------------------------------------------------------------------------------- Fix Number: FJSVfsep-WAD-16-1601-0.el9.s390x Product Names and Versions: FUJITSU Enterprise Postgres WebAdmin 16 *1 *1 It is bundled to the server package of the following product. Fujitsu Software Enterprise Postgres Advanced Edition 16 SP1 for Linux on Z Creation date: 10.09.2024 ------------------------------------------------------------------------------- [High Risk Activity] The Customer acknowledges and agrees that the Product is designed, developed and manufactured as contemplated for general use, including without limitation, general office use, personal use, household use, and ordinary industrial use, but is not designed, developed and manufactured as contemplated for use accompanying fatal risks or dangers that, unless extremely high safety is secured, could lead directly to death, personal injury, severe physical damage or other loss (hereinafter "High Safety Required Use"), including without limitation, nuclear reaction control in nuclear facility, aircraft flight control, air traffic control, mass transport control, medical life support system, missile launch control in weapon system. The Customer, shall not use the Product without securing the sufficient safety required for the High Safety Required Use. In addition, Fujitsu (or other affiliate's name) shall not be liable against the Customer and/or any third party for any claims or damages arising in connection with the High Safety Required Use of the Product. Product and company names mentioned in this manual are the trademarks or registered trademarks of their respective owners. Copyright 2024 FUJITSU LIMITED ------------------------------------------------------------------------------- [Notes] - This is the readme for RHEL 9. - This patch can be applied only to the WebAdmin. - Please ensure that the following steps are carried out before applying or restoring this patch. - Do not set the library path of FUJITSU Enterprise Postgres (*1) to the environment variable(*2). (*1) /lib (*2) LD_LIBRARY_PATH. - Please stop WebAdmin and the instance before applying or removing the patch. - Please set up WebAdmin after applying or removing the patch. - Please start WebAdmin and the instance after applying or removing the patch. - This patch modifies the System V IPC parameter settings on the database server when WebAdmin creates and deletes instances. Therefore, setting the System V IPC parameter is required if you want to remove instances created before this patch is applied after this patch is applied, and if you want to remove instances created after this patch is applied after this patch is restored. (1) If an instance created before this patch is removed after this patch is applied, add the following values to the System V IPC parameter after the instance is removed. - kernel.sem 2nd parameter: 17 (addition) - kernel.sem 4th parameter: 1 (addition) (2) If you want to remove an instance created after applying this patch after restoring this patch, add and subtract the following values to the System V IPC parameters after removing the instance. - kernel.shmall: ((21335936+<30% of database server memory(byte)>) *1.05/4096)+1 (addition) - kernel.sem 2nd parameter: 17 (subtraction) - kernel.sem 4th parameter: 1 (subtraction) ------------------------------------------------------------------------------- [Patch Description] The following fixes are included in this patch: Fix Number: FJSVfsep-WAD-16-1601-0.el9.s390x 01 PH24015 [ ]Security failure [ ]Serious failure ([ ]Degradation) [ ]Incompatibility does not exist / [*]Incompatibility exists - Frequency ([ ]Always / [ ]Rarely / [*]Irregularly) - Description 1. Even if the number of login failures in WebAdmin exceeds the OS limit, it is not locked. 2. Users who are locked in the OS can log in to WebAdmin using their login information. - Requirements to reproduce this issue 1. [Environment] The following OS is used. - Linux [Occurrence Condition] This error may occur when the following conditions are met: 1) The OS is set to limit the number of login failures. and 2) The user used by WebAdmin is not locked by the OS. and 3) An OS user and an incorrect password attempt to log in more than the limit. 2. To WebAdmin using login information of user locked in OS Login allowed. [Environment] The following OS is used. - Linux [Occurrence Condition] This error may occur when the following conditions are met: 1) The user used by WebAdmin is locked by the OS. and 2) An attempt is made to log in to WebAdmin by using the login information of a locked OS user. - Action Fix the authentication process for WebAdmin on the Linux server. - Compatibility Information - Summary In WebAdmin, repeated login failures with the same user may lock that user. - Environment 1) Apply emergency amendments including PH24015. and 2) For Linux OS. and 3) The maximum number of failures is set as the OS security policy. - Products combination of this compatibility problem If an emergency amendment including PH24015 is applied and the conditions specified in Occurrence Conditions apply. - Reason of conflictions The specification was modified to perform login authentication according to the OS security policy. - Impacts If login attempts continue to fail, the user may be locked. - Functional items (Summary, Before/After of migration) The behavior is different if login fails continuously. [Before] This can be repeated as many times as necessary, even if the login continues to fail. [After] If you have set a limit on the number of failed attempts, the user will be locked and will not be able to log in from anyone other than WebAdmin. - Preventive Method If your account is locked due to an authentication failure, ask your system administrator to unlock it. - Back out method of the functions None. - User action It is the same as the Preventive Method. 02 PH24026 [ ]Security failure [ ]Serious failure ([ ]Degradation) [ ]Incompatibility does not exist / [*]Incompatibility exists - Frequency ([*]Always / [ ]Rarely / [ ]Irregularly) - Description There was a problem that the communication between browser and WebAdmin, and between WebAdmin could not be encrypted and client authentication by TLS. - Requirements to reproduce this issue 1) When using WebAdmin - Action Implement HTTPS and client authentication in WebAdmin. - Compatibility Information 1)HTTPS and client authentication setup questions are added to the WebAdminSetup command. 2)HTTPS and client authentication settings must be the same in multi-server configuration. 3)The following data need to be backup when uninstalling WebAdmin. webAdminInstallDir/tomcat/keystore webAdminInstallDir/tomcat/conf/server.xml 03 PH24027 [*]Security failure [ ]Serious failure ([ ]Degradation) [*]Incompatibility does not exist / [ ]Incompatibility exists - Frequency ([*]Always / [ ]Rarely / [ ]Irregularly) - Description This fix applies Apache Tomcat changes to the product. - Requirements to reproduce this issue This fix applies Apache Tomcat 9.0.93 changes to the product. Please also refer the changelog for the Apache Tomcat to check the details. https://tomcat.apache.org/tomcat-9.0-doc/changelog.html - Action Apply Apache Tomcat changes to the product. - Compatibility Information None. ------------------------------------------------------------------------------- [List of fixed files] Files replaced by the patch: