IBM i PTF Guide, Volume 26, Numbers 48 Through 50

January 13, 2025 Doug Bidwell

With The Four Hundred on hiatus for the holidays in late December and early January, we are playing catch up with editions of the IBM i PTF Guide. This week, we will close out 2024 with the final three editions put together in December.

Let’s start with Volume 26, Number 48, which came out December 7. It starts with Security Bulletin: Vulnerability in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to October 2024 CPU, which you can learn more about here. The affected products include WebSphere Application Server 8.5 and 9.0 as well as WebSphere Application Server Liberty Continuous delivery.

Here is the rundown of PTF Groups by IBM i release level since we last published on December 9:

PTF Groups 7.5:

HIPERs (High Impact/Pervasive)
PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
Defective PTFs
QMGTOOLS
Rational Developer for i
RPG Café

PTF Groups 7.4:

HIPERs (High Impact/Pervasive)
PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
Defective PTFs
QMGTOOLS
Rational Developer for i
RPG Café

PTF Groups 7.3:

PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
Defective PTFs
QMGTOOLS
Rational Developer for i
RPG Café

Tip O’ The Week: Last fall, we were asking you to reach out and help the people hurt by Hurricanes Helene and Milton if you could, and we warned that we would all get a turn having our lives turned upside down. And here we are in the second week of January, and there are wildfires around Los Angeles, with tens of thousands of structures burned, an unknown number of dead, and so many people who need help.

New (or Updated) links added to the ‘Links’ tab in The Guide this week:

FSFC: FSFC Features and Upgrades – 5.2, 6986607
FSR: FSR Features and Upgrades – 5.2, 7062494
FSFC/FSR: PowerHA Tools Compatibility Information, 6560768

New (or Updated) links added to the ‘QMGtools’ tab in The Guide this week:

MustGather – Ansible for IBM i, 6250061

New (or Updated) links added to the ‘ACS_NAV’ tab in The Guide this week:

None

New (or Updated) links added to the ‘Prtr Links’ tab in The Guide this week:

None

New (or Updated) links Redbooks added this week:

None

New (or Updated) “Stuff” added to REF tab in The Guide this week:

None

The Guide at a glance:

There were new defectives the week of 12/07/24. Here is the defective PTF rundown, which is the last defective for each release:

	Defect	  Defective	APAR		Fixing
	Date	  PTF				PTF
	--------  --------	---------	-----------------------	
7.5	11/25/24  SI85459	DT417583	XXXXXXX (When available)(read the recommendations) Read the cover letter-prerequisites!
7.4	11/25/24  SI85460	DT417583	XXXXXXX (When available)(read the recommendations) Read the cover letter-prerequisites!
7.3	11/25/24  SI85462	DT417583	XXXXXXX (When available)(read the recommendations)

That brings us to Volume 26, Number 49, which came out December 14, which noted that Defective PTFs from the December 7 edition didn’t have fixing PTFs but they did a week later. Please read defective section below!

Number 49 had a slew of security vulnerabilities, so let’s dive right in.

First we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker obtaining sensitive information, bypassing security restrictions, and a server-side request forgery due to multiple vulnerabilities., which you can find out more about here. The issue can be fixed by applying a PTF to IBM i as follows:

IBM i Release	5770-DG1	PTF Number
7.5				SJ02352
				SJ02602	
7.4				SJ02234
				SJ02601	
7.3				SJ02216
				SJ02600	
7.2				SJ02215
				SJ02599

Second, we have Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2024-47554, CVE-2024-45801), with more information about it at this link. This affects IBM Rational Developer for i releases 9.8.0.0 to 9.8.0.2, with the interim fix is available at Downloads.

Third, we have Security Bulletin: IBM i is vulnerable to a file level denial of service due to an insufficient authority requirement. [CVE-2024-35122], with details at this link. The issue can be addressed by applying a PTF to IBM i:

IBM i Release	5770-SS1	PTF Numbers
7.5				SJ03022
7.4				SJ02988
7.3				SJ03130
7.2				SJ03131

Fourth, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a spoofing attack [CVE-2023-50314], with more information here. The issue can be fixed by applying a PTF to IBM i, as follows:

IBM i Release	5770-SS1 Option 3	PTF Numbers
7.5					SJ02961	
7.4					SJ02962	
7.3					SJ02963
7.2					SJ02964

Also, here is an update on High Impact / Highly Pervasive (HIPER) Issue concerning a potential undetected data loss that can occur on LPARs using NPIV with certain Fibre Channel adapters. Read more about it here, Potential undetected data loss can occur on LPARs using NPIV over Fibre Channel adapters with the following Feature Codes: EN1E/EN1F, EN1G/EN1H, EN1J/EN1K, EN2L/EN2M, and EN2N/EN2P.

Here is the rundown of PTF Groups by IBM i release level since Number 48:

PTF Groups 7.5:

HIPERs (High Impact/Pervasive)
Security
IBM DB2 Mirror for i
DB2 for IBM i
MustGather: How To Obtain and Install QMGTOOLS
RPG Café

PTF Groups 7.4:

HIPERs (High Impact/Pervasive)
Security
IBM DB2 Mirror for i
DB2 for IBM i
MustGather: How To Obtain and Install QMGTOOLS
RPG Café

PTF Groups 7.3:

HIPERs (High Impact/Pervasive)
Security
MustGather: How To Obtain and Install QMGTOOLS
RPG Café

There were new defectives the week of 12/14/24. Here is the defective PTF rundown, which is the last defective for each release:

	Defect		Defective	APAR		Fixing
	Date		PTF				PTF
	--------	--------	---------	-----------------------	
7.5	11/25/24	SI85459		DT417583	SJ03075 (When available)(read the recommendations) Read the cover letter-prerequisites!
7.4	11/25/24	SI85460		DT417583	SJ03166 (When available)(read the recommendations) Read the cover letter-prerequisites!
7.3	11/25/24	SI85462		DT417583	SJ03169 (When available)(read the recommendations)

In Volume 26, Number 50, published on December 21, we have two security vulnerabilities and two other issues as well as the regular group PTFs.

On the security front, first we have Security Bulletin: IBM i is vulnerable to an authenticated user gaining elevated privilege to a physical file [CVE-2024-47104], which you can read more about at this link. The issue can be addressed by applying a PTF to IBM i as follows:

IBM i Release	5770-SS1 Group PTF with Level
7.5		SF99950 750 Db2 for IBM i Level 8950
7.4		SF99704 740 Db2 for IBM i Level 29

Second, we have Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464], which is detailed here. The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, and 7.3 will be fixed. The IBM i PTF numbers for 5770-SS1 Option 3 contain the fix for the vulnerabilities. See:

IBM i Release	5770-SS1 PTF Numbers
7.5		SJ02361
7.4		SJ02360
7.3		SJ02359

Here is the rundown of PTF Groups by IBM i release level since Number 49:

PTF Groups 7.5:

IBM HTTP Server for i
IBM MQ for IBM i – v9.2.0/v9.3.0
WebSphere Application Server traditional V9.0
SAP support required PTF list for IBM i 7.5

PTF Groups 7.4:

IBM HTTP Server for i
MQ for IBM i – v9.0.0/v9.1.0/v9.2.0/v9.3.0
WebSphere Application Server traditional V9.0
SAP support required PTF list for IBM i 7.4

PTF Groups 7.3:

MQ for IBM i – v7.1.0/v8.0.0/V9.0.0/V9.1/V9.2
IBM HTTP Server for i
WebSphere Application Server traditional V9.0
SAP Support Required PTF List for IBM i 7.3

There were new defectives the week of 12/21/24. Here is the defective PTF rundown, which is the last defective for each release:

	Defect		Defective	APAR		Fixing
	Date		PTF				PTF
	--------	--------	---------	-----------------------	
7.5	11/25/24	SI85459		DT417583	SJ03075 (When available)(read the recommendations) Read the cover letter-prerequisites!
7.4	11/25/24	SI85460		DT417583	SJ03166 (When available)(read the recommendations) Read the cover letter-prerequisites!
7.3	11/25/24	SI85462		DT417583	SJ03169 (When available)(read the recommendations) ***None of the above are available as of this writing***

Be sure to access the link in The Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

December 21, 2024: Volume 26, Number 50

December 14, 2024: Volume 26, Number 49

December 7, 2024: Volume 26, Number 48

November 30, 2024: Volume 26, Number 47

November 23, 2024: Volume 26, Number 46

November 16, 2024: Volume 26, Number 45

November 9, 2024: Volume 26, Number 44

November 2, 2024: Volume 26, Number 43

October 26, 2024: Volume 26, Number 42

October 19, 2024: Volume 26, Number 41