Doug Bidwell
-
IBM i PTF Guide, Volume 26, Number 32
August 19, 2024 Doug Bidwell
You knew that this was not going to last forever. We had a few weeks where there were not any security vulnerabilities in the IBM i stack, and now you have three you need to attend to this week. There are some patches for WebSphere middleware as well.
Let’s start with the security issues.
First, we have Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2024 CPU, which you can read all about here. The affected products include:
Affected Product(s) Version(s) IBM WebSphere Application Server
… Read more -
IBM i PTF Guide, Volume 26, Number 31
August 12, 2024 Doug Bidwell
As we report elsewhere in this issue, the big news this week in IBM Software Land is a new release of Access Client Solutions, which is rolled out as a PTF update for the currently supported releases of the IBM i operating system. Our story is here, and the release notes are there.
We did not see any new security vulnerabilities, which is always good news.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- IBM i Access Client Solutions V1.1.9.6
- SAP Support Required PTF List for IBM
-
IBM i PTF Guide, Volume 26, Number 30
August 7, 2024 Doug Bidwell
Sometimes, you have to work really hard to try to figure out if you are going to have to do a lot of patching on the systems this week – and then you find out, to your pleasant surprise, that the hardest work you had to do was to find out that you really didn’t have to worry about much. Such is this week.
Basically, there are just new defective PTFs this week and that is about it.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- None
PTF Groups …
Read more -
IBM i PTF Guide, Volume 26, Number 29
August 5, 2024 Doug Bidwell
We know that you were just getting comfortable with a relatively easy summer, CrowdStrike crash excepted if you are one of its customers, and so we have a few security vulnerabilities and PTF patches you need to cope with this week.
First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks [CVE-2023-38709, CVE-2024-24795], which you can find out more about at this link. The fixes for this issue, by IBM i release, are as follows:
IBM i Release 5770-DG1 PTF Number 7.5 SJ01350 SJ01401 7.4 SJ01349 SJ01400 7.3
… Read more -
IBM i PTF Guide, Volume 26, Number 28
July 22, 2024 Doug Bidwell
Welcome to this week, which is a very, very quiet week, even for the IBM i PTF Guide. Like, hardly anything at all is happening. There are a few little things, which we will now point out.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- Fix list for IBM WebSphere Application Server Liberty
- MustGather: How To Obtain and Install QMGTOOLS
PTF Groups 7.4:
- Fix list for IBM WebSphere Application Server Liberty
- MustGather: How To Obtain and Install QMGTOOLS
PTF Groups 7.3:
- Fix list for IBM WebSphere Application Server
-
IBM i PTF Guide, Volume 26, Number 27
July 15, 2024 Doug Bidwell
Get your PTF patching fingers all cracked and stretched because you will be doing some typing this week. There are a three security issues you need to cope with and a slew of patches that run the gamut of subsystems on the platform. As usual, let’s start with the security vulnerabilities.
First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and bypassing security restrictions due to multiple vulnerabilities, which you can find out more about here. The patches for this issue, by IBM i release level, …
Read more -
IBM i PTF Guide, Volume 26, Number 26
July 10, 2024 Doug Bidwell
After a pretty busy few weeks, you are getting a bit of a break, with only one security vulnerability this week. You can read about it in Security Bulletin: IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to unqualified library calls (CVE-2024-38330), with details at this link.
The IBM i PTF numbers for 5770-MG1 and 5770-SM1 contain the fixes for the vulnerability, as follows:
IBM i Release 5770-MG1 PTF Number 7.4 SJ01170 7.3 SJ01174 7.2 SJ01175 5770-SM1 PTF Number 7.4 SJ01325 7.3 SJ01324 7.2 SJ01323
… Read more -
IBM i PTF Guide, Volume 26, Numbers 24 And 25
July 8, 2024 Doug Bidwell
It is Ketchup Week here at the IBM i PTF Guide, and not just because of all of the hot dogs, hamburgers, and French American fries being consumed for the Independence Day holiday here in the United States of America.
The Four Hundred has been publishing on a lighter schedule than usual, as sometimes happens during the summer months as people get some downtime, and we are catching you up on the PTFs for the IBM i stack, converging two issues of The Guide into a single one so we can get back to lock stepping it in Monday’s …
Read more -
IBM i PTF Guide, Volume 26, Number 23
June 24, 2024 Doug Bidwell
This week, there is only one security vulnerability in the IBM i stack, but there are a slew of PTF updates for the currently supported releases of the IBM i operating system.
So to start with, there is Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849), which you can find out more about at this link. The issue affects IBM Rational Developer for i 9.8.0.0 through 9.8.0.1, and the issue can be fixed by installing fixpack 9.8.0.2.
Here is the rundown of PTF Groups by IBM i release …
Read more -
IBM i PTF Guide, Volume 26, Number 22
June 19, 2024 Doug Bidwell
Right off the bat we have recommended fixed for the IBM Cryptographic Services/DCM/Cryptographic Co-processor for both IBM i 7.4 and IBM i 7.5. You can check out this link for more information.
We also have two security vulnerabilities that you need to be aware of.
First, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to weak TLS security, cross-site scripting, denial of service, and a server-side request forgery due to multiple vulnerabilities. You can find out more about this at this particular link. The affected releases and their PTFs are as follows:
IBM
… Read more