Download
Abstract
This document lists the fixes contained in IBM Cloud Pak® System Version 2.3.3.4
Download Description
To download Version 2.3.3.4, go to the IBM Cloud Pak System product page on IBM Fix Central.
Version 2.3.3.4 includes fixes for these security vulnerabilities:
| Component | Security bulletin link | CVEs | Description |
|---|---|---|---|
| Db2 | Security Bulletin |
CVE-2020-4976, CVE-2021-29752, CVE-2021-29763, CVE-2021-29825
|
Db2 is affected by multiple vulnerabilities (September 15, 2021) |
| Security Bulletin | CVE-2020-5024, CVE-2020-5025, CVE-2020-4976 | Db2 is affected by multiple vulnerabilities | |
| Security Bulletin | CVE-2021-29777, CVE-2021-20579, CVE-2021-29703, CVE-2020-4885, CVE-2020-4945 | Db2 is affected by multiple vulnerabilities (June 23, 2021) | |
| IBM SDK Java | Security Bulletin |
CVE-2020-27221
|
IBM SDK, Java Technology Edition Quarterly CPU - Jan 2021 - Includes Oracle Jan 2021 CPU plus CVE-2020-27221 |
| Security Bulletin | CVE-2021-2161 | IBM SDK, Java Technology Edition Quarterly CPU - Apr 2021 - Includes Oracle Apr 2021 CPU minus CVE-2021-2163 | |
| Security Bulletin | CVE-2021-2369, CVE-2021-2432 | IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341) | |
| Security Bulletin |
CVE-2021-35556, CVE-2021-35559,
CVE-2021-35560,
CVE-2021-35564, CVE-2021-35565,
CVE-2021-35578,
CVE-2021-35586, CVE-2021-35588, CVE-2021-41035
|
IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU | |
| Go lang | Security Bulletin | CVE-2020-29652, CVE-2020-28851, CVE-2020-28852 | Multiple vulnerabilities in Go lang |
| Security Bulletin | CVE-2021-31525 | Go lang go (Publicly disclosed vulnerability) | |
| Security Bulletin | CVE-2021-34558 | Go lang go - CVE-2021-34558 (Publicly disclosed vulnerability) | |
| VMWare | Security Bulletin |
CVE-2021-21972, CVE-2021-21973
|
VMWare (Publicly disclosed vulnerability) |
| Security Bulletin | CVE-2021-21974 | Vulnerability identified in VMware component affects IBM Cloud Pak System | |
| Security Bulletin | CVE-2021-21985, CVE-2021-21986, CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22006, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22016, CVE-2021-22017 | Multiple Vulnerabilities in VMware vCenter affect IBM Cloud Pak System | |
| Security Bulletin | CVE-2021-21994 | VMWare - CVE-2021-21994 (Publicly disclosed vulnerability) | |
| Security Bulletin | CVE-2021-21995 | VMWare - CVE-2021-21995 (Publicly disclosed vulnerability) | |
| Intel products | Security Bulletin | CVE-2021-0144 | Intel Xeon and Intel Core products privilege escalation |
| Log4J | Security Bulletin | CVE-2021-4104 | Log4j - CVE-2021-4104 (Publicly disclosed vulnerability) |
| Crypto algorithms | Security Bulletin | CVE-2021-20479 | IBM Cloud Pak System uses weaker-than-expected cryptographic algorithms |
| Apache | Security Bulletin | CVE-2021-36090 | Apache Commons Compress - CVE-2021-36090 (Publicly disclosed vulnerability) |
The following tables contain the Authorized Program Analysis Reports (APARs) and other fixes that are included in this release. If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.3.3.4.
IBM Cloud Pak System APARs
| APAR | APAR Description |
|---|---|
| IT30182 |
Cloud Group with the datastore in External storage does not contain I/O stats.
|
| IT32241 | IP Groups can be deleted even if a user has only read-only permissions. |
| IT35040 | Db2 part middleware role stuck in STARTING state for DSM pattern after Virtual System instance restart. |
| IT36576 | Delete a snapshot also removes the VSI while not providing the snapshot ID in the URL. |
| IT36631 | The chargeback report returns incorrect information. |
| IT36724 | Time zone or time issue RHEL7 Core OS images. |
| IT36760 | Retrieve snapshot not working as expected on multi-rack setup. |
| IT36789 | Unable to deploy patterns. |
| IT36866 | Re-create a deleted ownership of an instance. |
| IT37389 | Unable to view directory contents in CPS file viewer because of browser language settings. |
| IT37452 | The CLI function not working as expected for the customer. |
| IT37512 | The Multicloud Environment profile disappeared but instances still refer to it. |
| IT38094 | Remove a range of IP addresses in an IP Group that is not logged on the Audit log and not displayed as a Security Event. |
| IT38607 | HTTP Strict Transport Security (HSTS) Policy Not Enabled. |
| The username or password is invalid when you open EP details. | |
| Memory leak goferd. | |
| Script packages no longer execute after you move VM by using Workload Mobility. | |
| IT39303 | Call home was not created after an LED error was observed on the system, and high availability (HA) did not handle the compute node issue. |
| IT39311 | Workload Mobility replaces the Virtual System Pattern name with the Virtual System Instance name in /0config/topology.json |
| IT39348 | Error ID = 989007: Unable to send to the cloud call home servers. |
| IT39366 | Workload migration failures when the destination is 2.3.3.3 interim fix 1. |
| IT39399 | Workload Mobility ESX VMKernel Configuration on source and target not reverted after Workload Migration. |
| IT39403 | Access rights problem with password policy problem at several environment profiles. |
| The hostname of the VM is not shown on the VSI details page. | |
| IT39441 | A nonadministrative user cannot grant another user rights to its own instances after IBM Cloud Pak System 2.3.3.3 upgrade. |
|
An issue occurs after you move a compute node from a Cloud Group to HA - “CWZIP1302E The storage_volume xxx attached to node yyy is not accessible”.
|
|
| Unexpected CLI login exception after incorrect credentials are provided. | |
| CLI - Issue when you add user groups with spaces in the group name. | |
| IT40266 | Incorrect error message when a user attempts to create an existing environment profile on the multidomain environment. |
| IT40419 | IMM collection set for SN550 and SR630 nodes is not consumable. |
| IT40642 | Different behavior in creating WebSphere node certificates on multiple systems of IBM Cloud Pak System. |
| IT40949 | SN550 UEFI upgrade. |
| IT42598 | Upgrade issue with Db2 11.5.6.0 due to new license validation check. |
Off
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFQSV","label":"IBM Cloud Pak System Software"},"ARM Category":[],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"2.3.3","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
03 March 2023
UID
ibm16510124