IBM i PTF Guide, Volume 24, Number 14
April 6, 2022 Doug Bidwell
Get your PTF patching fingers ready to roll across the keyboard because there are some new security vulnerabilities in the IBM i platform. First up, Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493), which you can learn about here.
Release 2.2.0 can be fixed by upgrading to release 2.2.1 or 2.3.0, depending on your IBM i release level:
- IBM i 7.4: Upgrade to Db2 Web Query for i 2.3.0
- IBM i 7.3: Upgrade to Db2 Web Query for i 2.3.0
- IBM i 7.2: Upgrade to Db2 Web Query for i 2.2.1
- IBM i 7.1: Upgrade to Db2 Web Query for i 2.2.1
And then there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is affected by arbitrary code execution and other attacks due to multiple vulnerabilities. Read all about it at this link.
- CVEID: CVE-2022-22310
- CVEID: CVE-2021-23450
- CVEID: CVE-2021-39038
- CVEID: CVE-2021-39031
The IBM i PTF numbers containing the fix for the CVEs:
Release 5770-SS1 PTF PTF Download Link
7.4 SI78971 https://www.ibm.com/support/pages/ptf/SI78971
7.3 SI78972 https://www.ibm.com/support/pages/ptf/SI78972
7.2 SI78973 https://www.ibm.com/support/pages/ptf/SI78973
Important: Heritage Navigator Enable and Disable Instructions, found here. The heritage Navigator is no longer started by default. The heritage Navigator is stabilized and will be removed from support completely by the end of 2022. If you have a requirement to access the heritage Navigator, follow the instructions on this page. Note: Heritage Navigator is used at your own risk. Only start for a limited time.
IBM Navigator for i, see this link. Note important updates and changes to IBM Navigator: Function Usage ID QIBM_NAV_ALL_FUNCTION changed to default of *DENIED. With today’s increased focus on security, user profiles that previously were allowed to access IBM Navigator for i function may now be restricted. To allow users access, Refer to the Function Usage ID table at IBM Navigator for i – Function Usage IDs
The Heritage Navigator running in ADMIN2 is no longer started by default. If you have a requirement to access the heritage Navigator, follow the instructions found at https://www.ibm.com/support/pages/node/6556828.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.4:
- IBM MQ for IBM i – V7.1.0/V8.0.0/V9.0.0/V9.1.0
- Java
- QMGTools
- Db2 Web Query for i V2.3.0
- DB2 Web Query for i V2.2.1
PTF Groups 7.3:
- IBM MQ for IBM i – V7.1.0/V8.0.0/V9.0.0/V9.1.0
- Java
- QMGTools
- IBM i Support_Recommended Fixes – SMTP
- Db2 Web Query for i V2.3.0
- DB2 Web Query for i V2.2.1
PTF Groups 7.2:
- Java
- QMGTools
- DB2 Web Query for i V2.2.1
PTF Groups 7.1:
- DB2 Web Query for i V2.2.1
To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the IBM i PTF Guide that has the latest information on what you need to worry about and do about it when it comes to this vulnerability. You can download the Log4j spreadsheet at this link. And by the way, it is the same sheet as last week because there were no changes this week, at least of publication date.
New (or Updated) links added to the ‘Links’ tab in the guide this week:
- RTVSYSVAL: Retrieve System Value (RTVSYSVAL) N/A
- WAS: How to download WebSphere Application Server – Express V8.5.5 from Passport Advantage Online 603469
New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:
New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:
Tips/Definitions: A reminder that there are no-cost versions of Java, and here are a few examples:
- https://adoptopenjdk.net/
- https://aws.amazon.com/corretto/
- https://developer.ibm.com/languages/java/semeru-runtimes/downloads
- https://adoptium.net/
The Guide at a glance: There are no new defectives this week (04/02/22). Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------- 7.4 2/16/22 MF69373 MA49558 MF69650 (Read the link in the guide!) MF69241 7.3 2/16/22 SI78508 SE77164 SI78674 (Read the link in the guide!) 7.2 12/08/21 SI77634 SE73420 SI78039 (Read the link in the guide!) 7.1 07/29/19 SI69653 SE71807 SI70603 (5733SC1, OpenSSH, available!)
Be sure to access the link in the Guide for further details.
Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:
April 2, 2022: Volume 24, Number 14
March 26, 2022: Volume 24, Number 13
March 19, 2022: Volume 24, Number 12
March 12, 2022: Volume 24, Number 11
March 5, 2022: Volume 24, Number 10
February 26, 2022: Volume 24, Number 9
February 19, 2022: Volume 24, Number 8
February 12, 2022: Volume 24, Number 7
February 5, 2022: Volume 24, Number 6
January 29, 2022: Volume 24, Number 5
January 22, 2022: Volume 24, Number 4
January 15, 2022: Volume 24, Number 3
January 8, 2022: Volume 24, Number 2
January 1, 2022: Volume 24, Number 1
December 6, 2021: Volume 23, Number 48
November 20, 2021: Volume 23, Number 47
November 13, 2021: Volume 23, Number 46
November 6, 2021: Volume 23, Number 45
October 30, 2021: Volume 23, Number 44
October 23, 2021: Volume 23, Number 43
October 16, 2021: Volume 23, Number 42
October 9, 2021: Volume 23, Number 41
October 2, 2021: Volume 23, Number 40
September 25, 2021: Volume 23, Number 39
September 18, 2021: Volume 23, Number 38
September 11, 2021: Volume 23, Number 37
September 4, 2021: Volume 23, Number 36
August 28, 2021: Volume 23, Number 35
August 21, 2021: Volume 23, Number 34
August 14, 2021: Volume 23, Number 33
August 7, 2021: Volume 23, Number 32
July 31, 2021: Volume 23, Number 31
July 24, 2021: Volume 23, Number 30
July 17, 2021: Volume 23, Number 29
July 10, 2021: Volume 23, Number 28
July 3, 2021: Volume 23, Number 27
June 26, 2021: Volume 23, Number 26
June 19, 2021: Volume 23, Number 25
June 12, 2021: Volume 23, Number 24
June 5, 2021: Volume 23, Number 23
June 5, 2021: Volume 23, Number 22
May 22, 2021: Volume 23, Number 21
May 15, 2021: Volume 23, Number 20
May 8, 2021: Volume 23, Number 19
May 1, 2021: Volume 23, Number 18
April 24, 2021: Volume 23, Number 17
April 17, 2021: Volume 23, Number 16
April 10, 2021: Volume 23, Number 15
April 3, 2021: Volume 23, Number 14
March 27, 2021: Volume 23, Number 13
March 20, 2021: Volume 23, Number 12
March 13, 2021: Volume 23, Number 11
March 6, 2021: Volume 23, Number 10
February 27, 2021: Volume 23, Number 9
February 20, 2021: Volume 23, Number 8
February 13, 2021: Volume 23, Number 7
February 6, 2021: Volume 23, Number 6
January 31, 2021: Volume 23, Number 5
January 23, 2021: Volume 23, Number 4
January 16, 2021: Volume 23, Number 3
January 9, 2021: Volume 23, Number 2
January 2, 2021: Volume 23, Number 1
December 26, 2020: Volume 22, Number 52
December 19, 2020: Volume 22, Number 51
December 12, 2020: Volume 22, Number 50
December 5, 2020: Volume 22, Number 49
November 28, 2020: Volume 22, Number 48
November 20, 2020: Volume 22, Number 47
November 14, 2020: Volume 22, Number 46
November 7, 2020: Volume 22, Number 45
October 31, 2020: Volume 22, Number 44
October 24, 2020: Volume 22, Number 43
October 17, 2020: Volume 22, Number 42
October 10, 2020: Volume 22, Number 41
October 3, 2020: Volume 22, Number 40
September 26, 2020: Volume 22, Number 39
September 19, 2020: Volume 22, Number 38
September 12, 2020: Volume 22, Number 37
September 5, 2020: Volume 22, Number 36
August 29, 2020: Volume 22, Number 35
August 22, 2020: Volume 22, Number 34
August 15, 2020: Volume 22, Number 33
August 9, 2020: Volume 22, Number 32
August 1, 2020: Volume 22, Number 31
July 25, 2020: Volume 22, Number 30
July 18, 2020: Volume 22, Number 29
July 11, 2020: Volume 22, Number 28
July 4, 2020: Volume 22, Number 27
June 27, 2020: Volume 22, Number 26
June 20, 2020: Volume 22, Number 25
June 13, 2020: Volume 22, Number 24
June 6, 2020: Volume 22, Number 23
May 30, 2020: Volume 22, Number 22
May 23, 2020: Volume 22, Number 21
May 16, 2020: Volume 22, Number 20
May 9, 2020: Volume 22, Number 19
May 2, 2020: Volume 22, Number 18
April 25, 2020: Volume 22, Number 17
April 18, 2020: Volume 22, Number 16
April 11, 2020: Volume 22, Number 15
April 4, 2020: Volume 22, Number 14
March 30, 2020: Volume 22, Number 13
March 23, 2020: Volume 22, Number 12