• IBM i PTF Guide, Volume 25, Number 8

  February 27, 2023 Doug Bidwell

  We are playing catch up a bit here at the IBM i PTF Guide, and apologies for that but it goes that way sometime. There are a bunch of security vulnerabilities that you need to be aware of, including one that covers systems software not from IBM, as we usually track, but file transfer software from Forta (formerly known as HelpSystems). We are going to be keeping a closer eye on third party software security bulletins going forward.

  So first, we have CVE-2023-0669, which explains that GoAnywhere MFT from Fortra (formerly HelpSystems) suffers from a pre-authentication command injection …

  Read more

• IBM i PTF Guide, Volume 24, Number 34

  August 22, 2022 Doug Bidwell

  New defective PTFs – meaning PTFs to fix bugs in PTFs that should not be there to fix bugs in software that should not have been there in the first place – issued this week by IBM, and we are only now seeing that you could have been misinterpreting the meaning of “defective PTFs” all of these years. It is to fix defects in PTFs, as some of you might not be thinking. Language is not as good at communication as we sometimes give it credit for. There is always some ambiguity in the packets that are exchanged when two …

  Read more

• IBM i PTF Guide, Volume 24, Number 16

  April 20, 2022 Doug Bidwell

  It is a new week, and there are two new security vulnerabilities in the IBM i platform. First, there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708), which you can read more about here. The IBM i PTF numbers containing the fix for the CVEs:

  IBM i Release      5770-SS1 PTF Number      PTF Download Link

  7.4                          SI78971                                https://www.ibm.com/support/pages/ptf/SI78971

  7.3                          SI78972                                https://www.ibm.com/support/pages/ptf/SI78972

  7.2                          SI78973                                https://www.ibm.com/support/pages/ptf/SI78973

  Then there is Security Bulletin: OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in …

  Read more

• IBM i PTF Guide, Volume 24, Number 14

  April 6, 2022 Doug Bidwell

  Get your PTF patching fingers ready to roll across the keyboard because there are some new security vulnerabilities in the IBM i platform. First up, Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493), which you can learn about here.

  Release 2.2.0 can be fixed by upgrading to release 2.2.1 or 2.3.0, depending on your IBM i release level:

  • IBM i 7.4: Upgrade to Db2 Web Query for i 2.3.0
  • IBM i 7.3: Upgrade to

  …

  Read more

• Log4j Hits Heritage Version of Navigator for i – No Patch Coming

  January 12, 2022 Alex Woodie

  IBM i shops running the old version of the Navigator for i client should be aware that the software is vulnerable to the Log4j security vulnerability, and there will be no patch to fix it, IBM says in a new security bulletin. There will, however, be fixes coming to other vulnerable components, including IWS, IAS, and IBM i Access Client Solutions (ACS), IBM says.

  Just before we hit the holiday break, the extremely severe Apache Log4j security vulnerability was disclosed to the world, resulting in a frantic effort to patch servers, desktops, refrigerators – just about anything with a …

  Read more

• IBM i PTF Guide, Volume 24, Number 1

  January 10, 2022 Doug Bidwell

  While we were away on holiday, the Log4J and Log4Shell vulnerabilities hit the enterprise systems of the world, including the IBM i platform. So right off the bat here with the first edition of The IBM i PTF Guide in 2022, we want to point you to Big Blue’s Log4j/Log4Shell on IBM i update, which will help you figure out if you are vulnerable. See more at this link.

  Here are the Security Bulletins for this:

  Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V9

  Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V8

  Security …

  Read more

• IBM i PTF Guide, Volume 23, Number 13

  March 31, 2021 Doug Bidwell

  There is a lot of stuff going on this week. First, there are patches for Db2 Web Query, but only for IBM i 7.3 and IBM i 7.4, and we have to wonder if this will eventually be backported to IBM i 7.2 and maybe even IBM i 7.1 given that release has been given extended extended support and is not available on Power9 in limited form in logical partitions.

  There are also three security issues affecting the IBM i platform, as follows:

  • Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-14803 and

  …

  Read more

• IBM Adds Deals And Tools To Cloudy Power Service

  May 18, 2020 Timothy Prickett Morgan

  In February last year, Big Blue surprised many of us by announcing that it was putting Power8 and Power9 systems onto the IBM Cloud and offering up true cloud capacity, with utility pricing, for the capacity on Power S922 entry and Power E880 high-end servers. We did a detailed analysis of the Power Systems Virtual Server for IBM Cloud offering here, and talked about the pricing for compute, storage, and networking for the service there. The offering was first available in June of last year, and subsequently the Power E980 has been added to the mix.

  Now, we …

  Read more

• What’s New With Db2 Web Query?

  May 11, 2020 Alex Woodie

  Db2 Web Query, which is IBM’s strategic business intelligence tool for IBM i, doesn’t follow the same release cycle as the operating system itself. But as part of activity surrounding the latest round of Technology Refreshes (TR) for IBM i 7.3 and 7.4, IBM discussed the recent updates that it’s made to Db2 Web Query, along with new features that are due very soon.

  To get the lowdown on the new Db2 Web Query features, we tuned into a recent presentation made by Doug Mack, IBM’s Db2 Web Query product manager. Mack presented a session with Db2 for i …

  Read more

Next Articles