Doug Bidwell
-
IBM i PTF Guide, Volume 25, Number 19
May 8, 2023 Doug Bidwell
There are new cumulative updates this week, and a couple of security vulnerabilities that you need to be aware of, which we cover along with the normal PTF updates and defective PTF rundown that we do every week. Let’s start, as we often do, with the vulnerabilities.
First, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i. which is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities. You can find out more about at this link. The issues can be fixed …
Read more -
IBM i PTF Guide, Volume 25, Number 18
May 1, 2023 Doug Bidwell
A new week, a new security vulnerability in the IBM i platform. This time around, we have Security Bulletin: Vulnerability in libtasn1 (CVE-2021-46848) affects Power HMC, which you can read more about at this link. The Affected products and versions are: HMC V10.1.1010.0, HMC V10.2.1030.0, and HMC V9.2.950.0. The remediation/fixes for the vulnerability are:
Product VRMF APAR Remediation/Fix Power HMC V9.2.950.0 SP3 ppc MB04397 MH01954 Power HMC V9.2.950.0 SP3 x86 MB04396 MH01953 Power HMC V10.1.1020.0 SP1 ppc MB04388 MF70701 Power HMC V10.1.1020.0 SP1 x86 MB04387 MF70700 Power HMC V10.2.1030.0 ppc MB04401 MF70890 Power HMC V10.2.1030.0 SP1 x86 MB04400 MF70889
… Read more -
IBM i PTF Guide, Volume 25, Number 17
April 24, 2023 Doug Bidwell
There are a lot of PTFs that you need to be aware of this week, but before we get into them, there are two security vulnerabilities, one affecting the IBM i platform’s integrated Apache Web server and the other affecting the combination of IBM i Access Client Solutions combined with the IBM Toolbox for Java. Let’s get into the security bulletins to start.
First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001), which you can find out more about at this link …
Read more -
IBM i PTF Guide, Volume 25, Number 16
April 17, 2023 Doug Bidwell
In a rare occurrence, there are no updates to the PTF Groups for the currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – but there sure are a whole bunch of security vulnerabilities that IBM i shops have to deal with.
First, there are two of them dealing with WebSphere Application Server Liberty. In PH50863:IBM WebSphere Application Server Liberty is vulnerable to a denial of service, which you can find out more about here and which deals with CVE-2023-24998 CVSS 7.5. Then there is PH52739:IBM WebSphere Application Server Liberty is vulnerable to a privilege …
Read more -
IBM i PTF Guide, Volume 25, Number 15
April 10, 2023 Doug Bidwell
It is Spring Break in a lot of places, and also Easter and Passover as we go to press, and so it is not at all surprising that there is not a lot of activity in the IBM i PTF Guide this week. We took the opportunity to retire 7.2 worksheet, check the archives, and, DLB_PTF_04/01/23_B25N14.XLS for the last worksheet. Any changes to V7R2 going forward will be detailed here instead of the Guide.
There are High Impact/Pervasive tweaks for all currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – and a fix list …
Read more -
IBM i PTF Guide, Volume 25, Number 14
April 3, 2023 Doug Bidwell
The IBM i 7.4 Technology Refresh 8 marker PTF is out, and we see it in HTTP Server Group 26. Nothing special so far, just the indication that it is out, but nothing on 7.3 or 7.5 groups, yet – only 7.4. Thank you, Jozef in New Zealand, for catching that, and sharing it! The Four Hundred collective thinks the IBM i TRs might be coming on April 11, but that has not been confirmed by Big Blue as yet.
We mostly suspect this will happen because that is when ITJ Editor Alex Woodie scheduled a trip to Hawaii with …
Read more -
IBM i PTF Guide, Volume 25, Number 13
March 27, 2023 Doug Bidwell
This week, the IBM i community has to take a look at two new security vulnerabilities. There are PTF updates for IBM Navigator for it that you need to look at. The updated details for the PTFs for Navigator for i are in the link in the ACS_NAV worksheet. And there is also a defective PTF you probably need to take a look at, too.
Now, on to the security vulnerabilities.
First, there is Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283), which you can find out more about here. For …
Read more -
IBM i PTF Guide, Volume 25, Number 12
March 22, 2023 Doug Bidwell
We are always on the hunt for something new, but sometimes we find something that is not new but is new to us and maybe you, too. Here is a case in point: The IBM i 7.4 section on the IBM documentation site was last updated in the last half of the year 2021 and now describes the enhancements made to ILE RPG after 7.4 with PTFs. You can see it here. Also, we wanted to point out that we have re-organized the ACS_NAV worksheet contents, adding a bunch of links to documents and several YouTube links. That is …
Read more -
IBM i PTF Guide, Volume 25, Number 11
March 15, 2023 Doug Bidwell
Even when there is not a lot going in with PTF Groups or security vulnerabilities or other things with the IBM i platform, there is always something going on with the IBM i PTF Guide. This week is a slow one, and so that gave us time to catch up on the links embedded within the Guide. Keep an eye out for them next week and also for a video log for Access Client Services.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
PTF …
Read more -
IBM i PTF Guide, Volume 25, Number 10
March 13, 2023 Doug Bidwell
Here is what is new this week: Fixes. To be specific: Long Term Support release: 9.2.0.10 client install image for IBM MQ on IBM i release level: 9.2.0.10-IBM-MQC-IBM_i. IBM MQ is also known as WebSphere MQ also known as MQ Series, and it is the message queuing middleware that Big Blue has been selling since 1993. Yup, that is 30 years ago, and this tool is one of the foundations of the microservices movement. It is Kafka-esque. Or, more precisely, Kafka is MQ-esque.
Anyway, here is the rundown of PTF Groups by IBM i release level since we last …
Read more