Doug Bidwell

• IBM i PTF Guide, Volume 25, Number 38

  September 20, 2023 Doug Bidwell

  This episode of the IBM i PTF Guide is being put together in honor of that venerable rodeo clown and comedic actor, Louis Burton Lindley, Jr., better known to all of us as Slim Pickens. Because after a bunch of security vulnerabilities were covered in the prior issue that came out on Monday, we are now all caught up after the holiday and there is not a huge amount going on.

  But there is always something you need to watch out for. So read on.

  Here is the rundown of PTF Groups by IBM i release level since we last …

  Read more

• IBM i PTF Guide, Volume 25, Number 37

  September 18, 2023 Doug Bidwell

  There are a few things you can count on in life. Death. Taxes. Coffee. Beer. The love of a good woman. And a seemingly endless barrage of security vulnerabilities for every computing platform on Earth. There are a bunch of the latter that are new to the IBM i platform this week.

  First, we have Security Bulletin: OpenSSL and OpenSSH for IBM i are vulnerable to arbitrary code execution, denial of service, and security restrictions bypass due to multiple vulnerabilities, which you can find out more about at this link. The IBM i PTF number for 5733-SC1 contains the …

  Read more

• IBM i PTF Guide, Volume 25, Number 36

  September 13, 2023 Doug Bidwell

  This issue of the IBM i PTF Guide was put together the Sunday before the Labor Day holiday in America, and as you might imagine, there is not a lot going on. But there are a few things.

  First, the DIG or NSLOOKUP tool, which is used to validate DNS entries and which has been around for a while, doesn’t work anymore without PTFs. You can find out more at this link, and the PTFs you need to apply to make it work are as follows:

  • V7R5M0: SI84411
  • V7R4M0: SI84419
  • V7R3M0: SI84438
  

  And of course, there …

  Read more

• IBM i PTF Guide, Volume 25, Number 35

  September 11, 2023 Doug Bidwell

  We have been on hiatus for a few weeks, and there is a lot of stuff to catch up on. There are a slew of security vulnerabilities and a whole bunch of PTFs for the current releases of IBM i that you need to deal with. Let’s start with the security issues.

  First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts due to multiple vulnerabilities, which you can find out more about at this link. Here are the PTFs for this vulnerability: …

  Read more

• IBM i PTF Guide, Volume 25, Number 34

  August 21, 2023 Doug Bidwell

  It is still summer, and the big news again this week in PTF Land is a security vulnerability. This time the hole is in the WebSphere Liberty middleware from Big Blue. See Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-38737), which you can find out more about at this link. IBM WebSphere Application Server Liberty versions 22.0.0.13 through 23.0.0.7 are affected.

  Here is the rundown of PTF Groups by IBM i release level since we last published:

  PTF Groups 7.5:

  • HIPERs (High Impact/Pervasive)
  • Security
  • Java
  • IBM HTTP Server for i
  • SAP support

  …

  Read more

• IBM i PTF Guide, Volume 25, Number 33

  August 14, 2023 Doug Bidwell

  You can tell that it is still summer, and one of the last weeks before the holiday season is over, by the dearth of patches to the IBM i platforms. That said, we do have two new security vulnerabilities this week as well as some patches for the High Availability group within IBM i 7.5.

  First, we have Security Bulletin: Vulnerability in IBM Java SDK affects IBM WebSphere Application Server due to CVE-2022-40609, which you can find out more about here. The affected releases are WebSphere Application Server 8.5 and 9.0.

  Second, we have Security Bulletin: IBM Facsimile Support …

  Read more

• IBM i PTF Guide, Volume 25, Number 32

  August 7, 2023 Doug Bidwell

  Here is what is new: A new “version” of Access Client Solutions (ACS) is available for download, catch the link in the Guide. (Your “Check for Update” won’t catch it, and you won’t see the version until you get all the way into the ACS Main window, and do the Help/About.) This is an updated version, no change to the ODBC driver. This version of ACS uses the IBM GSKit version 8.0.55.31 with the latest security updates.

  This is important: Prior versions of ACS have security defects. Specifically, Security Bulletin: IBM i Access Client Solutions – Windows Application Package is …

  Read more

• IBM i PTF Guide, Volume 25, Number 31

  July 31, 2023 Doug Bidwell

  Here’s something to look out for: D-mode IPL from tape fails with system reference code B6005121 on IBM i, which you can read more about at this link. Here’s the deal. When the PTF for MA50161 is PERM applied and the PTF for MA50018 is not PERM applied, and a SAVSYS is taken, a D-mode IPL from that tape will fail with the B6005121, which is an operating system task during the IBM i boot process.

  Also, this week we wanted to remind you that software-related issues cannot be automatically uploaded to IBM technical support using the WRKPRB feature …

  Read more

• IBM i PTF Guide, Volume 25, Number 30

  July 24, 2023 Doug Bidwell

  The security vulnerabilities in the IBM i software stack are coming in waves. This week, there are three more to report, two of which we detail separately in this issue.

  First, we have Security Bulletin: IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988), which you can find out more about here. The issue can be fixed by applying a PTF to IBM i.  IBM i releases 7.5, 7.4, 7.3, and 7.2 installed with 5798-FAX version V5R8M0 will be fixed. IBM i Release, 5798-FAX,V5R8M0 PTF Number SI83583 for 7.5, 7.4, 7.3, 7.2 – read the cover …

  Read more

• IBM i PTF Guide, Volume 25, Number 29

  July 17, 2023 Doug Bidwell

  This is important, so we are going to remind you about a security vulnerability for the IBM i platform. Check out Security Bulletin: IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture (CVE-2023-30990), which you can find out more about at this link and which we reported on in detail in last week’s issue of The Four Hundred.

  The issue can be fixed by applying a PTF to IBM i.  IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed. The IBM i PTF numbers for IBM i 5770-SS1 Base …

  Read more

Previous Articles Next Articles