Doug Bidwell
-
IBM i PTF Guide, Volume 24, Number 47
November 28, 2022 Doug Bidwell
It is a busy, busy week for the IBM i PTF Guide, folks. So get some coffee. There are a bunch of security vulnerabilities that you need to take a look at, and there are also some recommended fixes that are not included in either the PTF groups or the cumulative PTF updates.
First, there is Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities, which you can read more about at this link. The fixes for this vulnerability can …
Read more -
IBM i PTF Guide, Volume 24, Number 46
November 14, 2022 Doug Bidwell
This week, you will find much to your surprise that Access Client Solutions 1.1.9.1, which was promised for delivery on December 2 back at the NAViGATE 2022 COMMON conference in St Louis, is out a few weeks early. We saw it available and downloaded it on November 11, which means it is a few weeks early.
ACS 1.1.9.1 follows on the heels of the 1.1.9.0 release that came out in April 2022, with mitigations for the Log4j security vulnerabilities. We don’t know the full set of enhancements yet, but this IBM i – ACS Updates page at Big Blue …
Read more -
IBM i PTF Guide, Volume 24, Number 45
November 7, 2022 Doug Bidwell
Hello good people of IBM i Land. There’s a security vulnerability you need to take a look at to see if it affects your system, and a whole bunch of PTF patches for all kinds of things. Let’s start with the vulnerability, which you can see in Security Bulletin: Zlib for IBM i is vulnerable to a buffer overflow issue during inflate (CVE-2022-37434) and which you can find out more about here.
This is not the same vulnerability in Zlib for IBM i that we told you about last week, so don’t think we are a skipping record here. …
Read more -
IBM i PTF Guide, Volume 24, Number 44
October 31, 2022 Doug Bidwell
Remember all of those quiet weeks in PTF Land when nothing much was going on? There is a whole bunch of stuff this week.
First, starting October 26, IBM has enabled multi-factor authentication (MFA) for all its websites using IBMid. As a user on the Entitled Systems Support website, you are using IBMid to login, so you are impacted by the change. When you first login after the change is implemented, you will be asked to add an additional authentication method – either a code sent to your email or a supported mobile authenticator app available on Google Play Store …
Read more -
IBM i PTF Guide, Volume 24, Number 43
October 24, 2022 Doug Bidwell
We are happy to report that there are no new security vulnerabilities in the IBM i stack and related open-source software this week – at least as far as we know. So, rejoice in that. There are a bunch of HIPER PTFs and fixes for Java that span the current IBM i releases on support and extended support, so be aware of those.
And just a reminder to keep checking out The Four Hundred in each issue as we drill down into new details related to the Tech Refreshes announced this month, and that are coming in December.
Now, here …
Read more -
IBM i PTF Guide, Volume 24, Number 42
October 17, 2022 Doug Bidwell
The hot news this week, which we have reported about previously and which we will be drilling down into more deeply, is that the Fall 2022 Tech Refresh updates for IBM i have been announced and will be generally available on December 2. The theme from IBM is “Let’s create a new level of integrated simplicity,” and you can see more about IBM i 7.5 Technology Refresh 1 at this link and more about IBM i 7.4 Technology Refresh 7 at that link.
Keep checking out The Four Hundred as we drill down into new details related to the …
Read more -
IBM i PTF Guide, Volume 24, Number 41
October 10, 2022 Doug Bidwell
Just a reminder in case you didn’t see it last week: End of Marketing for IBM i 7.3 is 4/28/23 and end of standard support for IBM i 7.3 is 9/30/23. You can read IBM’s support statement about it here and you can see our related coverage on it there.
Also: QMGTOOLS and FTP Credentials required for Enhanced Customer Data Repository (ECuRep), find out more at this link.
Now, here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Security
- MustGather: How To Obtain and Install
-
IBM i PTF Guide, Volume 24, Number 40
October 3, 2022 Doug Bidwell
It’s the fall now, and in the wake of the September IBM i announcements, upgrade season has begun. Now, we will see if companies are in a mood to upgrade before the end of the year or will push it out into 2023.
This week, we want to let you know that QMGTOOLS and FTP Credentials required for Enhanced Customer Data Repository (ECuRep), which you can find out more about here.
Now, here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- IBM MQ for IBM i – v9.2.0/v9.3.0
- TCP/IP
-
IBM i PTF Guide, Volume 24, Number 39
September 26, 2022 Doug Bidwell
Another week, another security vulnerability. This one could be a biggie, so pay attention. Security Bulletin: IBM Common Cryptographic Architecture (CCA) is vulnerable to denial of service (CVE-2022-22423), which you can find out more about here. The vulnerability can be fixed by applying a PTF to IBM i. Releases 7.5, 7.4, 7.3, and 7.2 of IBM i will be fixed. Each PTF bundles updates to CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769, bringing their respective firmware levels to 5.7.12 and 7.3.44 or later, respectively.
Here are the fixes for this particular vulnerability:
IBM i release
… Read more -
IBM i PTF Guide, Volume 24, Number 38
September 19, 2022 Doug Bidwell
It is a quiet week for PTFs, with two security vulnerabilities for the IBM i platform and not much else.
We will start with Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742), which you can find out more about at this link. Here are the fixes:
IBM i Release 5770-SS1 PTF Number 7.4 SI80816 7.3 SI80815And then there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing with authenticated user and ability to bypass security restrictions due …
Read more