IBM i PTF Guide, Volume 26, Numbers 24 And 25
July 8, 2024 Doug Bidwell
It is Ketchup Week here at the IBM i PTF Guide, and not just because of all of the hot dogs, hamburgers, and French American fries being consumed for the Independence Day holiday here in the United States of America.
The Four Hundred has been publishing on a lighter schedule than usual, as sometimes happens during the summer months as people get some downtime, and we are catching you up on the PTFs for the IBM i stack, converging two issues of The Guide into a single one so we can get back to lock stepping it in Monday’s issues.
So let’s get rolling with Volume 26, Number 24, which had four security vulnerabilities and a whole bunch of different stuff. Let’s start, as usual, with the vulnerabilities.
First, we have Security Bulletin: IBM i is vulnerable to user profile enumeration due to a supplied table function in Db2 for i (CVE-2024-31870), which you can find out more about at this link. The releases affected and their fixes are as follows:
IBM i Release 5770-SS1 PTF 7.5 SJ00244 7.4 SJ00245 7.3 SJ00246 7.2 SJ00247
Second, we have Security Bulletin: IBM i is vulnerable to a privilege escalation due to the ability to configure a physical file trigger in Db2 for IBM i. (CVE-2024-27275), for which you can find out more here. Brace yourself for the long list of patches needed for IBM i 7.3 and IBM i 7.2. Here are the patches for the four currently supported releases:
IBM i Release 5770-SS1 PTF Numbers PTF Download Link 7.5 SF99950 750 Db2 for IBM i Level 7 7.4 SF99704 740 Db2 for IBM i Level 28 7.3 SJ00297 SJ00314 SJ00325 SJ00343 SJ00347 SJ00352 SJ00353 SJ00361 SJ00389 SJ00450 SJ00455 SJ00580 SJ00743 SJ00744 SJ00749 SJ00752 SJ00764 SJ00765 SJ00768 SJ00769 7.2 SJ00298 SJ00315 SJ00326 SJ00346 SJ00348 SJ00354 SJ00355 SJ00360 SJ00390 SJ00449 SJ00456 SJ00581 SJ00747 SJ00748 SJ00750 SJ00753 SJ00763 SJ00766 SJ00767 SJ00770
Third, we have Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532), and you can read all about it here. The affected products are IBM WebSphere Application Server 8.5 and 9.0.
Finally for Volume 26, Number 24 we have Security Bulletin: IBM i is vulnerable to a local privilege escalation due to a flaw in IBM TCP/IP Connectivity Utilities for i (CVE-2024-31890), and you can get the details about it here. The affected releases and their fixes are as follows:
IBM i Release 5770-TC1 PTF Number 7.5 SJ00681 7.4 SJ00679 7.3 SJ00680
Here is the rundown of PTF Groups by IBM i release level since we last published two weeks ago:
PTF Groups 7.5:
- Fix list for IBM WebSphere Application Server Liberty
- SAP support required PTF list for IBM i 7.5
- QMGTOOLS
PTF Groups 7.4:
- Fix list for IBM WebSphere Application Server Liberty
- SAP support required PTF list for IBM i 7.4
- QMGTOOLS
PTF Groups 7.3:
- Fix list for IBM WebSphere Application Server Liberty
- SAP support required PTF list for IBM i 7.3
- QMGTOOLS
Tip O’ The Week: There is a new ODBC Driver (28) for IBM i. Check the ACS_NAV tab in The Guide.
- ACS Windows App Pkg English (64-bit), 1.1.0.28
- IBM GSKit (Global Security Kit), 8.0.55.31
- IBM i Access ODBC Driver, 13.64.28.00
New (or Updated) links added to the ‘Links’ tab in The Guide these past two weeks:
- MQ: IBM MQ, WebSphere MQ, and MQSeries product READMEs, 317955
- MQ: System Requirements for IBM MQ, 318077
New (or Updated) links added to the ‘QMGtools’ tab in The Guide this week:
- QMGTOOLS: Directory Threshold Collection, 7158171
- QMGTOOLS: Internals SYSSNAP Collection (INTSNAP), 7157792
New (or Updated) links added to the ‘ACS_NAV’ tab in The Guide this week:
- None
New (or Updated) links added to the ‘Prtr Links’ tab in The Guide this week:
- None
New (or Updated) links Redbooks added this week:
- None
New (or Updated) “Stuff” added to REF tab in The Guide this week:
- None
The Guide at a glance: There are new defectives this week (06/22/24). Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- - ----------------------- 7.5 04/23/24 SI85693 DT378886 SJ00269 (When available) SI84240 7.4 04/23/24 SI85692 DT378886 SJ00268 (When available) SI84239 7.3 01/10/24 SI85576 SE81023 SI85663 (When available)
In Volume 26, Number 25, there wasn’t all that much going on, which is what you expect just before the July 4th holiday in the States.
There was one security vulnerability, which you can see at Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol (CVE-2024-27316) and which you can read about in detail here. The IBM i PTF number for 5770-DG1 contains the fix to resolve the vulnerability:
IBM i Release PTF Number 5770-DG1, 7.5 SJ01169 5770-DG1, 7.4 SJ01168 5770-DG1, 7.3 SJ01156
There is an issue with System Snapshot that surfaced before the July 4th holiday. QMGTOOLS System Snapshot (SYSSNAP) may delete data in the Integrated File System (IFS) incorrectly, and you can read more about the situation here. The affected releases of QMGTOOLS are for R730, R740 and R750 build dates of 5/29/2024, 6/7/2024, 6/11/2024 and 6/17/2024. The resolution of this situation is to upgrade QMGTOOLS to build date June 27, 2024 (06/27/2024). Extra steps have been taken to ensure only the SYSSNAP directory will be removed when specified.
And finally, here is the Guide at a glance for Volume 26, Number 25: There are new defectives this week (06/29/24). Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- - ----------------------- 7.5 04/23/24 SI85693 DT378886 SJ00269 (When available) SI84240 7.4 04/23/24 SI85692 DT378886 SJ00268 (When available) SI84239 7.3 01/10/24 SI85576 SE81023 SI85663 (When available)
Be sure to access the link in the Guide for further details.
Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:
June 29, 2024: Volume 26, Number 25
June 22, 2024: Volume 26, Number 24
June 15, 2024: Volume 26, Number 23
June 8, 2024: Volume 26, Number 22
June 1, 2024: Volume 26, Number 21
May 25, 2024: Volume 26, Number 20
May 18, 2024: Volume 26, Number 19
May 11, 2024: Volume 26, Number 18
May 4, 2024: Volume 26, Number 17
April 20, 2024: Volume 26, Number 16
April 13, 2024: Volume 26, Number 15
April 6, 2024: Volume 26, Number 14
March 30, 2024: Volume 26, Number 13
March 24, 2024: Volume 26, Number 12
March 16, 2024: Volume 26, Number 11
March 9, 2024: Volume 26, Number 10
March 2, 2024: Volume 26, Number 9
February 24, 2024: Volume 26, Number 8
February 17, 2024: Volume 26, Number 7
February 10, 2024: Volume 26, Number 6
February 3, 2024: Volume 26, Number 5
January 27, 2024: Volume 26, Number 4
January 20, 2024: Volume 26, Number 3
January 13, 2024: Volume 26, Number 2
January 6, 2024: Volume 26, Number 1
December 30, 2023: Volume 25, Number 53
December 30, 2023: Volume 25, Number 53
December 23, 2023: Volume 25, Number 52
December 16, 2023: Volume 25, Number 51
December 9, 2023: Volume 25, Number 50
December 2, 2023: Volume 25, Number 49
November 25, 2023: Volume 25, Number 48
November 18, 2023: Volume 25, Number 47
November 11, 2023: Volume 25, Number 46
November 4, 2023: Volume 25, Number 45
October 28, 2023: Volume 25, Number 44
October 21, 2023: Volume 25, Number 43
October 14, 2023: Volume 25, Number 42
October 7, 2023: Volume 25, Number 41
September 30, 2023: Volume 25, Number 40
September 23, 2023: Volume 25, Number 39
September 16, 2023: Volume 25, Number 38
September 9, 2023: Volume 25, Number 37
September 2, 2023: Volume 25, Number 36
August 26, 2023: Volume 25, Number 35
August 19, 2023: Volume 25, Number 34
August 12, 2023: Volume 25, Number 33
August 5, 2023: Volume 25, Number 32
July 29, 2023: Volume 25, Number 31
July 22, 2023: Volume 25, Number 30
July 15, 2023: Volume 25, Number 29
July 8, 2023: Volume 25, Number 28
July 1, 2023: Volume 25, Number 27
June 24, 2023: Volume 25, Number 26
June 17, 2023: Volume 25, Number 25
June 10, 2023: Volume 25, Number 24
June 3, 2023: Volume 25, Number 23
May 27, 2023: Volume 25, Number 22
May 20, 2023: Volume 25, Number 21
May 13, 2023: Volume 25, Number 20
May 6, 2023: Volume 25, Number 19
April 29, 2023: Volume 25, Number 18
April 22, 2023: Volume 25, Number 17
April 15, 2023: Volume 25, Number 16
April 8, 2023: Volume 25, Number 15
April 1, 2023: Volume 25, Number 14
March 25, 2023: Volume 25, Number 13
March 18, 2023: Volume 25, Number 12
March 11, 2023: Volume 25, Number 11
March 4, 2023: Volume 25, Number 10
February 25, 2023: Volume 25, Number 9
February 18, 2023: Volume 25, Number 8
February 13, 2023: Volume 25, Number 7
February 4, 2023: Volume 25, Number 6
January 28, 2023: Volume 25, Number 5
January 21, 2023: Volume 25, Number 4
January 14, 2023: Volume 25, Number 3
January 7, 2023: Volume 25, Number 2
January 1, 2023: Volume 25, Number 1
December 10, 2022: Volume 24, Number 50
December 3, 2022: Volume 24, Number 49
November 26, 2022: Volume 24, Number 48
November 19, 2022: Volume 24, Number 47
November 12, 2022: Volume 24, Number 46
November 5, 2022: Volume 24, Number 45
October 29, 2022: Volume 24, Number 44
October 22, 2022: Volume 24, Number 43
October 15, 2022: Volume 24, Number 42
October 8, 2022: Volume 24, Number 41
October 1, 2022: Volume 24, Number 40
September 24, 2022: Volume 24, Number 39
September 17, 2022: Volume 24, Number 38
September 10, 2022: Volume 24, Number 37
September 3, 2022: Volume 24, Number 36
August 27, 2022: Volume 24, Number 35
August 20, 2022: Volume 24, Number 34
August 13, 2022: Volume 24, Number 33
August 6, 2022: Volume 24, Number 32
July 30, 2022: Volume 24, Number 31
July 23, 2022: Volume 24, Number 30
July 16, 2022: Volume 24, Number 29
July 9, 2022: Volume 24, Number 28
June 25, 2022: Volume 24, Number 26
June 18, 2022: Volume 24, Number 25
