-
IBM i PTF Guide, Volume 26, Number 16
April 22, 2024 Doug Bidwell
It is an interesting time out there in PTF Land, so brace yourself. There are four security bulletins and two security warnings about potential denial of service vulnerabilities. Let’s do the security bulletins first and then the denial of service issues.
First, we have Security Bulletin: IBM i Access Client Solutions is vulnerable to an infinite loop or out of memory error due to vulnerabilities in Apache Commons Compress, which you can find out more about at this link. The affected product(s) include IBM i Access Family versions 1.1.2 – 1.1.4, and versions 1.1.4.3 – 1.1.9.4. The issue can …
Read more -
Four Hundred Monitor, March 27
March 27, 2024 Jenny Thomas
Every day has some sort of national designation. For instance, today, March 27 is National Scribble Day, National Little Red Wagon Day, National Spanish Paella Day, and National Joe Day (to celebrate people named “Joe”). One day you may not have heard of, however, is Q-Day, and maybe you don’t want to know. Q-Day is the time when quantum computers are powerful and stable enough to crack current encryption schemes, and depending on who you ask, it could be an immediate concern. Or not. The first article in our Top Stories looks at the team of IBM researchers who report …
Read more -
More Critical Security Vulns Reported In IBM i Components
March 4, 2024 Alex Woodie
The run of serious security vulnerabilities in IBM i components continues in early 2024, as IBM reported 10 new flaws exist across OpenSSH, the Apache Web Server, ISC, and Facsimile Support for IBM i in February and early March. All of the flaws impact IBM i 7.2 through 7.5 and all have been patched by IBM via PTFs.
The most critical of the recent batch of security flaws exists in OpenSSH, the open source security utility for establishing encrypted communications between hosts and clients. As described by IBM in this February 23 security bulletin, the vulnerability (CVE-2023-51385) is caused …
Read more -
Thoroughly Modern: From Tradition To Transformation For IBM i In The Era Of Cloud And AI
February 12, 2024 Monica Sanchez
The value of IBM i is undeniable, especially if you are running an IBM i shop. But that does not mean IT leaders can ignore pivotal market changes in cloud, cybersecurity, and AI. These disruptive forces all have something in common – they are driving change. They are shaping operations and future strategies, pushing IT leaders to innovate.
As we dig deeper into these transformative forces, it becomes clearer that the path forward for IBM i shops is all about continuous evolution and strategic foresight.
Cybersecurity: Trends and Tactics
Cybersecurity has been a major concern in the past few years. …
Read more -
IBM Patches New Security Vulns In IBM i Components, Power Firmware
February 12, 2024 Alex Woodie
IBM has patched a series of moderate security vulnerabilities in IBM i products and Power firmware over the past two weeks. The IBM i flaws span Rational Developer for i (RDi), Access Client Solutions (ACS), and the Java development kit and runtime, while the Power flaw involves PowerVM and its communications with the Hardware Management Console (HMC).
Concerns over security hit an all-time high in the IBM i community according to the IBM i Marketplace 2024 study conducted by Fortra. The survey found that 79 percent of IBM i professionals considered security a top concern, a 10 percent increase …
Read more -
2024 IBM i Predictions Part 3 – The Final Chapter
February 5, 2024 Alex Woodie
Punxsutawney Phil, the famous groundhog who forecast an early spring on Friday, is said to have a long-term success rate of about 31 percent with his forecasts. What’s the accuracy rate of the IBM i experts who contribute to these yearly predictions? To borrow a line from the Magic 8 Ball, the answer is hazy at the moment. But one thing is clear: The IBM i ecosystem as a whole maintains an unabashedly optimistic and sunny disposition.
One of the brighter stars in the IBM i galaxy, Connectria regional sales director Peg Tuttle sees several trends emerging in the …
Read more -
IBM Patches a Slew of Security Vulns in Db2 Web Query
January 10, 2024 Alex Woodie
If you haven’t started your migration off Db2 Web Query, you might want to accelerate your planning, as IBM last week disclosed a slew of security vulnerabilities in the soon-to-be-discontinued product, two of which are the critical variety and four of which have high severity ratings. IBM has issued patches for all of the flaws for the product running on IBM i 7.4 and 7.5.
On January 3, IBM disclosed a total of eight security vulnerabilities in Db2 Web Query, the IBM i-based data warehousing and business analytics tool that it OEM’ed from TIBCO’s Information Builders subsidiary, and which …
Read more -
2023: An IBM i Year in Review
December 13, 2023 Alex Woodie
With another year nearly in the books, it’s time to take a stroll through the IT Jungle archives and reconsider some of the 728 stories we published in 2023. Here’s a look back at the biggest IBM i news stories of 2023.
January
The top concern of IBM i professionals, according to Fortra’s annual IBM i Marketplace Study, was once again security, a position it has held for six straight years. The latest crop of IBM Champions unveiled in January featured about 90 members from the IBM i community, out of a total of 839 for the year. Is …
Read more -
ACS, Merlin Hit With Serious Security Vulnerabilities
December 11, 2023 Alex Woodie
Three serious security vulnerabilities in IBM i Access Client Solutions and six in Merlin were disclosed and patched by IBM last week. The flaws could allow attackers to commit a range of crimes, from executing arbitrary code and denial of service attacks, to obtaining sensitive data on IBM i conducting phishing attacks. All of the flaws – including another three reported by IBM in November – should be patched immediately.
IBM published a security bulletin December 8 covering all three of the ACS flaws, which impact ACS versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3. The fix is to download …
Read more -
AWS Inks Deal With Connectria To Have a Power Play
November 15, 2023 Timothy Prickett Morgan
The long road of history has not been made impassible by the charred marketing tanks and flaming sales assault vehicles of those who have tried to breach Fortress Rochester, but there are a whole lot of rusting machines off on the horizon cluttering the road and more than a few smoking machines nearby as well as some sizable holes in the ramparts out on that cornfield in Minnesota.
While the proprietary minicomputer businesses and the Unix server businesses of the competition of the AS/400 and IBM i platform have all been destroyed and that IBM is indeed the last bastion …
Read more