IBM i PTF Guide, Volume 24, Number 23

June 8, 2022 Doug Bidwell

Welcome to this week’s edition of the IBM i PTF Guide. We start out with a correction to the Technology Refresh tab in the spreadsheet, where the “LIC Resave” values that were for 7.4 TR6 and 7.3 TR12 were based on an IBM site that was itself incorrect. That site has since been corrected, and now we have corrected the information in the sheet. Many thanks to Jeff at IBM for catching this!

And now, a bevy of Security Bulletins – four different vulnerabilities that affect the IBM i platform, to be specific.

First, we have Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414), see here for details. The PTFs by release to fix this are:

Desc			Rls	Grp			PTF
IBM Db2 Mirror for i	7.5	SF99951 level 1		SI79449
IBM Db2 Mirror for i	7.4	SF99668 level 19	SI79448

Second, there is Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785), which you can analyze here. The PTFs by release to fix this are:

Desc			Rls	Grp			PTF
IBM Db2 Mirror for i	7.5	SF99951 level 1		SI79449
IBM Db2 Mirror for i	7.4	SF99668 level 19	SI79448

Third, take a look at Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225. More information at this link. The PTFs by release to fix this are:

Desc			Rls	Grp			PTF
IBM Db2 Mirror for i	7.5	SF99951 level 1		SI77900
IBM Db2 Mirror for i	7.4	SF99668 level 17	SI77899

And finally, fourth, take a gander at Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker obtaining sensitive information and other attacks due to multiple vulnerabilities. You can get the details at this link. The PTFs by release to fix this are:

IBM i Release, 5770-JV1 	Group PTF Number 	Level
7.5	                        SF99955 	        Level 1
7.4	                        SF99665 	        Level 14
7.3	                        SF99725 	        Level 25
7.2	                        SF99716 	        Level 35

Here is the rundown of PTF Groups by IBM i release level since we last published, with IBM i 7.5 added in since it has been shipping for two weeks now:

PTF Groups 7.5:

• HIPERs (High Impact/Pervasive)
• IBM HTTP Server for i
• QMGTOOLS

PTF Groups 7.4:

• HIPERs (High Impact/Pervasive)
• DB2 for IBM i
• QMGTOOLS

PTF Groups 7.3:

• HIPERs (High Impact/Pervasive)
• DB2 for IBM i
• QMGTOOLS

PTF Groups 7.2:

• QMGTOOLS

PTF Groups 7.1:

• Nothing here.

New (or Updated) links added to the ‘Links’ tab in the guide this week:

• Nope

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

• Nadda

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

• You have enough to do already, right?

The Guide at a glance: There are no new defectives this week (06/04/22). Here is the defective PTF rundown, which is the last defective for each release:

	Defect		Defective	APAR	Fixing
	Date		PTF			PTF
	--------	--------	-------	-------
7.5	06/03/22	SI78809		SE78003	SI80094 (When available)
7.4	06/03/22	SI79097		SE78003	SI80093 (When available)
7.3	06/03/22	SI79186		SE78003	SI80092 (When available)
7.2	12/08/21	SI77634		SE73420	SI78039	(Read the link in the guide!)
7.1	07/29/19	SI69653		SE71807	SI70603 (5733SC1, OpenSSH, available!)

Be sure to access the link in the Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

June 4, 2022: Volume 24, Number 23

May 28, 2022: Volume 24, Number 22

May 25, 2022: Volume 24, Number 21

May 14, 2022: Volume 24, Number 20

May 7, 2022: Volume 24, Number 19

April 30, 2022: Volume 24, Number 18

April 23, 2022: Volume 24, Number 17

April 16, 2022: Volume 24, Number 16

April 2, 2022: Volume 24, Number 14

March 26, 2022: Volume 24, Number 13

March 19, 2022: Volume 24, Number 12

March 12, 2022: Volume 24, Number 11

March 5, 2022: Volume 24, Number 10

February 26, 2022: Volume 24, Number 9

February 19, 2022: Volume 24, Number 8

February 12, 2022: Volume 24, Number 7

February 5, 2022: Volume 24, Number 6

January 29, 2022: Volume 24, Number 5

January 22, 2022: Volume 24, Number 4

January 15, 2022: Volume 24, Number 3

January 8, 2022: Volume 24, Number 2

January 1, 2022: Volume 24, Number 1

December 6, 2021: Volume 23, Number 48

November 20, 2021: Volume 23, Number 47

November 13, 2021: Volume 23, Number 46

November 6, 2021: Volume 23, Number 45

October 30, 2021: Volume 23, Number 44

October 23, 2021: Volume 23, Number 43

October 16, 2021: Volume 23, Number 42

October 9, 2021: Volume 23, Number 41

October 2, 2021: Volume 23, Number 40

September 25, 2021: Volume 23, Number 39

September 18, 2021: Volume 23, Number 38

September 11, 2021: Volume 23, Number 37

September 4, 2021: Volume 23, Number 36

August 28, 2021: Volume 23, Number 35

August 21, 2021: Volume 23, Number 34

August 14, 2021: Volume 23, Number 33

August 7, 2021: Volume 23, Number 32

July 31, 2021: Volume 23, Number 31

July 24, 2021: Volume 23, Number 30

July 17, 2021: Volume 23, Number 29

July 10, 2021: Volume 23, Number 28

July 3, 2021: Volume 23, Number 27

June 26, 2021: Volume 23, Number 26

June 19, 2021: Volume 23, Number 25

June 12, 2021: Volume 23, Number 24

June 5, 2021: Volume 23, Number 23

June 5, 2021: Volume 23, Number 22

May 22, 2021: Volume 23, Number 21

May 15, 2021: Volume 23, Number 20

May 8, 2021: Volume 23, Number 19

May 1, 2021: Volume 23, Number 18

April 24, 2021: Volume 23, Number 17

April 17, 2021: Volume 23, Number 16

April 10, 2021: Volume 23, Number 15

April 3, 2021: Volume 23, Number 14

March 27, 2021: Volume 23, Number 13

March 20, 2021: Volume 23, Number 12

March 13, 2021: Volume 23, Number 11

March 6, 2021: Volume 23, Number 10

February 27, 2021: Volume 23, Number 9

February 20, 2021: Volume 23, Number 8

February 13, 2021: Volume 23, Number 7

February 6, 2021: Volume 23, Number 6

January 31, 2021: Volume 23, Number 5

January 23, 2021: Volume 23, Number 4

January 16, 2021: Volume 23, Number 3

January 9, 2021: Volume 23, Number 2

January 2, 2021: Volume 23, Number 1

December 26, 2020: Volume 22, Number 52

December 19, 2020: Volume 22, Number 51

December 12, 2020: Volume 22, Number 50

December 5, 2020: Volume 22, Number 49

November 28, 2020: Volume 22, Number 48

November 20, 2020: Volume 22, Number 47

November 14, 2020: Volume 22, Number 46

November 7, 2020: Volume 22, Number 45

October 31, 2020: Volume 22, Number 44

October 24, 2020: Volume 22, Number 43

October 17, 2020: Volume 22, Number 42

October 10, 2020: Volume 22, Number 41

October 3, 2020: Volume 22, Number 40

September 26, 2020: Volume 22, Number 39

September 19, 2020: Volume 22, Number 38

September 12, 2020: Volume 22, Number 37

September 5, 2020: Volume 22, Number 36

August 29, 2020: Volume 22, Number 35

August 22, 2020: Volume 22, Number 34

August 15, 2020: Volume 22, Number 33

August 9, 2020: Volume 22, Number 32

August 1, 2020: Volume 22, Number 31

July 25, 2020: Volume 22, Number 30

July 18, 2020: Volume 22, Number 29

July 11, 2020: Volume 22, Number 28

July 4, 2020: Volume 22, Number 27

June 27, 2020: Volume 22, Number 26

June 20, 2020: Volume 22, Number 25

June 13, 2020: Volume 22, Number 24

June 6, 2020: Volume 22, Number 23

May 30, 2020: Volume 22, Number 22

May 23, 2020: Volume 22, Number 21

May 16, 2020: Volume 22, Number 20

May 9, 2020: Volume 22, Number 19

May 2, 2020: Volume 22, Number 18