IBM i PTF Guide, Volume 20, Number 3: Important Update For Spectre/Meltdown - IT Jungle

IBM i PTF Guide, Volume 20, Number 3: Important Update For Spectre/Meltdown

January 22, 2018 Doug Bidwell

There has been an important development in the area of the Spectre and Meltdown security vulnerabilities as it relates to Power Systems. As you can see from this follow-on notice from January 15, IBM’s Product Security Incident Response Team (PSIRT) has these vulnerabilities classified as “High Severity,” which is more a reflection about the potential threat they represent, given the nature of speculative execution of Power (and other) processors, rather than because of an actual exploit that is in the wild that is using these vulnerabilities to get access to unauthorized information on systems.

We have a little more information to add to the ongoing Spectre and Meltdown saga this week. We are repeating the licensed internal code (LIC) PTFs that are available for each of the releases:
These must be ordered individually, but are not as yet included in either the HIPER or Security PTF Groups. (That seemed strange last week and still is strange this week!)

In the cover letters for the LIC PTFs, it states that they can be put on with an IPL, but do not completely mitigate the issue(s) until the Power Systems firmware is patched as well. And then things get even more strange. As we pointed out last week, there are firmware patches for Power8 and Power7+ systems, but it is for firmware, not as we in IBM i Land would expect, which would be in the form of an “MH” PTF. Those can require a disruptive install, meaning an IPL. This Sunday, we see that these MH-class PTFs are out.

For OS managed firmware systems:

The Power8 and Power8+ firmware fix for SC860_138_056/FW860.42 is MH01739.

The Power7 and Power7+ firmware fix for AL770_120_032/FW770.91 is MH01740.

Both the appropriate OS PTF and the firmware fix are required to completely mitigate the risk from the vulnerability. The best resource for firmware updates is the following link: http://www-01.ibm.com/support/docview.wss?uid=isg3T1026811.

There was no other activity this week in PTF Land.

As usual, we have included an archive of the IBM i PTF Guide to help you work through the PTFs in chronological order, which you can see below:

January 20, 2018: Volume 20, Number 03

January 13, 2018: Volume 20, Number 02

January 3, 2018: Volume 20, Number 01

December 30, 2017: Volume 19, Number 52

December 23, 2017: Volume 19, Number 51

December 16, 2017: Volume 19, Number 50

December 9, 2017: Volume 19, Number 49

December 2, 2017: Volume 19, Number 48

November 18, 2017: Volume 19, Number 46

November 11, 2017: Volume 19, Number 45

November 4, 2017: Volume 19, Number 44

October 28, 2017: Volume 19, Number 43

October 21, 2017: Volume 19, Number 42

October 14, 2017: Volume 19, Number 41

October 7, 2017: Volume 19, Number 40

September 30, 2017: Volume 19, Number 39

September 23, 2017: Volume 19, Number 38

September 16, 2017: Volume 19, Number 37

September 9, 2017: Volume 19, Number 36

September 2, 2017: Volume 19, Number 35

August 26, 2017: Volume 19, Number 34

August 19, 2017: Volume 19, Number 33

August 12, 2017: Volume 19, Number 32

August 5, 2017: Volume 19, Number 31

July 29, 2017: Volume 19, Number 30

July 22, 2017: Volume 19, Number 29

July 15, 2017: Volume 19, Number 28

July 1, 2017: Volume 19, Number 26

June 24, 2017: Volume 19, Number 25

June 17, 2017: Volume 19, Number 24

June 10, 2017: Volume 19, Number 23

June 3, 2017: Volume 19, Number 22

May 27, 2017: Volume 19, Number 21

May 20, 2017: Volume 19, Number 20

May 13, 2017: Volume 19, Number 19

May 6, 2017: Volume 19, Number 18

April 29, 2017: Volume 19, Number 17

April 22, 2017: Volume 19, Number 16

April 15, 2017: Volume 19, Number 15

April 8, 2017: Volume 19, Number 14

April 1, 2017: Volume 19, Number 13

March 25, 2017: Volume 19, Number 12

March 18, 2017: Volume 19, Number 11

March 11, 2017: Volume 19, Number 10

March 4, 2017: Volume 19, Number 9

February 25, 2017: Volume 19, Number 8

February 18, 2017: Volume 19, Number 7

February 11, 2017: Volume 19, Number 6

February 4, 2017: Volume 19, Number 5

January 28, 2017: Volume 19, Number 4

January 21, 2017: Volume 19, Number 3

January 14, 2017: Volume 19, Number 2

January 7, 2017: Volume 19, Number 1

December 24, 2016: Volume 18, Number 52

December 17, 2016: Volume 18, Number 51

December 10, 2016: Volume 18, Number 50

December 3, 2016: Volume 18, Number 49

November 26, 2016: Volume 18, Number 48

November 19, 2016: Volume 18, Number 47

November 12, 2016: Volume 18, Number 46

November 5, 2016: Volume 18, Number 45

October 29, 2016: Volume 18, Number 44

October 22, 2016: Volume 18, Number 43

October 15, 2016: Volume 18, Number 42

October 8, 2016: Volume 18, Number 41

October 1, 2016: Volume 18, Number 40

September 24, 2016: Volume 18, Number 39

September 17, 2016: Volume 18, Number 38

September 10, 2016: Volume 18, Number 37

September 3, 2016: Volume 18, Number 36

August 27, 2016: Volume 18, Number 35

August 20, 2016: Volume 18, Number 34

August 13, 2016: Volume 18, Number 33

August 6, 2016: Volume 18, Number 32

July 30, 2016: Volume 18, Number 31

July 23, 2016: Volume 18, Number 30

July 16, 2016: Volume 18, Number 29

July 9, 2016: Volume 18, Number 28

July 2, 2016: Volume 18, Number 27

June 25, 2016: Volume 18, Number 26

June 18, 2016: Volume 18, Number 25

June 11, 2016: Volume 18, Number 24

June 4, 2016: Volume 18, Number 23

May 28, 2016: Volume 18, Number 22

May 21, 2016: Volume 18, Number 21

May 14, 2016: Volume 18, Number 20

May 7, 2016: Volume 18, Number 19

April 30, 2016: Volume 18, Number 18

April 23, 2016: Volume 18, Number 17

April 16, 2016: Volume 18, Number 16

April 9, 2016: Volume 18, Number 15

April 2, 2016: Volume 18, Number 14

March 26, 2016: Volume 18, Number 13

March 19, 2016: Volume 18, Number 12

March 12, 2016: Volume 18, Number 11

March 5, 2016: Volume 18, Number 10

February 27, 2016: Volume 18, Number 9

February 22, 2016: Volume 18, Number 8

February 13, 2016: Volume 18, Number 7

February 6, 2016: Volume 18, Number 6

January 30, 2016: Volume 18, Number 5

January 23, 2016: Volume 18, Number 4

January 16, 2016: Volume 18, Number 3

January 9, 2016: Volume 18, Number 2

January 2, 2016: Volume 18, Number 1

December 26, 2015: Volume 17, Number 52

December 19, 2015: Volume 17, Number 51

December 12, 2015: Volume 17, Number 50

December 5, 2015: Volume 17, Number 49

November 28, 2015: Volume 17, Number 48

November 21, 2015: Volume 17, Number 47

November 14, 2015: Volume 17, Number 46

November 7, 2015: Volume 17, Number 45
Share this:
Reddit
Facebook
LinkedIn
Twitter
Email
Tags: Tags: Meltdown, PTF, PTF Guide, Spectre
Sponsored by
New Generation Software
IBM i Query & Analytics?

Watch an on-demand video:

Replacing DB2 Web Query and Query/400

Are you still relying on IBM’s Query/400 or planning to replace DB2 Web Query? Even if both tools have served you well, it’s time to move ahead with a fully supported solution: NGS-IQ.

NGS-IQ affordably simplifies and automates query, reporting, and data visualization.

We’re committed to support and education, whether you work in a small or large enterprise.

www.ngsi.com – 800-824-1220
Share this:
Reddit
Facebook
LinkedIn
Twitter
Email
The IBM i Base Is Ready To Move On Up Four Hundred Monitor, January 24
2 thoughts on “IBM i PTF Guide, Volume 20, Number 3: Important Update For Spectre/Meltdown”
- Jozsef Torok says:
  
  January 24, 2018 at 2:40 pm
  
  Hi Doug,
  Nice work on covering the Spectre/Meltdown saga for IBM i and POWER.
  
  We check the PSIRT and Fix Central sites regularly, and have yet to see any news on this for IBM i 6.1 and POWER6. I also raised a PMR, asking when those may be made available.
  All I got back was to take note of the the note in the security bulletin http://www-01.ibm.com/support/docview.wss?uid=nas8N1022433 – “IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.”
  We are in the process of upgrading to IBM i 7.2, and hopefully to POWER8 near the end of this year. But in the meantime we still need to run with IBM i 6.1 (on Extended Support) on POWER6. Are you able to shed any light on possible fixes for these?
  
  Thanks,
  Jozsef
  
  Reply
- Jozsef Torok says:
  
  February 7, 2018 at 2:30 pm
  
  Hello again,
  My earlier question has been answered by a PSIRT post dated 31 January – https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
  
  IBM will not be providing any patches for POWER6, nor IBM i 6.1.
  On the positive side, it provides us with further justification to upgrade to POWER8 sooner, or even POWER9 if it transpires that IBM releases a POWER9 in Q1 2018 that will also run IBM i and AIX.
  
  Reply
Leave a Reply Cancel reply