed utilities that were used to set up monitoring for the JBOD drives * do not enforce UEFI SharedNicMode for the first ethernet port; dedicated XCC port can be used instead * [DSS-G2xy] drive firmware: updated multiple levels for SSDs and HDDs; fixed Lenovo FRU (02JH604) and VID (LENOVO) for the 16TB NL-SAS HDD * [DSS-G2xy] enclosure firmware: updated to 526E; improved loader to reset SCSI bus from both servers of the building block * dsschfw-adapter: make -d and -f options cumulative rather than mutually exclusive (default: all options); add -n to update NVRAM and related settings of the SAS HBAs * dsschfw-baseboard: update device drivers before firmware to match order for other components * dsschfw-enclosure: add -N option, mutually exclusive with -U; reset scsi ports (both locally and remotely) * dsschfw-ofed: remove creation of network configuration files for OPA adapters * dssgCleanUp (Manufacturing only): fix to run from the /root directory * dssgckdisks: fix to redirect output to /dev/stdout when /dev/tty is not available * dssgmk-env: add support for dssghealthmon; fix missing yum version locks for kernel RPMs; change enclosure fan upper limit to 13800 RPM for mmsysmon * dssgmkdbscripts: add -B option (default: DSS-G configuration name); add support for DSS-G100 building block component * dssgmkfs: add checks for uniform configurations and compatibility of the provided options; fix issue with cluster node names not containing a dot * dssgmkstorage: fix issue with cluster node names not containing a dot * dssServerConfig.sh: set verbPorts independently for each node; check port number inconsistencies between nodes * dssg_adapter: split the xCAT postscript into dssg_adapter_dd and dssg_adapter_fw - Enhancements to address security vulnerabilities For the status of current advisories for IBM Spectrum Scale on Linux, refer to: https://www.ibm.com/support/knowledgecenter/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin [DSS-G2xy] The following lists the resolved CVEs from the previous DSS-G release based on RHEL 8.1: CVE ID Resolution Component ------ ---------- --------- CVE-2019-11840 RHBA-2020:0063 dracut CVE-2019-15030 RHSA-2020:1372 kernel CVE-2019-15031 RHSA-2020:1372 kernel CVE-2019-18660 RHSA-2020:1372 kernel CVE-2019-19527 RHSA-2020:1372 kernel CVE-2019-19768 RHSA-2020:2199 kernel CVE-2019-19807 RHSA-2020:3222 kernel CVE-2019-20892 RHBA-2020:1376 net-snmp-libs CVE-2019-20908 RHSA-2020:3222 kernel CVE-2020-8616 RHSA-2020:2345 bind-export-libs CVE-2020-8617 RHSA-2020:2345 bind-export-libs CVE-2020-10711 RHSA-2020:2199 kernel CVE-2020-10713 RHSA-2020:3223 grub2-common CVE-2020-10757 RHSA-2020:3222 kernel CVE-2020-10766 RHSA-2020:3222 kernel CVE-2020-10767 RHSA-2020:3222 kernel CVE-2020-10768 RHSA-2020:3222 kernel CVE-2020-11080 RHSA-2020:2823 libnghttp2 CVE-2020-11884 RHSA-2020:2199 kernel CVE-2020-12049 RHSA-2020:3298 dbus CVE-2020-12653 RHSA-2020:3222 kernel CVE-2020-12654 RHSA-2020:3222 kernel CVE-2020-12657 RHSA-2020:2667 kernel CVE-2020-12662 RHSA-2020:2419 python3-unbound CVE-2020-12663 RHSA-2020:2419 python3-unbound CVE-2020-12888 RHSA-2020:3222 kernel CVE-2020-13777 RHSA-2020:2638 gnutls CVE-2020-14308 RHSA-2020:3223 grub2-common CVE-2020-14309 RHSA-2020:3223 grub2-common CVE-2020-14310 RHSA-2020:3223 grub2-common CVE-2020-14311 RHSA-2020:3223 grub2-common CVE-2020-15705 RHSA-2020:3223 grub2-common CVE-2020-15706 RHSA-2020:3223 grub2-common CVE-2020-15707 RHSA-2020:3223 grub2-common CVE-2020-15780 RHSA-2020:3222 kernel [DSS-G100] The following lists the resolved CVEs from the previous DSS-G release based on CentOS 8.1: CVE ID Resolution Component ------ ---------- --------- CVE-2019-11840 RHBA-2020:0063 dracut CVE-2019-15030 RHSA-2020:1372 kernel CVE-2019-15031 RHSA-2020:1372 kernel CVE-2019-18660 RHSA-2020:1372 kernel CVE-2019-19527 RHSA-2020:1372 kernel CVE-2019-20892 RHBA-2020:1376 net-snmp-libs ---------- DSS-G 3.0b ---------- Released 2020-05-11 This DSS-G release supports gen2 DSS servers (Lenovo ThinkSystem SR6x0) only Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 20A https://support.lenovo.com/us/en/solutions/HT510293 Highlights: * updated ThinkSystem SR630/SR650 XCC firmware and LXPM firmware+drivers to actually match LeSI 20A levels - DSS-G code and documentation * enclosure firmware: improved loader to reset SCSI bus and fixed firmware query/update ---------- DSS-G 3.0a ---------- Released 2020-04-30 This DSS-G release supports gen2 DSS servers (Lenovo ThinkSystem SR6x0) only New features ------------ - Operating system * [DSS-G2xy] RHEL 8.1 with kernel 4.18.0-147.5.1 (DSS-G standard or advanced edition) * [DSS-G100] CentOS 8.1 with kernel 4.18.0-147.5.1 (DSS-G erasure edition) - IBM Spectrum Scale Erasure Code Edition (ECE) * added enablement for release 5.0.4-PTF3 (5.0.4-3) * Spectrum Scale ECE must be obtained separately from IBM - DSS-G configurations * support for DSS-G100 NVMe scale-out configurations based on the Lenovo ThinkSystem SR630 server (MTM 7X02CTOLWW) * [DSS-G100] support 4x to 32x SR630 servers with either 4x or 8x NVMe drives each * [DSS-G2xy] support new "L" machine type model for the Lenovo ThinkSystem SR650 server (MTM 7X06CTOLWW) * [DSS-G2xy] support new "L" machine type model for the Lenovo D3284 (MTM 6413LC1) and D1224 (MTM 4587LC2) external enclosures * [DSS-G2xy] G231 (HDDs + SSDs) * [DSS-G2xy] G232 (HDDs + SSDs) * [DSS-G2xy] G251 (HDDs + SSDs) * [DSS-G2xy] G252 (HDDs + SSDs) * [DSS-G2xy] G271 (HDDs + SSDs) - Storage * [DSS-G2xy] 16TB 3.5" NL-SAS HDD (Lenovo FRU 02JH605) for the D3284 enclosure * [DSS-G100] All LeSI-supported NVMe PCIe SSDs; see "Lenovo Online SAS/SATA Hard Disk Drive Update Program (For Linux)" from LeSI Best Recipe Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 20A https://support.lenovo.com/us/en/solutions/HT510293 Highlights: * updated Mellanox OFED to 4.7-3.2.9.0 (specific to DSS-G) * [DSS-G2xy] updated Intel OPA IFS to 10.10.1.0.36 (specific to DSS-G) * [DSS-G100] Intel Omni-Path is not supported on the Lenovo SR630 server - IBM Spectrum Scale RAID * updated release 5.0 to 5.0.4-PTF3-efix2 (5.0.4-3.2) * removed support for release 4.2 - DSS-G code and documentation * [DSS-G100] added support for CentOS 8.1 / Lenovo ThinkSystem SR630 / Spectrum Scale ECE * fixed most utilities to error out and display usage on invalid and/or missing arguments * added proper code to lock kernel and OFED levels using yum versionlock * [DSS-G2xy] drive firmware: updated levels for all storage drives except Lenovo FRUs 01DC419 01DC459; fixed Lenovo FRU for the 15.36TB SSD 2.5" SAS drive (01KP502) * [DSS-G2xy] enclosure firmware: updated to 5267; removed levels < 513E from the DSS-G distributions; improved loader to serialize query and load operations with locks * [DSS-G2xy] GUI: updated to support new "L" server and enclosure machine type models * [DSS-G100] GUI: the DSS-G GUI does not support the Lenovo SR630 server * dssg_init.sh: updated for newest Spectrum Scale levels * dsschfw-adapter: renamed from dsschfw-lsi; dsschfw-lsi is now a symbolic link * dsschfw-ofed: added yum versionlock for OFED levels; fixed to explicitly disable OPA TID RDMA (was enabled in all prior DSS-G releases); fixed UEFI settings for HDR100 power management * dsschfw-osdrive: added utility to update the firmware of the internal OS (boot) drives of a DSS server * [DSS-G2xy] dsschmod-enclosure: added utility to change the enclosure machine type model from the new "L" to the legacy "H" model for Spectrum Scale compatibility * dsslsfw-adapter: renamed from dsslsfw-lsi; dsschfw-lsi is now a symbolic link * dssgCleanUp (manufacturing): fixed to keep processing with warnings rather than errors; fixed to wait for FS unmount * dssg_sginfo: added utility to wrap sg_info for correct identification of SSDs with Spectrum Scale * dssgckdisks: added :SDD or :HDD drive selection with -e; fixed to better handle user abort; fixed missing profiling status when a configuration has no drive selected * dssgcrcb: fixed to fail when the component database is not set up for the building block where the pdFailed disk callback is installed * dssgfuncs.sh: added support for the DSSGXDSHLOG=N environment variable in dssgxdsh() to control xCAT auditlog with xdsh: unset or N<0: log everything (default); N=0: disable (bypass xcatd); N>0: use temporary script when number of words in the xdsh command line > N * dssgmk-env: added yum versionlock for the kernel level * dssgmkdbscripts: added support for new "L" models; fixed options -U, -v, and -p; changed -s into -S to not confuse with node suffix * dssgmkfs: renamed from dssgmkfs.mmvdisk; revised to better handle parameter checking and their interdependencies; improved robustness and logging * dssgmkmc: revised for iterative usage (generate key pairs only when storage/remote clusters are not already known); fixed to add/mount only listed FSs * dssgmkstorage.legacy: removed from the DSS-G distributions * dssgmkstorage: renamed from dssgmkstorage.mmvdisk; added dry run (-d) option; revised for better error checking and parallel processing of building blocks from independent Spectrum Scale clusters * dssgpdfailed: added mmvdisk steps for pdisk replacement in the email notification for failed drives * dssmk-raid: added verifying/repairing of the primary and secondary GPT tables for the boot drive; fixed the NVR partitions to have a unique UUID * dssServerConfig.sh: updated for new max pagepool size of 4TiB with Spectrum Scale v5 * dssg-install: added dry run (-d) option; fixed summary for the provisioned nodes * dssg_sashba: renamed the xCAT postscript to dssg_adapter * dssg_osdrive_fw: added xCAT postscript - Enhancements to address security vulnerabilities For the status of current advisories for IBM Spectrum Scale on Linux, refer to: https://www.ibm.com/support/knowledgecenter/en/STXKQY/gpfsclustersfaq.html#gpfsadvlin The following lists the resolved CVEs from the base RHEL 8.1 / CentOS 8.1 distributions: CVE ID Resolution Component ------ ---------- --------- CVE-2018-12207 RHSA-2019:3832 kernel CVE-2019-0154 RHSA-2019:3832 kernel CVE-2019-0155 RHSA-2019:3871 kernel CVE-2019-11135 RHSA-2019:3832 kernel CVE-2019-11745 RHSA-2019:4114 nss CVE-2019-13734 RHSA-2020:0273 sqlite CVE-2019-14814 RHSA-2020:0339 kernel CVE-2019-14815 RHSA-2020:0339 kernel CVE-2019-14816 RHSA-2020:0339 kernel CVE-2019-14865 RHSA-2020:0335 grub2-common CVE-2019-14868 RHSA-2020:0559 ksh CVE-2019-14895 RHSA-2020:0339 kernel CVE-2019-14898 RHSA-2020:0339 kernel CVE-2019-14901 RHSA-2020:0339 kernel CVE-2019-17666 RHSA-2020:0339 kernel CVE-2019-18408 RHSA-2020:0271 libarchive CVE-2019-18634 RHSA-2020:0487 sudo CVE-2019-19338 RHSA-2020:0339 kernel CVE-2020-1712 RHSA-2020:0575 systemd CVE-2020-5208 RHSA-2020:0981 ipmitool ---------- DSS-G 2.5c ---------- Released 2020-03-16 Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 19C.5 https://support.lenovo.com/us/en/solutions/HT510119 Highlights: * updated Mellanox Adapter Firmware to mlxfwmanager_LeSI_19C_OFED-4.7-1_build5 ---------- DSS-G 2.5b ---------- Released 2020-01-30 Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 19C.3 https://support.lenovo.com/us/en/solutions/ht509849 Highlights: * updated Mellanox Adapter Firmware to mlxfwmanager_LeSI_19C_OFED-4.7-1_build3 * updated Lenovo ThinkSystem RAID 930-8i adapter firmware to lnvgy_fw_sraidmr35_930-51.10.0-3024-2_linux_x86-64.bin ---------- DSS-G 2.5a ---------- Released 2020-01-06 New features ------------ - DSS-G configurations * G212 (HDDs + SSDs) Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 19C https://support.lenovo.com/us/en/solutions/ht509709 Highlights: * updated Mellanox OFED to 4.7-1.0.0.1 * updated Intel OPA IFS to 10.10.0.0.445 - IBM Spectrum Scale RAID * updated release 5.0 to 5.0.4-PTF1-efix6 (5.0.4-1.6) * updated release 4.2 to 4.2.3-PTF18 (4.2.3-18) - Operating system * updated RHEL 7.6 kernel to 3.10.0-957.41.1 - DSS-G code and documentation * DSS-G documentation: expanded and revised the document set - Concepts & Administration Guide (new) - Installation & Integration Guide (formerly Manufacturing Preload Procedure) - Upgrade Procedure (revised) - Expansion Procedure (new) - Graphical User Interface (new) - Problem Determination & Remediation Guide (revised) * GUI: tweaked login page * component specifications: fixed DSS-G2x2 hybrid configurations with x3650 M5 (DSS-G gen1) servers * drive firmware: fixed names for Lenovo FRU 01KP067 01KP062 01KP062; updated levels for Lenovo FRUs 01DC199 01DC194 01KP042 01DC429 01DC409 01DC404 01KP508 * enclosure EDF: fixed reading of D3284 temperature sensors * enclosure firmware: updated to 525F; improved loader robustness * linux console: increased log buffer to 4M * Spectrum Scale RAID: increased disk hospital threads to 20 (nsdRAIDDiskDiagThreads=20) * moved long-term DSS-G logs under /var/log/dssg/ (the xCAT postscripts logs remain under /var/log/xcat/) * dsschfw-enclosure: re-added -U option; improved for handling newer enclosure firmware levels * dsschfw-lom: removed step to build the LOM device driver from sources * dsschfw-lsi: removed step to build the SAS HBA device driver from sources * dsschfw-raid: removed step to build the RAID device driver from sources; work around installation of the 930-8i firmware * dssg-install: improved summary for the provisioned nodes * dssg.snap: revised to better handle non-DSS nodes; added mmdf info on existing file system(s) * dssglspartners: fixed usage (help screen, mandatory argument) * dssgmkMfgFS: added -N option; fixed policy to apply for legacy FS only * dssgmkdbscripts: added long options * dssgmkmc: revised usage with command-line options (requires one target node and at least one file system); improved robustness * dssgmkstorage.mmvdisk: fixed handling of non-alphanumeric characters in nodeclass and RG names, replaced by underscore * dsslsadapters: added -h option and log support * dsslsfw-enclosure: added -d option (implied by -A); adapted to newer enclosure firmware levels * pdiskToSesID: fixed 2.4a regression with error handling - Enhancements to address security vulnerabilities CVE ID Resolution Component ------ ---------- --------- CVE-2016-10713 RHSA-2019:2033 patch CVE-2016-10739 RHSA-2019:2118 glibc CVE-2018-0734 RHSA-2019:2304 openssl CVE-2018-1122 RHSA-2019:2189 procps-ng CVE-2018-3058 RHSA-2019:2327 mariadb CVE-2018-3063 RHSA-2019:2327 mariadb CVE-2018-3066 RHSA-2019:2327 mariadb CVE-2018-3081 RHSA-2019:2327 mariadb CVE-2018-3282 RHSA-2019:2327 mariadb CVE-2018-6952 RHSA-2019:2033 patch CVE-2018-11212 IBM JRE 8.0.5.30 java CVE-2018-12327 RHSA-2019:2077 ntp CVE-2018-12404 RHSA-2019:2237 nss CVE-2018-12547 IBM JRE 8.0.5.30 java CVE-2018-12641 RHSA-2019:2075 binutils CVE-2018-12697 RHSA-2019:2075 binutils CVE-2018-14598 RHSA-2019:2079 Xorg CVE-2018-14599 RHSA-2019:2079 Xorg CVE-2018-14600 RHSA-2019:2079 Xorg CVE-2018-14618 RHSA-2019:1880 curl CVE-2018-14647 RHSA-2019:2030 python CVE-2018-15473 RHSA-2019:2143 openssh CVE-2018-15686 RHSA-2019:3222 systemd CVE-2018-15853 RHSA-2019:2079 Xorg CVE-2018-15854 RHSA-2019:2079 Xorg CVE-2018-15855 RHSA-2019:2079 Xorg CVE-2018-15856 RHSA-2019:2079 Xorg CVE-2018-15857 RHSA-2019:2079 Xorg CVE-2018-15859 RHSA-2019:2079 Xorg CVE-2018-15861 RHSA-2019:2079 Xorg CVE-2018-15862 RHSA-2019:2079 Xorg CVE-2018-15863 RHSA-2019:2079 Xorg CVE-2018-15864 RHSA-2019:2079 Xorg CVE-2018-16062 RHSA-2019:2197 elfutils CVE-2018-16402 RHSA-2019:2197 elfutils CVE-2018-16403 RHSA-2019:2197 elfutils CVE-2018-16842 RHSA-2019:2181 curl CVE-2018-16866 RHSA-2019:3222 systemd CVE-2018-16871 RHSA-2019:1873 kernel CVE-2018-16881 RHSA-2019:2110 rsyslog CVE-2018-16884 RHSA-2019:1873 kernel CVE-2018-18310 RHSA-2019:2197 elfutils CVE-2018-18384 RHSA-2019:2159 unzip CVE-2018-18520 RHSA-2019:2197 elfutils CVE-2018-18521 RHSA-2019:2197 elfutils CVE-2018-19788 RHSA-2019:2046 polkit CVE-2018-20969 RHSA-2019:3758 patch CVE-2018-1000876 RHSA-2019:2075 binutils CVE-2019-0155 RHSA-2019:3873 kernel CVE-2019-1125 RHSA-2019:3220 kernel CVE-2019-1559 RHSA-2019:2304 openssl CVE-2019-2422 IBM JRE 8.0.5.30 java CVE-2019-2426 IBM JRE 8.0.5.30 java CVE-2019-2449 IBM JRE 8.0.5.30 java CVE-2019-2503 RHSA-2019:2327 mariadb CVE-2019-2529 RHSA-2019:2327 mariadb CVE-2019-2602 IBM JRE 8.0.5.35 java CVE-2019-2614 RHSA-2019:2327 mariadb CVE-2019-2627 RHSA-2019:2327 mariadb CVE-2019-2684 IBM JRE 8.0.5.35 java CVE-2019-2697 IBM JRE 8.0.5.35 java CVE-2019-2698 IBM JRE 8.0.5.35 java CVE-2019-3858 RHSA-2019:2136 libssh2 CVE-2019-3861 RHSA-2019:2136 libssh2 CVE-2019-3862 RHSA-2019:1884 libssh2 CVE-2019-3900 RHSA-2019:3220 kernel CVE-2019-5010 RHSA-2019:2030 python CVE-2019-5489 RHSA-2019:2837 kernel CVE-2019-7149 RHSA-2019:2197 elfutils CVE-2019-7150 RHSA-2019:2197 elfutils CVE-2019-7664 RHSA-2019:2197 elfutils CVE-2019-7665 RHSA-2019:2197 elfutils CVE-2019-9500 RHSA-2019:4168 kernel CVE-2019-9506 RHSA-2019:3220 kernel CVE-2019-9740 RHSA-2019:2030 python CVE-2019-9947 RHSA-2019:2030 python CVE-2019-9948 RHSA-2019:2030 python CVE-2019-10160 RHSA-2019:1587 python CVE-2019-10245 IBM JRE 8.0.5.35 java CVE-2019-11085 RHSA-2019:1873 kernel CVE-2019-11772 IBM JRE 8.0.5.40 java (with Spectrum Scale 5.0 only) CVE-2019-11775 IBM JRE 8.0.5.40 java (with Spectrum Scale 5.0 only) CVE-2019-11810 RHSA-2019:2837 kernel CVE-2019-11811 RHSA-2019:1873 kernel CVE-2019-12735 RHSA-2019:1619 vim CVE-2019-13638 RHSA-2019:3758 patch CVE-2019-14287 RHSA-2019:3205 sudo CVE-2019-14835 RHSA-2019:2837 kernel ---------- DSS-G 2.4b ---------- Released 2019-08-30 Updates and fixes ----------------- - IBM Spectrum Scale RAID * updated release 5.0 to 5.0.3-PTF2-efix3 (5.0.3-2.3) * updated release 4.2 to 4.2.3-PTF16-efix4 (4.2.3-16.4) ---------- DSS-G 2.4a ---------- Released 2019-08-05 New features ------------ - Operating system * RHEL 7.6 with kernel 3.10.0-957.21.3 - DSS-G configurations * transition to Cascade Lake-SP for the Lenovo ThinkSystem SR650 servers (MTM 7X06CTO1WW) * support for Mellanox HDR100/CX-6 (ConnectX-6) * G270 (HDDs) * G280 (HDDs) * G203 (SSDs) * G211 (HDDs + SSDs) * G261 (HDDs + SSDs) * G262 (HDDs + SSDs) - Storage * mmvdisk command infrastructure with Spectrum Scale 5.x * online building block expansion (mmvdisk) Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 19B https://support.lenovo.com/us/en/solutions/ht508943 Highlights: * updated Intel OPA IFS to 10.9.3.1.1 - IBM Spectrum Scale RAID * updated release 5.0 to 5.0.3-PTF1-efix3 (5.0.3-1.3) * updated release 4.2 to 4.2.3-PTF16 (4.2.3-16) - DSS-G code and documentation * removed the Spectrum Scale gpfs.gss.firmware RPM from the DSS-G distributions * fixed missing NVR path issue after upgrading from DSS-G 2.2a or lower * improved stability in drive enumeration; the RAID devices should always come first * added 99-dss-enc.rules.v5 for enclosure udev rules with Spectrum Scale 5.x * added dssgmkfs.mmvdisk to create file system(s) using mmvdisk with Spectrum Scale 5.x * added dssgmkmc to create multiclusters (storage/client) * added dssgmkstorage.mmvdisk and renamed dssgmkstorage as dssgmkstorage.legacy with Spectrum Scale 5.x * dssClientConfig.sh: changed to display usage by default (no argument) * dssServerConfig.sh: changed to display usage by default (no argument); fixed large pagepool typo / tuned for Spectrum Scale 5.x * dsschfw-raid: disabled exposure of virtualSES enclosure device by the 930 RAID adapter * dssgCleanUp: added support for mmvdisk; added -s, -p, -v options * dssgcrcb, dssgpdfailed: added support for 2nd notification email address * dssgmkMfgFS: added support for mmvdisk; added -p option; changed location of test FS to /dsstest1 * dssgmkdbscripts: added check for enclosure MTM * pdiskToSesID: fixed error message for incorrect pdisk ID format - Enhancements to address security vulnerabilities CVE ID Resolution Component ------ ---------- --------- CVE-2017-18208 RHSA-2018:3083 kernel CVE-2017-18232 RHSA-2018:3083 kernel CVE-2017-18360 RHSA-2018:3083 kernel CVE-2018-1120 RHSA-2018:3083 kernel CVE-2018-1130 RHSA-2018:3083 kernel CVE-2018-3136 IBM JRE 8.0.5.25 java CVE-2018-3139 IBM JRE 8.0.5.25 java CVE-2018-3149 IBM JRE 8.0.5.25 java CVE-2018-3169 IBM JRE 8.0.5.25 java CVE-2018-3180 IBM JRE 8.0.5.25 java CVE-2018-3183 IBM JRE 8.0.5.25 java CVE-2018-3214 IBM JRE 8.0.5.25 java CVE-2018-5344 RHSA-2018:3083 kernel CVE-2018-5407 RHSA-2019:0483 openssl CVE-2018-5742 RHSA-2019:0194 bind CVE-2018-5743 RHSA-2019:1294 bind CVE-2018-5803 RHSA-2018:3083 kernel CVE-2018-7740 RHSA-2018:3083 kernel CVE-2018-7757 RHSA-2018:3083 kernel CVE-2018-9568 RHSA-2019:0512 kernel CVE-2018-10322 RHSA-2018:3083 kernel CVE-2018-14633 RHSA-2018:3651 kernel CVE-2018-17972 RHSA-2019:0512 kernel CVE-2018-18311 RHSA-2019:0109 perl CVE-2018-18445 RHSA-2019:0512 kernel CVE-2018-18559 RHSA-2019:0163 kernel CVE-2018-18690 RHSA-2018:3083 kernel CVE-2019-3815 RHSA-2019:0368 systemd CVE-2019-3855 RHSA-2019:0679 libssh2 CVE-2019-3856 RHSA-2019:0679 libssh2 CVE-2019-3857 RHSA-2019:0679 libssh2 CVE-2019-3863 RHSA-2019:0679 libssh2 CVE-2019-5953 RHSA-2019:1228 wget CVE-2019-6133 RHSA-2019:0230 polkit CVE-2019-6454 RHSA-2019:036 systemd CVE-2019-6974 RHSA-2019:0818 kernel CVE-2019-7221 RHSA-2019:0818 kernel CVE-2019-9636 RHBA-2019:1348 python CVE-2019-11477 RHSA-2019:1481 kernel CVE-2019-11478 RHSA-2019:1481 kernel CVE-2019-11479 RHSA-2019:1481 kernel ---------- DSS-G 2.3a ---------- Released 2019-06-11 New features ------------ - DSS-G configurations * G230 (HDDs) * G250 (HDDs) * G242 (HDDs + SSDs) - Storage * 14TB 3.5" NL-SAS HDD (Lenovo FRU 01KP541) for the D3284 enclosure Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 19A https://support.lenovo.com/us/en/solutions/HT508311 Highlights: * updated Mellanox OFED to 4.6-1.0.1.1 * updated Intel OPA IFS to 10.9.2.0.9 - IBM Spectrum Scale RAID * updated release 5.0 to 5.0.2-PTF3-efix0.1 (5.0.2-3.0.1) * updated release 4.2 to 4.2.3-PTF14 (4.2.3-14) - Operating system * updated RHEL 7.5 kernel to 3.10.0-862.32.2 - DSS-G code and documentation * GUI: fixed component discovery (mmdiscovercomp), support for SR650, and display for D3284 enclosure * added dssg_lom xCAT postscript and dsschfw-lom for LOM firmware and device driver update on all supported servers * added blacklisting of the ses and enclosure kernel modules * dsschfw-enclosure: added summary of number of enclosures; removed -i and -U options; fixed -L option * dsschfw-lsi: added -d/-f options to update device driver or firmware only * dsschfw-raid: added -d/-f options to update device driver or firmware only * dssServerConfig.sh: fixed pagepool=1000000M for configs with 1.5TB+ of RAM and Spectrum Scale 5.x * dssmk-raid: maximized OS partition size * dssg.snap: fixed too long filename issue * dssgckdisks: revised to process all enclosures in parallel; added drive type (HDD or SSD); improved -e option; deprecated -b option * dsschfw-net: renamed to dsschfw-ofed, updating HPC network adapters and OFED stack only - Enhancements to address security vulnerabilities CVE ID Resolution Component ------ ---------- --------- CVE-2018-12126 RHSA-2019:1155 kernel CVE-2018-12127 RHSA-2019:1155 kernel CVE-2018-12130 RHSA-2019:1155 kernel CVE-2018-14646 RHSA-2018:3843 kernel CVE-2018-16864 RHSA-2019:0204 systemd CVE-2018-16865 RHSA-2019:0204 systemd CVE-2018-18397 RHSA-2019:0202 kernel CVE-2019-11091 RHSA-2019:1155 kernel ---------- DSS-G 2.2a ---------- Released 2018-11-15 New features ------------ - Operating system * RHEL 7.5 with kernel 3.10.0-862.20.2 - DSS-G hybrid configurations: D3284 with HDDs + D1224 with SSDs * G221 (2x D3284 with HDDs + 1x D1224 with SSDs) * G222 (2x D3284 with HDDs + 2x D1224 with SSDs) * G241 (4x D3284 with HDDs + 1x D1224 with SSDs) - Storage * online-ready firmware update for all supported enclosures (firmware 513E) * email notification for failed drives Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 18C https://support.lenovo.com/us/en/solutions/ht507611 Highlights: * updated Mellanox OFED to 4.4-2.0.7.0 * updated Intel OPA IFS to 10.8.0.0.204 - IBM Spectrum Scale RAID * updated release 5.0 to 5.0.2-PTF1-efix0.1 (5.0.2-1.0.1) * updated release 4.2 to 4.2.3-PTF11 (4.2.3-11) - DSS-G code and documentation * GUI: no longer installed by default on the DSS servers; separate GUI node recommended * added dssgpdfailed, dssgpdfailed.conf, dssgcrcb for pdFailed disk callback (email notification for failed drives) * 99-gnr-disk.rules: fixed storage udev rules with Spectrum Scale 5.x * dsschfw-enclosure: revised enclosure firmware update method; removed unsupported -o option (online update) * dsschfw-net: changed OPA IPoFabric to utilize UD (unreliable datagram) rather than connected mode * dssg.snap: revised to collect data from all cluster nodes and enclosure ddump from all DSS-G building blocks * dssgmkdbscripts: revised for mmlscomp and mmlscomploc to list components in the same order * dssgmkstorage: fixed -S option * dsslsfw-enclosure: revised to use new jbod_conf instead of fwdownloader * dssmk-diskgpt, removeGptBackup: replaced with 01-disk-gpt.rules (udev) and dssckgpt - Enhancements to address security vulnerabilities CVE ID Resolution Component ------ ---------- --------- CVE-2015-9262 RHSA-2018:3059 X.org CVE-2017-3636 RHSA-2018:2439 mariadb CVE-2017-3641 RHSA-2018:2439 mariadb CVE-2017-3651 RHSA-2018:2439 mariadb CVE-2017-3653 RHSA-2018:2439 mariadb CVE-2017-3735 RHSA-2018:3221 openssl CVE-2017-7562 RHSA-2018:0666 krb5 CVE-2017-10268 RHSA-2018:2439 mariadb CVE-2017-10378 RHSA-2018:2439 mariadb CVE-2017-10379 RHSA-2018:2439 mariadb CVE-2017-10384 RHSA-2018:2439 mariadb CVE-2017-11600 RHBA-2018:2198 kernel CVE-2017-12190 RHSA-2018:1062 kernel CVE-2017-13215 RHSA-2018:2384 kernel CVE-2017-14140 RHSA-2018:1062 kernel CVE-2017-15116 RHSA-2018:1062 kernel CVE-2017-15121 RHSA-2018:1062 kernel CVE-2017-15126 RHSA-2018:1062 kernel CVE-2017-15127 RHSA-2018:1062 kernel CVE-2017-15129 RHSA-2018:1062 kernel CVE-2017-16939 RHBA-2018:2198 kernel CVE-2017-16997 RHSA-2018:3092 glibc CVE-2017-17448 RHSA-2018:1062 kernel CVE-2017-18203 RHSA-2018:1062 kernel CVE-2017-18270 RHSA-2018:1062 kernel CVE-2017-18344 RHSA-2018:3459 kernel CVE-2018-0494 RHSA-2018:3052 wget CVE-2018-0495 RHSA-2018:3221 openssl CVE-2018-0732 RHSA-2018:3221 openssl CVE-2018-0737 RHSA-2018:3221 openssl CVE-2018-0739 RHSA-2018:3221 openssl CVE-2018-1060 RHSA-2018:3041 python CVE-2018-1061 RHSA-2018:3041 python CVE-2018-1068 RHBA-2018:2198 kernel CVE-2018-1113 RHSA-2018:3249 setup CVE-2018-2562 RHSA-2018:2439 mariadb CVE-2018-2622 RHSA-2018:2439 mariadb CVE-2018-2640 RHSA-2018:2439 mariadb CVE-2018-2665 RHSA-2018:2439 mariadb CVE-2018-2668 RHSA-2018:2439 mariadb CVE-2018-2755 RHSA-2018:2439 mariadb CVE-2018-2761 RHSA-2018:2439 mariadb CVE-2018-2767 RHSA-2018:2439 mariadb CVE-2018-2771 RHSA-2018:2439 mariadb CVE-2018-2781 RHSA-2018:2439 mariadb CVE-2018-2813 RHSA-2018:2439 mariadb CVE-2018-2817 RHSA-2018:2439 mariadb CVE-2018-2819 RHSA-2018:2439 mariadb CVE-2018-3616 IVE126O Intel CSME / SPS and TXE Vulnerabilities CVE-2018-3620 RHSA-2018:2384 kernel CVE-2018-3646 RHSA-2018:2384 kernel CVE-2018-3655 IVE126O Intel CSME / SPS and TXE Vulnerabilities CVE-2018-3657 IVE126O Intel CSME / SPS and TXE Vulnerabilities CVE-2018-3658 IVE126O Intel CSME / SPS and TXE Vulnerabilities CVE-2018-3659 IVE126O Intel CSME / SPS and TXE Vulnerabilities CVE-2018-3665 RHBA-2018:2198 kernel CVE-2018-3693 RHSA-2018:2384 kernel CVE-2018-5390 RHSA-2018:2384 kernel CVE-2018-5391 RHSA-2018:2384 kernel CVE-2018-5729 RHSA-2018:3071 krb5 CVE-2018-5730 RHSA-2018:3071 krb5 CVE-2018-5740 RHSA-2018:2570 bind CVE-2018-5750 RHSA-2018:1062 kernel CVE-2018-6485 RHSA-2018:3092 glibc CVE-2018-6927 RHSA-2018:1062 kernel CVE-2018-7208 RHSA-2018:3032 binutils CVE-2018-7566 RHSA-2018:2384 kernel CVE-2018-7568 RHSA-2018:3032 binutils CVE-2018-7569 RHSA-2018:3032 binutils CVE-2018-7642 RHSA-2018:3032 binutils CVE-2018-7643 RHSA-2018:3032 binutils CVE-2018-8945 RHSA-2018:3032 binutils CVE-2018-10372 RHSA-2018:3032 binutils CVE-2018-10373 RHSA-2018:3032 binutils CVE-2018-10534 RHSA-2018:3032 binutils CVE-2018-10535 RHSA-2018:3032 binutils CVE-2018-10675 RHSA-2018:2384 kernel CVE-2018-10915 RHSA-2018:2557 postgresql CVE-2018-11236 RHSA-2018:3092 glibc CVE-2018-11237 RHSA-2018:3092 glibc CVE-2018-12020 RHSA-2018:2181 gnupg2 CVE-2018-12384 RHSA-2018:2768 nss CVE-2018-13033 RHSA-2018:3032 binutils CVE-2018-14634 RHSA-2018:2748 kernel CVE-2018-1000007 RHSA-2018:3157 curl CVE-2018-1000120 RHSA-2018:3157 curl CVE-2018-1000121 RHSA-2018:3157 curl CVE-2018-1000122 RHSA-2018:3157 curl CVE-2018-1000301 RHSA-2018:3157 curl ---------- DSS-G 2.1a ---------- Released 2018-08-13 New features ------------ - IBM Spectrum Scale RAID * added support for release 5.0 with 5.0.1-PTF1-efix1 (5.0.1-1.1) - DSS-G configurations with odd number of enclosures * G210 (1x D3284 with HDDs) - Storage * 1.92TB 2.5" SAS SSD (Lenovo FRU 01KP544) for the D1224 enclosure Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 18B https://support.lenovo.com/us/en/solutions/ht507012 Highlights: * updated Mellanox OFED to 4.4-1.0.0.0 * updated Intel OPA IFS to 10.7.0.0.145 - IBM Spectrum Scale RAID * updated release 4.2 to 4.2.3-PTF9 (4.2.3-9) - Operating system * updated RHEL 7.4 kernel to 3.10.0-693.33.1 - DSS-G code and documentation * removed xCAT packages from the DSS-G distributions * added the DSS-G Problem Determination and Remediation Guide * enabled NUMA by default on all supported servers * added dssghealthcheck: check the health of DSS-G components * dssClientConfig.sh, dssServerConfig.sh: changed and tuned to support Spectrum Scale 4.2 or 5.x releases * dsschfw-baseboard: improved stability of in-band firmware updates * dsschfw-enclosure: updated for future support of online firmware updates; added -i option * dsschfw-lsi: added clearing non-mfg persistent region to prevent adapter corruption issue * dsschfw-net: improved handling of Mellanox IB and Intel OPA adapters * dssg.snap: added enclosure ddump, logs and firmware listings; revised to process all enclosures in parallel * dssgmk-env: removed deprecated KeyRegenerationInterval setting in sshd_config; fixed kdump by blacklisting mpt3sas; added nsdperf and sg3_utils install * dssgmkdbscripts: added -U option; fixed -t option * dsslsadapters: added PCIe address in output * dsslsfw-enclosure: added -f option; changed default (no option) output ordering by display ID * dsslsfw-lsi: added output for SR650 PCIe slot configuration * dssmk-settings: added recovery code when applying UEFI settings * dssmk-sys: removed confusing GRUB crashkernel=auto default setting * sas3flash: fixed wrapper for SR650 - Enhancements to address security vulnerabilities CVE ID Resolution Component ------ ---------- --------- CVE-2014-9402 RHSA-2018:0805 glibc CVE-2015-5180 RHSA-2018:0805 glibc CVE-2017-3736 RHSA-2018:0998 openssl CVE-2017-3737 RHSA-2018:0998 openssl CVE-2017-3738 RHSA-2018:0998 openssl CVE-2017-6462 RHSA-2018:0855 ntp CVE-2017-6463 RHSA-2018:0855 ntp CVE-2017-6464 RHSA-2018:0855 ntp CVE-2017-7562 RHSA-2018:0666 krb5 CVE-2017-8824 RHSA-2018:1130 kernel CVE-2017-9725 RHSA-2018:1130 kernel CVE-2017-11368 RHSA-2018:0666 krb5 CVE-2017-11671 RHSA-2018:0849 gcc CVE-2017-12132 RHSA-2018:0805 glibc CVE-2017-13166 RHSA-2018:1130 kernel CVE-2017-15265 RHSA-2018:1130 kernel CVE-2017-15670 RHSA-2018:0805 glibc CVE-2017-15804 RHSA-2018:0805 glibc CVE-2017-15906 RHSA-2018:0980 openssh CVE-2017-17449 RHSA-2018:1130 kernel CVE-2017-18017 RHSA-2018:1130 kernel CVE-2017-1000252 RHSA-2018:1130 kernel CVE-2017-1000410 RHSA-2018:1130 kernel CVE-2018-1063 RHSA-2018:0913 policycoreutils CVE-2018-1087 RHSA-2018:1345 kernel CVE-2018-1111 RHSA-2018:1455 dhcp CVE-2018-1124 RHSA-2018:1700 procps-ng CVE-2018-1126 RHSA-2018:1700 procps-ng CVE-2018-3639 RHSA-2018:1738 kernel CVE-2018-8897 RHSA-2018:1345 kernel CVE-2018-1000001 RHSA-2018:0805 glibc CVE-2018-1000156 RHSA-2018:1200 patch CVE-2018-1000199 RHSA-2018:1345 kernel ---------- DSS-G 2.0a ---------- Released 2018-03-22 New features ------------ - Operating system * RHEL 7.4 with kernel 3.10.0-693.33.1 including mitigations for Spectre/Meltdown - DSS-G configurations * Lenovo ThinkSystem SR650 servers (MTM 7X06CTO1WW) * D3284 storage enclosure with D32845U12GESM VPD - Storage * 2.4TB 10K 2.5" SAS HDD (Lenovo FRU 01KP508) for the D1224 enclosure * 400GB 10DWD 2.5" SAS SSD (Lenovo FRU 01DC464) for the D1224 enclosure * 1600GB 10DWD 2.5" SAS SSD (Lenovo FRU 01DC449) for the D1224 enclosure * 7.68TB 1DWD 2.5" SAS SSD (Lenovo FRU 01KP062) for the D1224 enclosure * 15.36TB 1DWD 2.5" SAS SSD (Lenovo FRU 01KP062) for the D1224 enclosure Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 17E.1 https://support.lenovo.com/us/en/solutions/ht505773 Highlights: * updated UEFI with Intel microcode for CVE-2017-5715 (variant #2/Spectre) on all supported servers * updated Mellanox OFED to 4.2-1.2.0.0 * updated Intel OPA IFS to 10.6.1.0.2 - IBM Spectrum Scale RAID * updated release 4.2 to 4.2.3-PTF7 (4.2.3-7) - DSS-G code and documentation * added dssmk-diskgpt: backup GPT removal moved ouf of the dssg_diskgpt xCAT postscript * added dssmk-ntp: NTP setup moved out of the dssg_ntp xCAT postscript * added dssmk-settings: UEFI settings moved out of the dssg_settings xCAT postscript * added dssmk-sys: system and kernel settings moved out of the dssg_kernelupdate xCAT postscript * dssg_init.sh: removed initialization of OPA adapters for faster server bootup * dssClientConfig.sh, dssServerConfig.sh: tuned Spectrum Scale for improved OPA performance * dssServerConfig.sh: disabled slow disk detection (nsdRAIDDiskPerformanceMinLimitPct=0) * dsschfw-baseboard: improved stability of baseboard firmware update * dsschfw-enclosure: added -U option * dsschfw-net: added LOM firmware and device driver update (SR650); improved firmware updates for Mellanox and OPA adapters * dssgckdisks: added -e option and progress status; improved profiling figures with empirical tuning * dssgcktopology: fixed to allow running on localhost only; improved detection of topology issues * dssgmkcluster: fixed to allow running with odd number of nodes * dssgmkdbscripts: fixed servers/enclosures order in generated script for component location * dssgmkstorage: added -S option * dsslsfw-enclosure: add -A option * dssmk-env: renamed as dssgmk-env since the script targets Spectrum Scale * dssmk-raid: improved stability by turning JBOD mode off * dssg-install: fixed nodeadd with nodech; improved stability and error reporting for node provisioning - Enhancements to address security vulnerabilities CVE ID Resolution Component ------ ---------- --------- CVE-2014-9761 RHBA-2017:3296 glibc CVE-2015-3243 mitigation rsyslog CVE-2015-8539 RHSA-2018:0151 kernel CVE-2015-8970 RHSA-2017:1842 kernel CVE-2016-7042 RHSA-2017:1842 kernel CVE-2016-7097 RHSA-2017:1842 kernel CVE-2016-8645 RHSA-2017:1842 kernel CVE-2016-8886 removed jasper CVE-2016-9395 removed jasper CVE-2016-9396 removed jasper CVE-2016-9397 removed jasper CVE-2016-9398 removed jasper CVE-2016-9399 removed jasper CVE-2016-9576 RHSA-2017:1842 kernel CVE-2016-9588 RHSA-2017:1842 kernel CVE-2016-9604 RHSA-2017:1842 kernel CVE-2016-9685 RHSA-2017:1842 kernel CVE-2016-9806 RHSA-2017:1842 kernel CVE-2016-10088 RHSA-2017:1842 kernel CVE-2017-2647 RHSA-2017:1842 kernel CVE-2017-2671 RHSA-2017:1842 kernel CVE-2017-3144 RHSA-2018:0158 dhcp CVE-2017-3145 RHSA-2018:0102 bind CVE-2017-5504 removed jasper CVE-2017-5715 RHSA-2018:0012 microcode_ctl CVE-2017-5715 RHSA-2018:0014 linux-firmware CVE-2017-5715 RHSA-2018:0395 kernel CVE-2017-5753 RHSA-2018:0007 kernel CVE-2017-5754 RHSA-2018:0007 kernel CVE-2017-5970 RHSA-2017:1842 kernel CVE-2017-6001 RHSA-2017:1842 kernel CVE-2017-6951 RHSA-2017:1842 kernel CVE-2017-7184 RHSA-2017:2930 kernel CVE-2017-7187 RHSA-2017:1842 kernel CVE-2017-7472 RHSA-2018:0151 kernel CVE-2017-7518 RHSA-2018:0395 kernel CVE-2017-7533 RHSA-2017:2473 kernel CVE-2017-7541 RHSA-2017:2930 kernel CVE-2017-7542 RHSA-2017:2930 kernel CVE-2017-7616 RHSA-2017:1842 kernel CVE-2017-7805 RHBA-2017:2942 nss CVE-2017-7889 RHSA-2017:1842 kernel CVE-2017-8797 RHSA-2017:1842 kernel CVE-2017-8890 RHSA-2017:1842 kernel CVE-2017-9074 RHSA-2017:1842 kernel CVE-2017-9075 RHSA-2017:1842 kernel CVE-2017-9076 RHSA-2017:1842 kernel CVE-2017-9077 RHSA-2017:1842 kernel CVE-2017-9242 RHSA-2017:1842 kernel CVE-2017-9782 removed jasper CVE-2017-11176 RHSA-2017:2930 kernel CVE-2017-12172 RHSA-2017:3402 postgresql CVE-2017-12188 RHSA-2018:0395 kernel CVE-2017-12192 RHSA-2018:0151 kernel CVE-2017-12193 RHSA-2018:0151 kernel CVE-2017-14106 RHSA-2017:2930 kernel CVE-2017-15097 RHSA-2017:3402 postgresql CVE-2017-15102 RHSA-2017:1842 kernel CVE-2017-15649 RHSA-2018:0151 kernel CVE-2017-1000050 removed jasper CVE-2017-1000257 RHSA-2017:3263 curl CVE-2017-1000380 RHSA-2017:3315 kernel CVE-2018-1049 RHSA-2018:0260 systemd CVE-2018-5732 RHSA-2018:0483 dhcp CVE-2018-5733 RHSA-2018:0483 dhcp CVE-2018-9154 removed jasper CVE-2018-9252 removed jasper CVE-2018-11212 removed libjpeg-turbo CVE-2018-11213 removed libjpeg-turbo CVE-2018-11214 removed libjpeg-turbo CVE-2018-11813 removed libjpeg-turbo ---------- DSS-G 1.2a ---------- Released 2017-12-06 New features ------------ - Operating system * RHEL 7.3 with kernel 3.10.0-514.32.3 - Storage * 12TB 7.2K 3.5" NL-SAS HDD (Lenovo FRU 01KP145) for the D3284 enclosure Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 17E https://support.lenovo.com/us/en/solutions/ht506451 Highlights: * updated Mellanox OFED to 4.2-1.0.0.0 * updated Intel OPA IFS to 10.6.0.0.134 - IBM Spectrum Scale RAID * updated release 4.2 to 4.2.3-PTF5 (4.2.3-5) - DSS-G code and documentation * downgraded N2226 SAS adapter firmware for storage enclosure incompatibility * reduced the number of installed packages; added boot order setup * replaced the asu64 tool by OneCli - Enhancements to address security vulnerabilities The DSS-G tarballs are now cryptographically signed with the Lenovo HPC Storage Team's OpenPGP release signing key CVE ID Resolution Component ------ ---------- --------- CVE-2013-4312 RHSA-2017:0933 kernel CVE-2013-7353 removed libpng CVE-2013-7354 removed libpng CVE-2014-8127 removed libtiff CVE-2015-7976 mitigation ntp CVE-2015-8139 mitigation ntp CVE-2015-8540 removed libpng CVE-2015-8812 RHSA-2017:0933 kernel CVE-2016-0634 RHBA-2017:2572 bash CVE-2016-1238 mitigation perl CVE-2016-2069 RHSA-2017:0933 kernel CVE-2016-2384 RHSA-2017:0933 kernel CVE-2016-2847 RHSA-2017:0933 kernel CVE-2016-3070 RHSA-2017:0933 kernel CVE-2016-3622 removed libtiff CVE-2016-3623 removed libtiff CVE-2016-3624 removed libtiff CVE-2016-3625 removed libtiff CVE-2016-3631 removed libtiff CVE-2016-3658 removed libtiff CVE-2016-4456 removed gnutls CVE-2016-4484 mitigation dracut / cryptsetup CVE-2016-4569 RHSA-2017:0933 kernel CVE-2016-4578 RHSA-2017:0933 kernel CVE-2016-4581 RHSA-2017:0933 kernel CVE-2016-4794 RHSA-2017:0933 kernel CVE-2016-5102 removed libtiff CVE-2016-5412 RHSA-2017:0933 kernel CVE-2016-5828 RHSA-2017:0933 kernel CVE-2016-5829 RHSA-2017:0933 kernel CVE-2016-6136 RHSA-2017:0933 kernel CVE-2016-6223 removed libtiff CVE-2016-6327 RHSA-2017:0933 kernel CVE-2016-6354 removed flex CVE-2016-6480 RHSA-2017:0933 kernel CVE-2016-6664 RHSA-2017:2192 mariadb CVE-2016-6828 RHSA-2017:0933 kernel CVE-2016-7167 RHSA-2017:2016 curl CVE-2016-7910 RHBA-2017:1674 kernel CVE-2016-7914 RHSA-2017:0933 kernel CVE-2016-7915 RHSA-2017:0933 kernel CVE-2016-8630 RHSA-2017:0933 kernel CVE-2016-8646 RHBA-2017:1674 kernel CVE-2016-8650 RHSA-2017:0933 kernel CVE-2016-8655 RHSA-2017:0933 kernel CVE-2016-8734 removed subversion CVE-2016-9083 RHSA-2017:0933 kernel CVE-2016-9084 RHSA-2017:0933 kernel CVE-2016-9453 removed libtiff CVE-2016-9538 removed libtiff CVE-2016-9539 removed libtiff CVE-2016-9555 RHSA-2017:0933 kernel CVE-2016-9793 RHSA-2017:0933 kernel CVE-2016-9794 RHSA-2017:0933 kernel CVE-2016-10009 RHSA-2017:2029 openssh CVE-2016-10011 RHSA-2017:2029 openssh CVE-2016-10012 RHSA-2017:2029 openssh CVE-2016-10092 removed libtiff CVE-2016-10093 removed libtiff CVE-2016-10094 removed libtiff CVE-2016-10095 removed libtiff CVE-2016-10208 RHBA-2017:1674 kernel CVE-2016-10371 removed libtiff CVE-2016-10708 RHSA-2017:2029 openssh CVE-2017-2862 removed gdk-pixbuf2 CVE-2017-2870 removed gdk-pixbuf2 CVE-2017-3142 RHBA-2017:2325 bind CVE-2017-3143 RHBA-2017:2325 bind CVE-2017-3238 RHSA-2017:2192 mariadb CVE-2017-3243 RHSA-2017:2192 mariadb CVE-2017-3244 RHSA-2017:2192 mariadb CVE-2017-3258 RHSA-2017:2192 mariadb CVE-2017-3265 RHSA-2017:2192 mariadb CVE-2017-3291 RHSA-2017:2192 mariadb CVE-2017-3302 RHSA-2017:2192 mariadb CVE-2017-3312 RHSA-2017:2192 mariadb CVE-2017-3317 RHSA-2017:2192 mariadb CVE-2017-3318 RHSA-2017:2192 mariadb CVE-2017-5225 removed libtiff CVE-2017-5563 removed libtiff CVE-2017-5986 RHBA-2017:1674 kernel CVE-2017-6074 RHSA-2017:0933 kernel CVE-2017-6214 RHBA-2017:1674 kernel CVE-2017-6312 removed gdk-pixbuf2 CVE-2017-6313 removed gdk-pixbuf2 CVE-2017-6314 removed gdk-pixbuf2 CVE-2017-6519 removed avahi CVE-2017-7308 RHBA-2017:1674 kernel CVE-2017-7475 removed cairo CVE-2017-7507 removed gnutls CVE-2017-7592 removed libtiff CVE-2017-7593 removed libtiff CVE-2017-7594 removed libtiff CVE-2017-7595 removed libtiff CVE-2017-7596 removed libtiff CVE-2017-7597 removed libtiff CVE-2017-7598 removed libtiff CVE-2017-7599 removed libtiff CVE-2017-7600 removed libtiff CVE-2017-7601 removed libtiff CVE-2017-7602 removed libtiff CVE-2017-7645 RHBA-2017:1674 kernel CVE-2017-7771 removed graphite2 CVE-2017-7772 removed graphite2 CVE-2017-7773 removed graphite2 CVE-2017-7774 removed graphite2 CVE-2017-7775 removed graphite2 CVE-2017-7776 removed graphite2 CVE-2017-7777 removed graphite2 CVE-2017-7778 removed graphite2 CVE-2017-7869 removed gnutls CVE-2017-7895 RHSA-2017:2437 kernel CVE-2017-9117 removed libtiff CVE-2017-9147 removed libtiff CVE-2017-9287 RHSA-2017:1852 openldap CVE-2017-9403 removed libtiff CVE-2017-9404 removed libtiff CVE-2017-9814 removed cairo CVE-2017-9815 removed libtiff CVE-2017-9935 removed libtiff CVE-2017-9936 removed libtiff CVE-2017-9937 removed libtiff CVE-2017-10688 removed libtiff CVE-2017-11335 removed libtiff CVE-2017-11613 removed libtiff CVE-2017-12944 removed libtiff CVE-2017-13077 removed wpa_supplicant CVE-2017-13078 removed wpa_supplicant CVE-2017-13080 removed wpa_supplicant CVE-2017-13082 removed wpa_supplicant CVE-2017-13086 removed wpa_supplicant CVE-2017-13087 removed wpa_supplicant CVE-2017-13088 removed wpa_supplicant CVE-2017-13089 RHSA-2017:3075 wget CVE-2017-13090 RHSA-2017:3075 wget CVE-2017-13726 removed libtiff CVE-2017-13727 removed libtiff CVE-2017-14482 removed emacs CVE-2017-14491 removed dnsmasq CVE-2017-14492 removed dnsmasq CVE-2017-14493 removed dnsmasq CVE-2017-14494 removed dnsmasq CVE-2017-14495 removed dnsmasq CVE-2017-14496 removed dnsmasq CVE-2017-18190 removed cups CVE-2017-1000253 RHSA-2017:2793 kernel CVE-2017-1000364 RHSA-2017:2437 kernel CVE-2017-1000379 RHSA-2017:2437 kernel ---------- DSS-G 1.1b ---------- Released 2017-09-11 Updates and fixes ----------------- - IBM Spectrum Scale RAID * updated release 4.2 to 4.2.3-PTF4 (4.2.3-4) ---------- DSS-G 1.1a ---------- Released 2017-08-30 New features ------------ - DSS-G configurations * support for Mellanox ConnectX-5 - Storage * 900GB 15K 2.5" SAS HDD (Lenovo FRU 01KP042) for the D1224 enclosure * 400GB 10DWD 2.5" SAS SSD (Lenovo FRU 00YK464) for the D1224 enclosure * 800GB 10DWD 2.5" SAS SSD (Lenovo FRU 01DC454) for the D1224 enclosure * 1.6TB 10DWD 2.5" SAS SSD (Lenovo FRU 00YK596) for the D1224 enclosure * 3.84TB 1DWD 2.5" SAS SSD (Lenovo FRU 01KP067) for the D1224 enclosure * 7.68TB 1DWD 2.5" SAS SSD (Lenovo FRU 00YK164) for the D1224 enclosure Updates and fixes ----------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 17D https://support.lenovo.com/us/en/solutions/ht505173 Highlights: * updated Mellanox OFED to 4.0-2.0.0.5 * updated Intel OPA IFS to 10.4.2.0.7 - IBM Spectrum Scale RAID * updated release 4.2 to 4.2.3-PTF3-efix2 (4.2.3-3.2) - Operating system * updated RHEL 7.2 kernel to 3.10.0-327.46.1 - DSS-G code and documentation * removed requirement for the dssg symbolic link to the fully-qualified tarball directory * added kernel parameters for less verbose bootup * added dss-onlinedisk: bring all disks in all enclosures online * dssClientConfig.sh: added -P option * dssClientConfig.sh, dssServerConfig.sh: updated to enable use of OPA/TID/RDMA * dsschfw-enclosure: improved stability * dsschfw-net: improved firmware update for Mellanox adapters and Mellanox/OPA OFED install * dssg-install: fixed mkdef -z with chdef -z * dssgcktopology: revisited to not stop on first error and skip unreachable nodes * dsslsadapters: fixed to report node name when running on localhost * dsslsfw-enclosure: fixed output; code cleaned up * genRgVdisks: fixed to not change the RG name when creating logVdisk.cfg * dssg_init.sh: added enabling OPA option ROM - Enhancements to address security vulnerabilities CVE ID Resolution Component ------ ---------- --------- CVE-2015-5203 RHSA-2017:1208 jasper CVE-2016-1867 RHSA-2017:1208 jasper CVE-2016-8654 RHSA-2017:1208 jasper CVE-2016-8690 RHSA-2017:1208 jasper CVE-2016-8691 RHSA-2017:1208 jasper CVE-2016-8692 RHSA-2017:1208 jasper CVE-2016-8693 RHSA-2017:1208 jasper CVE-2016-8883 RHSA-2017:1208 jasper CVE-2016-8885 RHSA-2017:1208 jasper CVE-2016-9131 RHSA-2017:1095 bind CVE-2016-9147 RHSA-2017:1095 bind CVE-2016-9262 RHSA-2017:1208 jasper CVE-2016-9387 RHSA-2017:1208 jasper CVE-2016-9388 RHSA-2017:1208 jasper CVE-2016-9389 RHSA-2017:1208 jasper CVE-2016-9390 RHSA-2017:1208 jasper CVE-2016-9391 RHSA-2017:1208 jasper CVE-2016-9392 RHSA-2017:1208 jasper CVE-2016-9393 RHSA-2017:1208 jasper CVE-2016-9394 RHSA-2017:1208 jasper CVE-2016-9444 RHSA-2017:1095 bind CVE-2016-9560 RHSA-2017:1208 jasper CVE-2016-9583 RHSA-2017:1208 jasper CVE-2016-9591 RHSA-2017:1208 jasper CVE-2017-2616 RHSA-2017:0907 util-linux CVE-2017-3136 RHSA-2017:1095 bind CVE-2017-3137 RHSA-2017:1095 bind CVE-2017-5461 RHSA-2017:1100 nss-util CVE-2017-7502 RHSA-2017:1365 nss CVE-2017-8779 RHBA-2017:1436 rpcbind CVE-2017-8779 RHSA-2017:1263 libtirpc CVE-2017-1000366 RHSA-2017:1481 glibc ---------- DSS-G 1.0b ---------- Released 2017-07-20 Updates and fixes ----------------- - IBM Spectrum Scale RAID * updated release 4.2 to 4.2.3-PTF1-efix3 (4.2.3-1.3) - DSS-G code and documentation * dssgcktopology: improved product ID/FRU validation of the drives * dssglsenclosure: fixed warning when no pdisks are found * genClusterRgs: fix -V option * genRgVdisks: fixed the loghome size during initial installation; simplified and improved code ---------- DSS-G 1.0a ---------- Released 2017-04-13 First DSS-G release ------------------- - Aligns with Lenovo Scalable Infrastructure (LeSI) Best Recipe release 17B https://support.lenovo.com/us/en/solutions/ht503801 Highlights: * support for Mellanox OFED 3.4-1.0.0.11 * support for Intel OPA IFS 10.3.1.0.22 - IBM Spectrum Scale RAID * release 4.2.2-PTF3-efix2 (4.2.2-3.2) - Operating system * RHEL 7.2 with kernel 3.10.0-327.46.1 - Enhancements to address security vulnerabilities CVE ID Resolution Component ------ ---------- --------- CVE-2014-4616 RHSA-2015:2101 python CVE-2014-9655 RHSA-2016:1546 libtiff CVE-2015-1547 RHSA-2016:1546 libtiff CVE-2015-3288 RHSA-2015:2152 kernel CVE-2015-5194 RHSA-2016:2583 ntp CVE-2015-5195 RHSA-2016:2583 ntp CVE-2015-5196 RHSA-2016:2583 ntp CVE-2015-5219 RHSA-2016:2583 ntp CVE-2015-7181 RHSA-2016:2779 nss CVE-2015-7182 RHSA-2016:2779 nss CVE-2015-7691 RHSA-2016:2583 ntp CVE-2015-7692 RHSA-2016:2583 ntp CVE-2015-7701 RHSA-2016:2583 ntp CVE-2015-7702 RHSA-2016:2583 ntp CVE-2015-7703 RHSA-2016:2583 ntp CVE-2015-7852 RHSA-2016:2583 ntp CVE-2015-7974 RHSA-2016:2583 ntp CVE-2015-7977 RHSA-2016:2583 ntp CVE-2015-7978 RHSA-2016:2583 ntp CVE-2015-7979 RHSA-2016:1141 ntp CVE-2015-7979 RHSA-2016:2583 ntp CVE-2015-8138 RHSA-2016:0063 ntp CVE-2015-8140 mitigation ntp CVE-2015-8158 RHSA-2016:2583 ntp CVE-2015-8325 RHSA-2016:2588 openssh CVE-2015-8767 RHSA-2016:1277 kernel CVE-2015-8803 RHSA-2016:2582 nettle CVE-2015-8804 RHSA-2016:2582 nettle CVE-2015-8805 RHSA-2016:2582 nettle CVE-2015-8870 RHSA-2017:0225 libtiff CVE-2016-0758 RHSA-2016:1033 kernel CVE-2016-0764 RHSA-2016:2581 NetworkManager CVE-2016-0772 RHBA-2016:1834 python CVE-2016-0774 RHSA-2015:2152 kernel CVE-2016-1248 RHSA-2016:2972 vim CVE-2016-2179 RHSA-2016:1940 openssl CVE-2016-2180 RHSA-2016:1940 openssl CVE-2016-2181 RHSA-2016:1940 openssl CVE-2016-2182 RHSA-2016:1940 openssl CVE-2016-2183 RHSA-2016:1940 gnutls / OpenVPN CVE-2016-2774 RHSA-2016:2590 dhcp CVE-2016-2776 RHSA-2016:1944 bind CVE-2016-2834 RHSA-2016:2779 nss CVE-2016-3075 RHSA-2016:2573 glibc CVE-2016-3119 RHSA-2016:2591 krb5 CVE-2016-3120 RHSA-2016:2591 krb5 CVE-2016-3492 RHSA-2016:2595 mariadb CVE-2016-3632 RHSA-2016:1546 libtiff CVE-2016-3841 RHSA-2016:2695 kernel CVE-2016-3945 RHSA-2016:1546 libtiff CVE-2016-3990 RHSA-2016:1546 libtiff CVE-2016-3991 RHSA-2016:1546 libtiff CVE-2016-4455 RHSA-2016:2592 subscription-manager CVE-2016-4470 RHSA-2016:1539 kernel CVE-2016-4565 RHSA-2016:1277 kernel CVE-2016-4971 RHSA-2016:2587 wget CVE-2016-4997 RHSA-2016:1847 kernel CVE-2016-4998 RHSA-2016:1847 kernel CVE-2016-5011 RHSA-2016:2605 util-linux CVE-2016-5195 RHSA-2016:2098 kernel CVE-2016-5285 RHSA-2016:2779 nss / nss-util CVE-2016-5384 RHSA-2016:2601 fontconfig CVE-2016-5410 RHSA-2016:2597 firewalld CVE-2016-5419 RHSA-2016:2575 curl CVE-2016-5420 RHSA-2016:2575 curl CVE-2016-5423 RHSA-2016:2606 postgresql CVE-2016-5424 RHSA-2016:2606 postgresql CVE-2016-5612 RHSA-2016:2595 mariadb CVE-2016-5616 RHSA-2016:2595 mariadb CVE-2016-5624 RHSA-2016:2595 mariadb CVE-2016-5626 RHSA-2016:2595 mariadb CVE-2016-5629 RHSA-2016:2595 mariadb CVE-2016-5636 RHSA-2016:2586 python CVE-2016-5652 RHSA-2017:0225 libtiff CVE-2016-5696 RHSA-2016:1633 kernel CVE-2016-5699 RHBA-2016:1834 python CVE-2016-6197 RHSA-2016:1847 kernel CVE-2016-6198 RHSA-2016:1847 kernel CVE-2016-6304 RHSA-2016:1940 openssl CVE-2016-6306 RHSA-2016:1940 openssl CVE-2016-6313 RHSA-2016:2674 libgcrypt CVE-2016-6489 RHSA-2016:2582 nettle CVE-2016-6662 RHSA-2016:2595 mariadb CVE-2016-6663 RHSA-2016:2595 mariadb CVE-2016-7039 RHSA-2016:2047 kernel CVE-2016-7091 RHSA-2016:2593 sudo CVE-2016-7426 RHSA-2017:0252 ntp CVE-2016-7429 RHSA-2017:0252 ntp CVE-2016-7433 RHSA-2017:0252 ntp CVE-2016-7545 RHSA-2016:2702 policycoreutils CVE-2016-7795 RHSA-2016:2610 systemd CVE-2016-8283 RHSA-2016:2595 mariadb CVE-2016-8610 RHSA-2017:0286 openssl CVE-2016-8635 RHSA-2016:2779 nss / nss-util CVE-2016-8864 RHSA-2016:2615 bind CVE-2016-9310 RHSA-2017:0252 ntp CVE-2016-9311 RHSA-2017:0252 ntp CVE-2016-9533 RHSA-2017:0225 libtiff CVE-2016-9534 RHSA-2017:0225 libtiff CVE-2016-9535 RHSA-2017:0225 libtiff CVE-2016-9536 RHSA-2017:0225 libtiff CVE-2016-9537 RHSA-2017:0225 libtiff CVE-2016-9540 RHSA-2017:0225 libtiff CVE-2017-3731 RHSA-2017:0286 openssl =============================================================================== End of the DSS-G release notes ===============================================================================