Doug Bidwell
-
IBM i PTF Guide, Volume 26, Number 27
July 15, 2024 Doug Bidwell
Get your PTF patching fingers all cracked and stretched because you will be doing some typing this week. There are a three security issues you need to cope with and a slew of patches that run the gamut of subsystems on the platform. As usual, let’s start with the security vulnerabilities.
First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and bypassing security restrictions due to multiple vulnerabilities, which you can find out more about here. The patches for this issue, by IBM i release level, …
Read more -
IBM i PTF Guide, Volume 26, Number 26
July 10, 2024 Doug Bidwell
After a pretty busy few weeks, you are getting a bit of a break, with only one security vulnerability this week. You can read about it in Security Bulletin: IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to unqualified library calls (CVE-2024-38330), with details at this link.
The IBM i PTF numbers for 5770-MG1 and 5770-SM1 contain the fixes for the vulnerability, as follows:
IBM i Release 5770-MG1 PTF Number 7.4 SJ01170 7.3 SJ01174 7.2 SJ01175 5770-SM1 PTF Number 7.4 SJ01325 7.3 SJ01324 7.2 SJ01323
… Read more -
IBM i PTF Guide, Volume 26, Numbers 24 And 25
July 8, 2024 Doug Bidwell
It is Ketchup Week here at the IBM i PTF Guide, and not just because of all of the hot dogs, hamburgers, and French American fries being consumed for the Independence Day holiday here in the United States of America.
The Four Hundred has been publishing on a lighter schedule than usual, as sometimes happens during the summer months as people get some downtime, and we are catching you up on the PTFs for the IBM i stack, converging two issues of The Guide into a single one so we can get back to lock stepping it in Monday’s …
Read more -
IBM i PTF Guide, Volume 26, Number 23
June 24, 2024 Doug Bidwell
This week, there is only one security vulnerability in the IBM i stack, but there are a slew of PTF updates for the currently supported releases of the IBM i operating system.
So to start with, there is Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849), which you can find out more about at this link. The issue affects IBM Rational Developer for i 9.8.0.0 through 9.8.0.1, and the issue can be fixed by installing fixpack 9.8.0.2.
Here is the rundown of PTF Groups by IBM i release …
Read more -
IBM i PTF Guide, Volume 26, Number 22
June 19, 2024 Doug Bidwell
Right off the bat we have recommended fixed for the IBM Cryptographic Services/DCM/Cryptographic Co-processor for both IBM i 7.4 and IBM i 7.5. You can check out this link for more information.
We also have two security vulnerabilities that you need to be aware of.
First, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to weak TLS security, cross-site scripting, denial of service, and a server-side request forgery due to multiple vulnerabilities. You can find out more about this at this particular link. The affected releases and their PTFs are as follows:
IBM
… Read more -
IBM i PTF Guide, Volume 26, Number 21
June 10, 2024 Doug Bidwell
Once again, here is a reminder that a big change has come to patching IBM i systems. IBM i APAR and PTF records have migrated to Known Issues records and Fix Information records to be consistent with other IBM patching systems for other platforms and software. So read up on it at this link.
We also have one new security vulnerability that you need to be aware of since we last published the IBM i PTF Guide. The vulnerability is outlined in Security Bulletin: Denial of service vulnerabilities in Node.js affects IBM Rational Developer for i RPG and …
Read more -
IBM i PTF Guide, Volume 26, Number 20
June 3, 2024 Doug Bidwell
Here is something you need to be aware of: IBM i APAR and PTF records have migrated to Known Issues records and Fix Information records to be consistent with other IBM patching systems for other platforms and software. So read up on it at this link here.
And, as often happens, we also have three new security vulnerabilities to cope with.
First, we have Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354), which you can find out more about here. Here are the …
Read more -
IBM i PTF Guide, Volume 26, Number 19
May 20, 2024 Doug Bidwell
You will need a little time to deal with some security vulnerabilities this week, so set aside some time. There is also a warning about infrastructure changes for electronic fixes from IBM and, for those of you who care, a new release of the IBM MQ message queuing middleware.
You can find out about the new MQ 9.4, which delivers improved cross-platform connectivity, observability, and modernization capabilities, at this link. And as for preparing customer firewalls and proxies for the upcoming infrastructure changes – Call Home, Electronic Fix Distribution – check out this link.
That leaves the three …
Read more -
IBM i PTF Guide, Volume 26, Number 18
May 13, 2024 Doug Bidwell
Well, this week is a little bit lighter when it comes to new security vulnerabilities in the IBM i stack, so that is a good way to start out the next five business days plus the extra that system admins often have to do because weekends are when it is safe to tweak systems.
On the vulnerability front, we have Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354), which you can find out more about at this link. Here is the list of affected …
Read more -
IBM i PTF Guide, Volume 26, Number 17
May 6, 2024 Doug Bidwell
Some of the links in the IBM i PTF Guide appear to be broken, but don’t worry about them. IBM is in the process of changing the format of the Cover page for IBM i patches and a few of the links are stuck in the middle. We will attempt to get them back in synch by the next issue. This is the effect of the latest in IBM’s efforts to make the web information for IBM less verbose and more accessible. Any comments on such, please share!
And now, some security vulnerabilities for IBM. Four, to be precise.
First, …
Read more