Lenovo XClarity Essentials UpdateXpress (For AnyOS)

Change History

Lenovo XClarity Essentials UpdateXpress 
Change History

For installation instructions, see the Install Tip file which is provided 
in the downloaded software package.
NOTE:  This document is designed to be cumulative.  The current version
is appended to the previous version(s).

==========================================================================
Version 3.4.0, Build ID 01h
Release date: [12/2021]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkServer SR660 V2/SR668 V2    7D6L
  - Lenovo ThinkServer SR588 V2/SR590 V2    7D53
  - Lenovo ThinkServer DN8848 V2            7D6A,7D8U

New OS Versions Support
  - Red Hat Enterprise Linux 8.5

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019, Windows 2022
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade electron from 13.1.2 to 13.4.0

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade the embedded OneCLI to 3.4.0 version
2. Add the Release Date column for each package in the result table of Update Selection
3. Enable firmware update from HTTP/HTTPS server

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 3.3.0, Build ID 01k
Release date: [8/2021]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkServer SR590 V2	     7D53
  - Lenovo ThinkServer SR660 V2	     7D6L
  - Lenovo ThinkServer DN8848 V2     7D6A,7D6H

New OS Versions Support
  - Microsoft Windows Server 2022
  - Red Hat Enterprise Linux 8.4
  - SUSE Linux Enterprise Server 15 SP3

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019, Windows 2022
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade electron from 12.0.2 to 13.1.2

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade the embedded OneCLI to 3.3.0 version
2. Update BMC/UEFI firmware on ThinkSystem SR635 and SR655

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 3.2.0, Build ID 01i
Release date: [6/2021]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkAgile VX Series	     7Z62,7Z63
  - Lenovo ThinkAgile HX Series	     7D0W,7D0Y,7D0Z,7D11,7D52,7Z82,7Z84,7Z85
  - Microsoft Azure Edge Device      7D6Q
  - Lenovo DXN2000 Storage           7D5W

New OS Versions Support
  - None

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade electron from 11.1.0 to 12.0.2

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade embedded OneCLI to 3.2.0 version
2. Run with administrator privilege by default on Windows

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 3.1.2, Build ID 01d
Release date: [5/2021]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkSystem SR630 V2              7Z70,7Z71
  - Lenovo ThinkSystem SR650 V2              7Z72,7Z73
  - Lenovo ThinkSystem ST650 V2/ST658 V2     7Z74,7Z75,7Z76
  - Lenovo ThinkSystem SN550 V2              7Z69
  - Lenovo ThinkSystem SD630 V2              7D1K
  - Lenovo ThinkSystem SD650 V2              7D1M
  - Lenovo ThinkSystem SD650-N V2            7D1N
  - Lenovo ThinkSystem SR670 V2              7Z22,7Z23

New OS Versions Support
  - None

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 3.1.0, Build ID 01r
Release date: [3/2021]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkAgile VX Series      7D1Y

New OS Versions Support
  - Red Hat Enterprise Linux 8.3

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade curl from 7.69.1 to 7.74.0
2. Upgrade openssl from 1.1.1g to 1.1.1i
3. Upgrade electron from 9.2.1 to 11.1.0

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade OneCLI to 3.1.0 version
2. Allow user to specify the certificate (PEM) for HTTPS proxy server
3. Display user friendly name for each update package
4. Prompt certification’s finger print for user acceptance before uploading logs to sftp server
5. Add options to configure BMC Rest port and CIM port on Update Setting page
6. Add pop-up message to notify user to enable Lan-over-USB

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 3.0.1, Build ID 01g
Release date: [11/2020]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkSystem SR850 V2                     7D31,7D32,7D33
  - Lenovo ThinkSystem SR860 V2                     7Z59,7Z60,7D42
  - Lenovo ThinkServer SR588                        7D4M
  - Lenovo ThinkServer SR860P                       7D5D
  - Lenovo WH5900 Appliance                         7D5V
  - Lenovo ThinkAgile VX Series                     7D43
  - Lenovo ThinkAgile HX Series                     7D46,7D4R,7D5U
  - Lenovo ThinkSystem DX1100U Gateway              7D49
  - Lenovo ThinkSystem DX1100U Performance/Capacity 7D4A

New OS Versions Support
  - Red Hat Enterprise Linux 7.9

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade electron from 9.0.0 to 9.2.1

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade the embedded OneCLI to version 3.0.1

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 3.0.0, Build ID 01m
Release date: [08/2020]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkServer SR590     7D4M
  - Lenovo ThinkAgile HX Series  7D1Z,7D20,7D2T,7D29
  - Lenovo ThinkAgile MX Series  7D5R,7D5S,7D5T
        
New OS Versions Support
  - Red Hat Enterprise Linux 8.2
  - SUSE Linux Enterprise Server 15 SP2

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade openssl from 1.1.1d to 1.1.1g
2. Upgrade electron from 8.1.0 to 9.0.0

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade the embedded OneCLI to version 3.0.0
2. Show RAID capability dynamically
3. Add version information in the product name banner
4. Add message to remind user to run UpdateXpress with administrator privilege

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 2.9.0, Build ID 01h
Release date: [05/2020]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkAgile VX Series                    7Z12/7Z13
  - Lenovo ThinkAgile MX Certified Node on SE350   7D2U
        
New OS Versions Support 
  - Red Hat Enterprise Linux 7.8

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade curl from 7.67.0 to 7.69.1
2. Upgrade electron from 7.1.2 to 8.1.0

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade the embedded OneCLI to version 2.9.0

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 2.8.0, Build ID 01k
Release date: [02/2020]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkSystem SR645   7D2X/7D2Y
  - Lenovo ThinkSystem SR665   7D2V/7D2W
  - Lenovo ThinkAgile MX1021   7D1B
        
New OS Versions Support 
  - Red Hat Enterprise Linux 8.1
  - SUSE Linux Enterprise Server 12 SP5

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade openssl from 1.0.2r to 1.1.1d
2. Upgrade curl from 7.65.3 to 7.67.0
3. Upgrade electron from 6.0.7 to 7.1.2

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
1. After successful QLogic card driver update and OS reboot the driver version is not updated to the latest.
https://datacentersupport.lenovo.com/us/en/solutions/ht509433

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade the embedded OneCLI to version 2.8.0

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 2.7.0, Build ID 01k
Release date: [11/2019]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkSystem SR850P        7D2F/7D2G/7D2H
  - Lenovo ThinkSystem SE350         7D27
  - Lenovo ThinkAgile MX 3321        7D1H
  - Lenovo ThinkAgile MX 1221        7D2E
  - Lenovo ThinkAgile VX6520/VX6521  7D2Z
        
New OS Versions Support 
  - Red Hat Enterprise Linux 7.7

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade curl from 7.65.1 to 7.65.3
2. Upgrade libssh2 from 1.8.2 to 1.9.0
3. Upgrade electron from 4.2.1 to 6.0.7

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
1. UpdateXpress 2.5.0 and 2.6.0 fail to acquire packages via HTTP proxy server anonymously

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Show the OneCLI command to be executed at the end of GUI wizard so that user can run the corresponding action from a command line or in automation script
2. Enhance logging for better troubleshooting of UpdateXpress runtime issue
3. Upgrade the embedded OneCLI to version 2.7.0

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 2.6.0, Build ID 01m
Release date: [07/2019]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkSystem SE350    7Z46/7D1X
        
New OS Versions Support
  - Red Hat Enterprise Linux 8
  - SUSE Linux Enterprise Server 15 SP1

Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7/8, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. Upgrade openssl from 1.0.2p to 1.0.2r
2. Upgrade libssh2 from 1.8.0 to 1.8.2
3. Upgrade curl from 7.60.0 to 7.65.1
4. Upgrade electron from 4.0.0 to 4.2.1

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade OneCLI to 2.6.0

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 2.5.0, Build ID 01q
Release date: [4/2019]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkAgile VX Series   7Z58
        
Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. CVE-2018-7643: The display_debug_ranges function in dwarf.c in GNU
Binutils 2.30 allows remote attackers to cause a denial of service
(integer overflow and application crash) or possibly have unspecified
other impact via a crafted ELF file, as demonstrated by objdump.
2. CVE-2018-7642: The swap_std_reloc_in function in aoutx.h in the Binary
File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
2.30, allows remote attackers to cause a denial of service
(aout_32_swap_std_reloc_out NULL pointer dereference and application crash)
via a crafted ELF file, as demonstrated by objcopy.
3. CVE-2018-7569: dwarf2.c in the Binary File Descriptor (BFD) library
(aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers
to cause a denial of service (integer underflow or overflow, and application
crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.
4. CVE-2018-7568: The parse_die function in dwarf1.c in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30,
allows remote attackers to cause a denial of service (integer overflow and
application crash) via an ELF file with corrupt dwarf1 debug information,
as demonstrated by nm.
5. CVE-2018-7208: In the coff_pointerize_aux function in coffgen.c in the
Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Binutils 2.30, an index is not validated, which allows remote attackers to
cause a denial of service (segmentation fault) or possibly have unspecified
other impact via a crafted file, as demonstrated by objcopy of a COFF object.
6. CVE-2018-8945: The bfd_section_from_shdr function in elf.c in the Binary
File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30,
allows remote attackers to cause a denial of service (segmentation fault) via
a large attribute section.
7. CVE-2018-5803: In the Linux Kernel before version 4.15.8, 4.14.25,
4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()"
function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can
be exploited to cause a kernel crash.
8. CVE-2018-1120: A flaw was found affecting the Linux kernel before
version 4.17. By mmap()ing a FUSE-backed file onto a process's memory
containing command line arguments (or environment strings), an attacker
can cause utilities from psutils or procps (such as ps, w) or any other
program which makes a read() call to the /proc/<pid>/cmdline
(or /proc/<pid>/environ) files to block indefinitely (denial of service)
or for some controlled time (as a synchronization primitive for other attacks).
9. CVE-2018-1094: The ext4_fill_super function in fs/ext4/super.c in the
Linux kernel through 4.15.15 does not always initialize the crc32c checksum
driver, which allows attackers to cause a denial of service
(ext4_xattr_inode_hash NULL pointer dereference and system crash) via a
crafted ext4 image.
10. CVE-2018-1092: The ext4_iget function in fs/ext4/inode.c in the Linux
kernel through 4.15.15 mishandles the case of a root directory with a zero
i_links_count, which allows attackers to cause a denial of service
(ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted
ext4 image.
11. CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(),
a denial of service, and a system crash by mounting and operating on a
crafted ext4 filesystem image.
12. CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an
out-of-bound access in the ext4_ext_drop_refs() function when operating on
a crafted ext4 filesystem image.
13. CVE-2018-16658: An issue was discovered in the Linux kernel before 4.18.6.
An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c
could be used by local attackers to read kernel memory because a cast from
unsigned long to int interferes with bounds checking. This is similar to
CVE-2018-10940.
14. CVE-2018-14634: An integer overflow flaw was found in the Linux
kernel's create_elf_tables() function. An unprivileged local user with
access to SUID (or otherwise privileged) binary could use this flaw to
escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x
and 4.14.x are believed to be vulnerable.
15. CVE-2018-14633: A security flaw was found in the chap_server_compute_md5()
function in the ISCSI target code in the Linux kernel in a way an
authentication request from an ISCSI initiator is processed. An
unauthenticated remote attacker can cause a stack buffer overflow and
smash up to 17 bytes of the stack. The attack requires the iSCSI target to
be enabled on the victim host. Depending on how the target's code was built
(i.e. depending on a compiler, compile flags and hardware architecture)
an attack may lead to a system crash and thus to a denial-of-service
or possibly to a non-authorized access to data exported by an iSCSI target.
Due to the nature of the flaw, privilege escalation cannot be fully ruled
out, although we believe it is highly unlikely. Kernel versions 4.18.x,
4.14.x and 3.10.x are believed to be vulnerable.
16. CVE-2018-18559: In the Linux kernel through 4.19, a use-after-free
can occur due to a race condition between fanout_add from setsockopt and
bind on an AF_PACKET socket. This issue exists because of the
15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race
condition. The code mishandles a certain multithreaded case involving
a packet_do_bind unregister action followed by a packet_notifier register
action. Later, packet_release operates on only one of the two applicable
linked lists. The attacker can achieve Program Counter control.
17. CVE-2018-18445: In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x,
and 4.18.x before 4.18.13, faulty computation of numeric bounds in the
BPF verifier permits out-of-bounds memory accesses because
adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit
right shifts.

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
1. Fix problem that UpdateXpress cannot download W2K19 packages
2. Fix problem that an error message dialog will pop up when running
   UpdateXpress on Windows 

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade OneCLI to 2.5.0.
2. Support remote RAID configuration

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None


==========================================================================
Version 2.4.0, Build ID 01k
Release date: [10/2018]
==========================================================================

--------------------------------------------------------------------------
1.0 Overview
--------------------------------------------------------------------------
New Systems Support
  - Lenovo ThinkSystem SR150/SR158 7Y54/7Y55
  - Lenovo ThinkSystem SR250/SR258 7Y51/7Y52/7Y53/7Y72/7Y73
  - Lenovo ThinkSystem ST250/ST258 7Y45/7Y46/7Y47
  - Lenovo ThinkAgile HX Series    7Z06/7Z07
  - Lenovo ThinkAgile MX Series    7Z20

New OS Versions Support 
  - Microsoft Windows Server 2019
        
Supported Systems:
  - ThinkSystem
  - Lenovo System X
See section "Supported hardware components" in User Guide for details.
                    
Supported OS Versions:
  - Windows: Windows 7/8/10, Windows 2012, Windows 2008 R2/2012 R2,
             Windows 2016 (no support on Nano), Windows 2019
  - Linux: Rhel 7, Sles 12/15
See section "Supported operating systems" in User Guide for details.

Supported configurations can be found on the Lenovo Operating System 
Interoperability Guide at the following website: 
https://lenovopress.com/osig 

--------------------------------------------------------------------------
2.0 Prerequisites and dependencies
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
3.0 Security Fixes
--------------------------------------------------------------------------
1. CVE-2017-18208: The madvise_willneed function in mm/madvise.c in the
Linux kernel before 4.14.4 allows local users to cause a denial of service
(infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.

2. CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7
allows local users to cause a denial of service (memory consumption) via
many read accesses to files in the /sys/class/sas_phy directory, as
demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.

3. CVE-2018-1066: The Linux kernel before version 4.11 is vulnerable to a
NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that
allows an attacker controlling a CIFS server to kernel panic a client that
has this server mounted, because an empty TargetInfo field in an NTLMSSP
setup negotiation response is mishandled during session recovery.

4. CVE-2018-7740: The resv_map_release function in mm/hugetlb.c in the
Linux kernel through 4.15.7 allows local users to cause a denial of
service (BUG) via a crafted application that makes mmap system calls and
has a large pgoff argument to the remap_file_pages system call.

5. CVE-2018-5803: In the Linux Kernel before version 4.15.8, 4.14.25,
4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()"
function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can
be exploited to cause a kernel crash.

6. CVE-2018-12904: In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2,
when nested virtualization is used, local attackers could cause L1 KVM
guests to VMEXIT, potentially allowing privilege escalations and denial
of service attacks due to lack of checking of CPL.

7. CVE-2017-18270: In the Linux kernel before 4.13.5, a local user could
create keyrings for other users via keyctl commands, setting unwanted
defaults or causing a denial of service.

8. CVE-2018-1000199: The Linux Kernel version 3.18 contains a dangerous
feature vulnerability in modify_user_hw_breakpoint() that can result in
crash and possibly memory corruption. This attack appear to be
exploitable via local code execution and the ability to use ptrace. This
vulnerability appears to have been fixed in git commit
f67b15037a7a50c57f72e69a6d59941ad90a0f0f.

9. CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c in the
Linux kernel before 4.12.9 allows local users to cause a denial of service
(use-after-free) or possibly have unspecified other impact via crafted
system calls.

10. CVE-2018-1087: kernel KVM before versions kernel 4.16, kernel
4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is
vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled
exceptions delivered after a stack switch operation via Mov SS or Pop SS
instructions. During the stack switch operation, the processor did not
deliver interrupts and exceptions, rather they are delivered once the
first instruction after the stack switch is executed. An unprivileged KVM
guest user could use this flaw to crash the guest or, potentially,
escalate their privileges in the guest.

11. CVE-2017-18270: In the Linux kernel before 4.13.5, a local user could
create keyrings for other users via keyctl commands, setting unwanted
defaults or causing a denial of service.

12. CVE-2018-1130: Linux kernel before version 4.16-rc7 is vulnerable to a
null pointer dereference in dccp_write_xmit() function in net/dccp/output.c
in that allows a local user to cause a denial of service by a number of
certain crafted system calls.

13. CVE-2018-10940: The cdrom_ioctl_media_changed function in
drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local
attackers to use a incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

14. CVE-2018-3620: Systems with microprocessors utilizing speculative
execution and address translations may allow unauthorized disclosure
of information residing in the L1 data cache to an attacker with local
user access via a terminal page fault and a side-channel analysis.

15. CVE-2018-3646: Systems with microprocessors utilizing speculative
execution and address translations may allow unauthorized disclosure of
information residing in the L1 data cache to an attacker with local user
access with guest OS privilege via a terminal page fault and a side-channel
analysis.

--------------------------------------------------------------------------
4.0 Other Fixes
--------------------------------------------------------------------------
1. Fixed Warning message of lacking prerequisite SUP but it does exists.

--------------------------------------------------------------------------
5.0 Enhancements
--------------------------------------------------------------------------
1. Upgrade OneCLI to 2.4.0.
2. Enhance the algorithm of determining the prerequisite level for UEFI & IMM & XCC update packages.

--------------------------------------------------------------------------
6.0 Other Changes
--------------------------------------------------------------------------
None

--------------------------------------------------------------------------
7.0 Limitations
--------------------------------------------------------------------------
None

==========================================================================
Version 2.3.0
Release Date: [6/29/2018]
  o New Features
    - Update OneCLI to 2.3.0
    - Support SLES 15
    - Show Legal Information

  o New System Support
    - Lenovo ThinkAgile HX Series 7Z02/7Z03/7Z04/7Z05/7Z08/7Z09/7Y87/7Y88/7Y89/7Y90/7Y95/7Y96
    - Lenovo ThinkAgile VX Series 7Y91/7Y92/7Y93/7Y94/7Z12/7Z13
    - Lenovo ThinkSystem SR670 7Y36/7Y37/7Y38 (supported on 9/14/2018)

  o Problem(s) Fixed
    N/A

  o Security fix:
    N/A

  o Limitations
    N/A

Version 2.2.0
Release Date: [3/9/2018]
  o New Features
    - Upgrade OneCLI to 2.2.0

  o New System Support
    - Lenovo ThinkSystem SD650 DWC Server
    - Lenovo ThinkAgile VX Series

  o Problem(s) Fixed
    N/A
  
  o Security fix:
    1. Upgrade curl to 7.57.0 to resolve CVE-2017-1000257: libcurl contains a buffer overrun flaw in the IMAP handler. 

  o Limitations
    N/A

Version 2.1.0:
  - Upgrade OneCLI to 2.1.0
  - Add remote Update Support for System x

Version 2.0.0:
  - Upgrade OneCLI to 2.0.0
  - Add ThinkSystem servers support
  - Add remote Update Support For ThinkSystem
  - Add certificate and key check before connecting to remote system

Version 1.4.0:
  - Upgrade OneCLI to 1.4.0

Version 1.3.1:
  - Initial Release