IBM i PTF Guide, Volume 25, Number 30
July 24, 2023 Doug Bidwell
The security vulnerabilities in the IBM i software stack are coming in waves. This week, there are three more to report, two of which we detail separately in this issue.
First, we have Security Bulletin: IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988), which you can find out more about here. The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 installed with 5798-FAX version V5R8M0 will be fixed. IBM i Release, 5798-FAX,V5R8M0 PTF Number SI83583 for 7.5, 7.4, 7.3, 7.2 – read the cover letter.
Second, we have Security Bulletin: IBM Performance Tools for i is vulnerable to local privilege escalation (CVE-2023-30989), with more information at this link. The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed. The IBM i PTF numbers for 5770-PT1 IBM Performance Tools for i contain the fix for the vulnerability:
IBM i Release 5770-PT1 PTF Number 7.5 SI83383 7.4 SI83383 7.3 SI83382 7.2 SI83381
Third, we have Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to SnakeYaml [CVE-2022-1471], with more information at this link. Release 2.3.0 and 2.4.0 are supported and can be fixed by applying Program Temporary Fixes (PTFs) to the IBM i. The PTF numbers containing the fix for this vulnerability are in the following table:
IBM Db2 Web Query for i Release 5733WQX PTFs to apply for remediation:
IBM i LicPgm Group PTF - Level to apply for remediation 5733WQX 2.3.0 7.5 SF99671 - 09 7.4 SF99654 - 09 7.3 SF99533 - 09 5733WQX 2.4.0 SI83837----->Applies to any IBM i release SI83838----->Applies to any IBM i release
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Security
- Db2 Web Query for i V2.3.0
- Temporary Storage PTFs
PTF Groups 7.4:
- HIPERs (High Impact/Pervasive)
- Security
- Db2 Web Query for i V2.3.0
PTF Groups 7.3:
- HIPERs (High Impact/Pervasive)
- Security
- Db2 Web Query for i V2.3.0
Tip O’ The Week: We also want to remind you that IBM’s TechXchange 2023 conference is coming up, running from September 11 through 14. This is a must-attend event for technologists using IBM products and solutions, with over a thousand technical breakout sessions, hands-on experiences, product demonstrations, instructor-led labs, and certifications tailored to your interests. The agenda is packed and is available here.
New (or Updated) links added to the ‘Links’ tab in the guide this week:
- Nothing new here to report
New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:
- Nothing here, either
New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:
- DCM: How to Renew a Local Certificate Authority (CA) in Digital Certificate Manager for i (DCM), 6614751
- Media: IBM Navigator for i – A whole new world, YouTube 2022
- WebQuery: Info APAR for DB2 Web Query on i V2R2M0, 1409871
- WebQuery: DB2 Web Query for i, N/A
- WebQuery: Web Query-PTFs and On-going Service, 1274716
- WebQuery: WebQuery Release 2.3.0 PTFs and On-going Service, 6855673
- WebQuery: WebQuery New Features All Releases, 1282156
New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:
- Nothing here
New (or Updated) links Redbooks added this week:
- And nothing here as well.
The Guide at a glance: There are new defectives this week (07/22/23). Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------------------------ 7.5 07/07/23 SI83652 SE80124 SI84074 (When available) SI83634 SI83569 SI83484 SI83436 SI83434 SI83413 SI83330 SI83285 7.4 07/07/23 SI83651 SE80124 SI84075 (When available) SI83633 SI83437 SI83435 SI83412 SI83327 SI83284 7.3 05/26/23 SI79287 SE79905 SI83578 (When available)
Be sure to access the link in the Guide for further details.
Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:
July 22, 2023: Volume 25, Number 30
July 15, 2023: Volume 25, Number 29
July 8, 2023: Volume 25, Number 28
July 1, 2023: Volume 25, Number 27
June 24, 2023: Volume 25, Number 26
June 17, 2023: Volume 25, Number 25
June 10, 2023: Volume 25, Number 24
June 3, 2023: Volume 25, Number 23
May 27, 2023: Volume 25, Number 22
May 20, 2023: Volume 25, Number 21
May 13, 2023: Volume 25, Number 20
May 6, 2023: Volume 25, Number 19
April 29, 2023: Volume 25, Number 18
April 22, 2023: Volume 25, Number 17
April 15, 2023: Volume 25, Number 16
April 8, 2023: Volume 25, Number 15
April 1, 2023: Volume 25, Number 14
March 25, 2023: Volume 25, Number 13
March 18, 2023: Volume 25, Number 12
March 11, 2023: Volume 25, Number 11
March 4, 2023: Volume 25, Number 10
February 25, 2023: Volume 25, Number 9
February 18, 2023: Volume 25, Number 8
February 13, 2023: Volume 25, Number 7
February 4, 2023: Volume 25, Number 6
January 28, 2023: Volume 25, Number 5
January 21, 2023: Volume 25, Number 4
January 14, 2023: Volume 25, Number 3
January 7, 2023: Volume 25, Number 2
January 1, 2023: Volume 25, Number 1
December 10, 2022: Volume 24, Number 50
December 3, 2022: Volume 24, Number 49
November 26, 2022: Volume 24, Number 48
November 19, 2022: Volume 24, Number 47
November 12, 2022: Volume 24, Number 46
November 5, 2022: Volume 24, Number 45
October 29, 2022: Volume 24, Number 44
October 22, 2022: Volume 24, Number 43
October 15, 2022: Volume 24, Number 42
October 8, 2022: Volume 24, Number 41
October 1, 2022: Volume 24, Number 40
September 24, 2022: Volume 24, Number 39
September 17, 2022: Volume 24, Number 38
September 10, 2022: Volume 24, Number 37
September 3, 2022: Volume 24, Number 36
August 27, 2022: Volume 24, Number 35
August 20, 2022: Volume 24, Number 34
August 13, 2022: Volume 24, Number 33
August 6, 2022: Volume 24, Number 32
July 30, 2022: Volume 24, Number 31
July 23, 2022: Volume 24, Number 30
July 16, 2022: Volume 24, Number 29
July 9, 2022: Volume 24, Number 28
June 25, 2022: Volume 24, Number 26
June 18, 2022: Volume 24, Number 25
June 11, 2022: Volume 24, Number 24
June 4, 2022: Volume 24, Number 23
May 28, 2022: Volume 24, Number 22
May 25, 2022: Volume 24, Number 21
May 14, 2022: Volume 24, Number 20
May 7, 2022: Volume 24, Number 19
April 30, 2022: Volume 24, Number 18
April 23, 2022: Volume 24, Number 17
April 16, 2022: Volume 24, Number 16
April 2, 2022: Volume 24, Number 14
March 26, 2022: Volume 24, Number 13
March 19, 2022: Volume 24, Number 12
March 12, 2022: Volume 24, Number 11
March 5, 2022: Volume 24, Number 10
February 26, 2022: Volume 24, Number 9
February 19, 2022: Volume 24, Number 8
February 12, 2022: Volume 24, Number 7
February 5, 2022: Volume 24, Number 6
January 29, 2022: Volume 24, Number 5
January 22, 2022: Volume 24, Number 4
January 15, 2022: Volume 24, Number 3
January 8, 2022: Volume 24, Number 2
January 1, 2022: Volume 24, Number 1
December 6, 2021: Volume 23, Number 48
November 20, 2021: Volume 23, Number 47
November 13, 2021: Volume 23, Number 46
November 6, 2021: Volume 23, Number 45
October 30, 2021: Volume 23, Number 44
October 23, 2021: Volume 23, Number 43
October 16, 2021: Volume 23, Number 42
October 9, 2021: Volume 23, Number 41
October 2, 2021: Volume 23, Number 40
September 25, 2021: Volume 23, Number 39
September 18, 2021: Volume 23, Number 38
September 11, 2021: Volume 23, Number 37
September 4, 2021: Volume 23, Number 36
August 28, 2021: Volume 23, Number 35
August 21, 2021: Volume 23, Number 34
August 14, 2021: Volume 23, Number 33
August 7, 2021: Volume 23, Number 32
July 31, 2021: Volume 23, Number 31
July 24, 2021: Volume 23, Number 30
July 17, 2021: Volume 23, Number 29
July 10, 2021: Volume 23, Number 28
July 3, 2021: Volume 23, Number 27
June 26, 2021: Volume 23, Number 26
June 19, 2021: Volume 23, Number 25
June 12, 2021: Volume 23, Number 24
June 5, 2021: Volume 23, Number 23
June 5, 2021: Volume 23, Number 22
May 22, 2021: Volume 23, Number 21
May 15, 2021: Volume 23, Number 20
