IBM i PTF Guide, Volume 24, Number 24

June 15, 2022 Doug Bidwell

If it seems like just about every week there is a security vulnerability within the broad and deep expanse of the IBM i platform, well it isn’t just seeming like that. It is like that. And this week we start out with four news ones that you have to contend with in the IBM i PTF Guide.

First, we have Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950). Find out more about that at this link. Here are the patches that address this vulnerability:

Affected Releases	Group PTF and Minimum Level for Remediation
IBM i 7.5		SF99671 level 6
IBM i 7.4		SF99654 level 6
IBM i 7.3		SF99533 level 6

Second, peruse Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785). Read all about it on this page. Patches are as follows:

Affected Releases	Group PTF/Minimum Level		PTF
7.5			SF99951 level 1			SI79449
7.4			SF99668 level 19		SI79448

Third, we present to you Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225. Get the scoop on this at this link right here. Get your PTFs for this one:

Affected Releases	Group PTF/Minimum Level		PTF
7.5			SF99951 level 1			SI77900
7.4			SF99668 level 17		SI77899		

And fourth, you will find Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414), and you can find out more about this vulnerability here and these are you patches:

Affected Releases	Group PTF/Minimum Level		PTF
7.5			SF99951 level 1			SI79449
7.4			SF99668 level 19		SI79448	

Now, here is another thing: There is an Official Support Statement for the IBM WebSphere Application Server Product on the IBM i OS, which is IBM Document Number 645523. If you are running WAS in any version, you are gonna want to read this!!!

Here is the rundown of PTF Groups by IBM i release level since we last published, with IBM i 7.5 added in since it has been shipping for several weeks now:

PTF Groups 7.5:

• Db2 Web Query for i V2.3.0
• QMGTOOLS

PTF Groups 7.4:

• Db2 Web Query for i V2.3.0
• Fix list for IBM WebSphere Application Server Liberty
• QMGTOOLS

PTF Groups 7.3:

• Db2 Web Query for i V2.3.0
• Fix list for IBM WebSphere Application Server Liberty
• QMGTOOLS

PTF Groups 7.2:

• QMGTOOLS

PTF Groups 7.1:

• Zilch

New (or Updated) links added to the ‘Links’ tab in the guide this week:

• Nadda

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

• Zip

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

• Nothing here.

Tips/Definitions: Drink lots of water, change your socks, take Advil for pain, carry on. . . .

The Guide at a glance: There are no new defectives this week (06/11/22). Here is the defective PTF rundown, which is the last defective for each release:

	Defect		Defective	APAR	Fixing
	Date		PTF			PTF
	--------	--------	-------	-------
7.5	06/03/22	SI78809		SE78003	SI80094 (When available)
7.4	06/03/22	SI79097		SE78003	SI80093 (When available)
7.3	06/03/22	SI79186		SE78003	SI80092 (When available)
7.2	12/08/21	SI77634		SE73420	SI78039	(Read the link in the guide!)
7.1	07/29/19	SI69653		SE71807	SI70603 (5733SC1, OpenSSH, available!)

Be sure to access the link in the Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

June 11, 2022: Volume 24, Number 24

June 4, 2022: Volume 24, Number 23

May 28, 2022: Volume 24, Number 22

May 25, 2022: Volume 24, Number 21

May 14, 2022: Volume 24, Number 20

May 7, 2022: Volume 24, Number 19

April 30, 2022: Volume 24, Number 18

April 23, 2022: Volume 24, Number 17

April 16, 2022: Volume 24, Number 16

April 2, 2022: Volume 24, Number 14

March 26, 2022: Volume 24, Number 13

March 19, 2022: Volume 24, Number 12

March 12, 2022: Volume 24, Number 11

March 5, 2022: Volume 24, Number 10

February 26, 2022: Volume 24, Number 9

February 19, 2022: Volume 24, Number 8

February 12, 2022: Volume 24, Number 7

February 5, 2022: Volume 24, Number 6

January 29, 2022: Volume 24, Number 5

January 22, 2022: Volume 24, Number 4

January 15, 2022: Volume 24, Number 3

January 8, 2022: Volume 24, Number 2

January 1, 2022: Volume 24, Number 1

December 6, 2021: Volume 23, Number 48

November 20, 2021: Volume 23, Number 47

November 13, 2021: Volume 23, Number 46

November 6, 2021: Volume 23, Number 45

October 30, 2021: Volume 23, Number 44

October 23, 2021: Volume 23, Number 43

October 16, 2021: Volume 23, Number 42

October 9, 2021: Volume 23, Number 41

October 2, 2021: Volume 23, Number 40

September 25, 2021: Volume 23, Number 39

September 18, 2021: Volume 23, Number 38

September 11, 2021: Volume 23, Number 37

September 4, 2021: Volume 23, Number 36

August 28, 2021: Volume 23, Number 35

August 21, 2021: Volume 23, Number 34

August 14, 2021: Volume 23, Number 33

August 7, 2021: Volume 23, Number 32

July 31, 2021: Volume 23, Number 31

July 24, 2021: Volume 23, Number 30

July 17, 2021: Volume 23, Number 29

July 10, 2021: Volume 23, Number 28

July 3, 2021: Volume 23, Number 27

June 26, 2021: Volume 23, Number 26

June 19, 2021: Volume 23, Number 25

June 12, 2021: Volume 23, Number 24

June 5, 2021: Volume 23, Number 23

June 5, 2021: Volume 23, Number 22

May 22, 2021: Volume 23, Number 21

May 15, 2021: Volume 23, Number 20

May 8, 2021: Volume 23, Number 19

May 1, 2021: Volume 23, Number 18

April 24, 2021: Volume 23, Number 17

April 17, 2021: Volume 23, Number 16

April 10, 2021: Volume 23, Number 15

April 3, 2021: Volume 23, Number 14

March 27, 2021: Volume 23, Number 13

March 20, 2021: Volume 23, Number 12

March 13, 2021: Volume 23, Number 11

March 6, 2021: Volume 23, Number 10

February 27, 2021: Volume 23, Number 9

February 20, 2021: Volume 23, Number 8

February 13, 2021: Volume 23, Number 7

February 6, 2021: Volume 23, Number 6

January 31, 2021: Volume 23, Number 5

January 23, 2021: Volume 23, Number 4

January 16, 2021: Volume 23, Number 3

January 9, 2021: Volume 23, Number 2

January 2, 2021: Volume 23, Number 1

December 26, 2020: Volume 22, Number 52

December 19, 2020: Volume 22, Number 51

December 12, 2020: Volume 22, Number 50

December 5, 2020: Volume 22, Number 49

November 28, 2020: Volume 22, Number 48

November 20, 2020: Volume 22, Number 47

November 14, 2020: Volume 22, Number 46

November 7, 2020: Volume 22, Number 45

October 31, 2020: Volume 22, Number 44

October 24, 2020: Volume 22, Number 43

October 17, 2020: Volume 22, Number 42

October 10, 2020: Volume 22, Number 41

October 3, 2020: Volume 22, Number 40

September 26, 2020: Volume 22, Number 39

September 19, 2020: Volume 22, Number 38

September 12, 2020: Volume 22, Number 37

September 5, 2020: Volume 22, Number 36

August 29, 2020: Volume 22, Number 35

August 22, 2020: Volume 22, Number 34

August 15, 2020: Volume 22, Number 33

August 9, 2020: Volume 22, Number 32

August 1, 2020: Volume 22, Number 31

July 25, 2020: Volume 22, Number 30

July 18, 2020: Volume 22, Number 29

July 11, 2020: Volume 22, Number 28

July 4, 2020: Volume 22, Number 27

June 27, 2020: Volume 22, Number 26

June 20, 2020: Volume 22, Number 25

June 13, 2020: Volume 22, Number 24

June 6, 2020: Volume 22, Number 23

May 30, 2020: Volume 22, Number 22

May 23, 2020: Volume 22, Number 21

May 16, 2020: Volume 22, Number 20

May 9, 2020: Volume 22, Number 19

May 2, 2020: Volume 22, Number 18