* * * README * * *
               * * * Veritas Operations Manager 7.1 * * *
                         * * * Patch 300 * * *
                         Patch Date: 2016-09-29


This document provides the following information:

   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * PACKAGES AFFECTED BY THE PATCH
   * BASE PRODUCT VERSIONS FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLATION PRE-REQUISITES
   * INSTALLING THE PATCH
   * REMOVING THE PATCH


PATCH NAME
----------
Veritas Operations Manager 7.1 Patch 300


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
AIX 6.1 ppc
AIX 7.1 ppc
AIX 7.2
RHEL5 i686
RHEL5 x86-64
RHEL6 x86-64
RHEL7 x86-64
SLES10 x86-64
SLES11 x86-64
SLES12 x86-64
Solaris 10 SPARC
Solaris 10 X86
Solaris 11 SPARC
Solaris 11 X86
Windows Server 2012 R2 X64
Windows 2012 X64
Windows Server 2008 R2 X64
Windows 2008 X64



BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
   * Veritas Operations Manager 7.1.0.0


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: vom-HF0710300
* 3874671 (3877660) Audit events are logged 6 hours different to the actual event time.
* 3876741 (3877426) 'Operation in Progress' while doing Enclosure un-configuration.
* 3876961 (3889392) vbs is getting offline and reconfigured repeatedly
* 3878021 (3889402) VOM is spawning multiple perl.exe perl.bin
* 3878874 (3889597) Removing the pagination for VCS logs wizard
* 3879128 (3881253) Solaris Logical Domains are not visible under Virtualization
Perspective.
* 3879219 (3898018) Kernel message: program vxdclid is using a deprecated SCSI
ioctl, please convert it to SG_IO.
* 3879635 (3889903) CP7 does not report as installed properly.
* 3880002 (3879999) Web server crash due to policy check rescans.
* 3880298 (3889400) VBS resource dependency was removed on VOM GUI after a AppHA server reboot.
* 3880516 (3889763) After at_migration.pl on VIOM CMS getting error V-394-4095-803
that 'You are not authorized to perform this action'.
* 3880720 (3880927) OpenSSL security vulnerabilities CVE-2016-21**
* 3882240 (3892026) Wrong output in Performance View for CPU Utilization for AIX MH.
* 3889533 (3896534) API for disk/volume not showing data
* 3890097 (3896540) Create Volume operation failing.
* 3891147 (3892217) sfha6.2.1.100 patch was not recognized after install llt/gab patches.
* 3891425 (3893702) Tomcat Fileupload (CVE-2016-3092) vulnerability in VIOM.
* 3894201 (3898851) VIOM is not able to discover multi-paths for Netapp C-MODE Disks.
* 3894318 (3900764) Disable the use of TLSv1.0 protocol for port 5634 vulnerability.
* 3894849 (3894848) GUI log in fails with error "Server is unreachable. Please try
again after some time.
* 3895769 (3895914) Veritas Infoscale Operations Manager Vulnerabilities.
* 3898907 (3899549) Veritas Resiliency Platform Enablement Addon failed to get installed on Solaris Managed Host


DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:

Patch ID: vom-HF0710300

* 3874671 (Tracking ID: 3877660)

SYMPTOM:
Audit Events have difference of 6 hours as compare to actual event time.

DESCRIPTION:
Time for the audit event is less than six hours to actual event time.

RESOLUTION:
The difference of +6 hours time is because PostgreSQL patch is
missing and postgreSQLs
/opt/VRTSsfmcs/pgsql/share/postgresql/timezone/Europe/Moscow is
having this issue. Fixed the Moscow time zone.

* 3876741 (Tracking ID: 3877426)

SYMPTOM:
Unconfigure Device windows shows 'Operation in Progress' for long time.

DESCRIPTION:
While performing unconfiguration of an enclosure, you may see
Unconfigure Device windows shows 'Operation in Progress' for long time.

RESOLUTION:
Fixed the broken DB Stored Procedure.

* 3876961 (Tracking ID: 3889392)

SYMPTOM:
vbs is getting offline and reconfigured repeatedly

DESCRIPTION:
Suspecting that sometime database query to fetch the vbs configured host not
return any data

RESOLUTION:
Added the fix to re-execute the query after 10 sec if no data return previously

* 3878021 (Tracking ID: 3889402)

SYMPTOM:
VOM is spawning multiple perl.exe perl.bin

DESCRIPTION:
VOM is spawning multiple perl.exe perl.bin , it is observed that vbsdeploy -verify
& vbsdeploy -deploy process does not exits sometime

RESOLUTION:
Added preventive fix in VOM to exits vbsdeploy -verify process after 30 sec and
vbsdeploy -deploy if these process did not exits
actual fix is provided in private vbsdeploy.pl script

* 3878874 (Tracking ID: 3889597)

SYMPTOM:
Even though 200 lines of logs are showing on single page wizard , pagination is
showing for wizard

DESCRIPTION:
Even though 200 lines of logs are showing on single page wizard , pagination is
incorrectly showing for wizard.
Logs are populated from file and not from databases, in VOM framework pagination
feature is not implemented for data populated from file

RESOLUTION:
Removing the pagination , we are showing logs on single page

* 3879128 (Tracking ID: 3881253)

SYMPTOM:
Do not see Solaris Logical Domains under Virtualization Perspective.

DESCRIPTION:
After adding Logical Domains to VIOM; it is not visible under
Virtualization Perspective due to length of the hostid of Oracle T4-1B blade server.

RESOLUTION:
Converted hostid from numeric to string by prefixing 'hid'.

* 3879219 (Tracking ID: 3898018)

SYMPTOM:
Kernel message appears when execute 'vxlist' command on Linux server.

DESCRIPTION:
Kernel message like 'program vxdclid is using a deprecated SCSI ioctl, please
convert it to SG_IO' when execute 'vxlist' command on Linux server.

RESOLUTION:
Issue was in gvdid shared library while matching kernel version. Fixed the version
matching issue.

* 3879635 (Tracking ID: 3889903)

SYMPTOM:
VOM GUI reporting that the CP7 is partially installed.

DESCRIPTION:
VOM GUI reporting that the CP7 is partially installed.

RESOLUTION:
Return correct CP status for each CP. On SFW 6.0.1 when multiple CP's
are installed, script was returning partially installed status even if CP is
installed properly.

* 3880002 (Tracking ID: 3879999)

SYMPTOM:
Not able to run policy check scans.

DESCRIPTION:
If policy check scans are run, this causes the web server to crash.

RESOLUTION:
Replaced threads based policy check scans by quartz based scheduler.

* 3880298 (Tracking ID: 3889400)

SYMPTOM:
VBS resource dependency was removed on VOM GUI after a AppHA server reboot.

DESCRIPTION:
It looks like that after guest is rebooted , discovery failed to get the
Application configuration in app.conf file and delete all the objects.
Added the fix to not delete the ApplicationHA configuration

RESOLUTION:
Added the fix to not delete the ApplicationHA configuration.

* 3880516 (Tracking ID: 3889763)

SYMPTOM:
You can not perform any operation on MHs.

DESCRIPTION:
There are multiple issues
1. Sometimes java.exe process is not killed on Windows CMS.
2. Changed location of 'SystemDefaultTrustDirectory' on Windows MHs.
3. Issues in migration when CMS is Windows and MHs are UNIX.

RESOLUTION:
1. Killing java.exe process forcefully.
2. Using correct location of 'SystemDefaultTrustDirectory'.
3. Modified at_migration.pl so that when this is pushed to UNIX MHs, does not face
execution issue.

* 3880720 (Tracking ID: 3880927)

SYMPTOM:
OpenSSL security vulnerabilities CVE-2016-21**

DESCRIPTION:
OpenSSL security vulnerabilities CVE-2016-21**

RESOLUTION:
Upgraded OpenSSL version to 1.0.2h

* 3882240 (Tracking ID: 3892026)

SYMPTOM:
Performance View for CPU Utilization for AIX MH sometimes wrongly shows 100% spikes.

DESCRIPTION:
Performance View for CPU Utilization for AIX MH sometimes wrongly shows 100% spikes.

RESOLUTION:
Corrected parsing logic of vmstat CLI output to correctly compute CPU Utilization.

* 3889533 (Tracking ID: 3896534)

SYMPTOM:
API showing error when disk/volume information is queried.

DESCRIPTION:
VIOM API when executed via host > diskgroups, does not show information on
upgraded
VIOM CS from VIOM 7.0 to VIOM 7.1

RESOLUTION:
Corrected columns required for disk/volume API to show output properly

* 3890097 (Tracking ID: 3896540)

SYMPTOM:
Create volume operation wizard shows blank page

DESCRIPTION:
Create Volume wizard shows blank page when operation is launched on host having SF
with patch

RESOLUTION:
Corrected SF version check to allow operation on host with SF patch installed

* 3891147 (Tracking ID: 3892217)

SYMPTOM:
sfha6.2.1.100 patch was not recognized after install llt/gab patches.

DESCRIPTION:
Some SFHA patches were not getting recognized by VIOM after you install llt/gab
patches.

RESOLUTION:
Fixed the script to recognize sfha6.2.1.100 patch.

* 3891425 (Tracking ID: 3893702)

SYMPTOM:
Tomcat Fileupload (CVE-2016-3092) vulnerability in VIOM.

DESCRIPTION:
commons-fileupload.jar version 1.3.1 is affected with CVE-2016-3092
vulnerability.

RESOLUTION:
Upgraded commons-fileupload.jar to version 1.3.2

* 3894201 (Tracking ID: 3898851)

SYMPTOM:
VIOM GUI does not show all paths for Netapp C-MODE Disks attached to Servers.

DESCRIPTION:
VIOM GUI does not show all paths for Netapp C-MODE Disks attached to Servers.

RESOLUTION:
Made changes in gvdid to discover multi paths for Netapp C-MODE Disks. The fix is
available for AIX, Linux and Windows only.

* 3894318 (Tracking ID: 3900764)

SYMPTOM:
TLS is capable of using a multitude of ciphers (algorithms) to create 
the public and private key pairs. For example if TLSv1.0 uses either the RC4
stream cipher, or a block cipher in CBC mode. RC4 is known to have biases and
the
block cipher in CBC mode is vulnerable to the POODLE attack.

DESCRIPTION:
TLS is capable of using a multitude of ciphers (algorithms) to create 
the public and private key pairs. For example if TLSv1.0 uses either the RC4
stream cipher, or a block cipher in CBC mode. RC4 is known to have biases and
the
block cipher in CBC mode is vulnerable to the POODLE attack.
TLSv1.0, if configured to use the same cipher suites as SSLv3, includes a 
means by which a TLS implementation can downgrade the connection to SSL v3.0,
thus
weakening security.

RESOLUTION:
There is now option to disable the use of TLSv1.0 protocol in favor of a
cryptographically stronger protocol such as TLSv1.2.


To disable TLSv1.0 in VIOM, you should apply this patch to CMS and to all MHs.
If you have some older version MHs, please upgrade them to 7.1 and apply the
patch.

Then, follow below steps to disable TLSv1.0 after applying the patch.

1. Windows CMS
a) Open C:\ProgramData\Symantec\VRTSsfmcs\sec\systemprofile\VRTSatlocal.conf
   Set value of "AllowTLSV1"=dword:00000000
   Save and close the conf file.

b) Open C:\ProgramData\Symantec\VRTSsfmh\sec\systemprofile\VRTSatlocal.conf
   Set value of "AllowTLSV1"=dword:00000000
   Save and close the conf file.

c) Restart AT and XPRTLD
   cd C:\Program Files\Veritas\VRTSsfmcs\bin
   vomsc --stop at
   vomsc --stop xprtld
   vomsc --start at
   vomsc --start xprtld

2. Linux CMS
a) Open /var/opt/VRTSsfmcs/sec/root/.VRTSat/profile/VRTSatlocal.conf
   Set value of "AllowTLSV1"=dword:00000000
   Save and close the conf file.

b) Open /var/opt/VRTSsfmh/sec/root/.VRTSat/profile/VRTSatlocal.conf
   Set value of "AllowTLSV1"=dword:00000000
   Save and close the conf file.

c) Restart AT and XPRTLD
   cd /opt/VRTSsfmcs/bin
   ./vomsc --stop at
   ./vomsc --stop xprtld
   ./vomsc --start at
   ./vomsc --start xprtld

* 3894849 (Tracking ID: 3894848)

SYMPTOM:
Login in VIOM GUI fails when login with LDAP user.

DESCRIPTION:
When login with LDAP user in VIOM GUI, you see error "Server is
unreachable. Please try again after some time". When you refresh the browser, you
see that login is success.

RESOLUTION:
Increased the login page time out.

* 3895769 (Tracking ID: 3895914)

SYMPTOM:
1. VULNERABILITY: Remote Command Execution via VIOM.
2. VULNERABILITY: Unauthenticated Blind SQL Injection via VIOM.

DESCRIPTION:
1. VULNERABILITY: Remote Command Execution via VIOM
- An authenticated, unprivileged user can execute arbitrary commands as root
using remote 
command injection.  This can lead to full compromise of the system.

2. VULNERABILITY: Unauthenticated Blind SQL Injection via VIOM
- An unauthenticated user can execute arbitrary commands using SQL injection. On
Linux 
this command runs as an unprivileged user.  On Windows this command runs as SYSTEM.

RESOLUTION:
1. VULNERABILITY: Remote Command Execution via VIOM
- VIOM scripts have been fixed to not allow command execution from unauthorized
users.

2. VULNERABILITY: Unauthenticated Blind SQL Injection via VIOM
- VIOM scripts have been fixed to not allow Blind SQL Injection.

* 3898907 (Tracking ID: 3899549)

SYMPTOM:
Veritas Resiliency Platform Enablement Addon failed to get installed on Solaris Managed Host 
because the hostguid of Managed Host is changed.

DESCRIPTION:
Veritas Resiliency Platform Enablement Addon failed to get installed on Solaris Managed Host 
because the hostguid on Managed Host is changed. So also, there was duplicate entry of the 
Managed Host in addon deployment view.

RESOLUTION:
Corrected logic of regeneration of hostguid logic to consider if all the MAC ids are changed. 
Corrected VCS discovery to report the hostguid which is reported by HOST discovery, to avoid 
duplicate entry in addon deployment view.



INSTALLING THE PATCH
--------------------
IMPORTANT NOTE : Please take a backup of the database using the instructions given in the Admin guide before installing this Hotfix.

This Hotfix is applicable for VOM 7.1 Managed Hosts as well as VOM 7.1 Management Server.


1. Download the file vom-7.1.0.300.sfa
2. Launch a browser and login to the VIOM management server.
3. Navigate to Settings ->            Deployment Icon.
4. Upload the Hotfix to the VIOM CMS using the "Upload Solutions" button.
   The Hotfix vom-7.1.0.300 should be visible in the Hot Fixes tree node.
5. Please install this Hotfix on CS using the following instructions:
    - Go to Settings ->           Deployment ->           Hot Fixes ->           Veritas Infoscale Operations Manager Managed Host.
    - Click on Hot Fixes Tab. Click on Applicable Hosts Tab.
    - Right click on CS Name and click on Install.


REMOVING THE PATCH
------------------
Un-installation and rollback of this Hotfix is supported only on Solaris 10 and AIX platforms.


SPECIAL INSTRUCTIONS
--------------------
NONE

OTHERS
------
Fixes of below incidents have been added to this cumulative patch vom-HF0710300.
3880720, 3894318, 3879219, 3894201, 3898907