HIPER Archives - IT Jungle

IBM i PTF Guide, Volume 26, Number 29

August 5, 2024 Doug Bidwell

We know that you were just getting comfortable with a relatively easy summer, CrowdStrike crash excepted if you are one of its customers, and so we have a few security vulnerabilities and PTF patches you need to cope with this week.

First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks [CVE-2023-38709, CVE-2024-24795], which you can find out more about at this link. The fixes for this issue, by IBM i release, are as follows:
```
IBM i Release	5770-DG1	PTF Number
7.5			SJ01350
			SJ01401	
7.4			SJ01349
			SJ01400
7.3			
```
…
Read more
IBM i PTF Guide, Volume 26, Number 23

June 24, 2024 Doug Bidwell

This week, there is only one security vulnerability in the IBM i stack, but there are a slew of PTF updates for the currently supported releases of the IBM i operating system.

So to start with, there is Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849), which you can find out more about at this link. The issue affects IBM Rational Developer for i 9.8.0.0 through 9.8.0.1, and the issue can be fixed by installing fixpack 9.8.0.2.

Here is the rundown of PTF Groups by IBM i release …
Read more
IBM i PTF Guide, Volume 26, Number 13

April 8, 2024 Doug Bidwell

Three is the magic number, as we all know. This week, there is another trio of vulnerabilities in parts of the IBM i software stack. And all three currently supported IBM i releases all have a slew of group patches as well. Let’s start with the vulnerabilities because these are always important to know about and deal with.

First, we have Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270), which you can find out more about at this link. The affected products include IBM WebSphere Application Server Liberty, versions 23.0.0.3 through 24.0.0.3 – who …
Read more
IBM i PTF Guide, Volume 26, Number 5

February 5, 2024 Doug Bidwell

Here is the latest on the mystery of the disappearing QSYS library. If you use SF99740 and SF99741 downloaded from this week, then there shouldn’t be any issues with applying any of the groups. The fixing PTF SI85707 is included in the latest DB group, even though it does not have a new level and does not have a cover letter. If you are using either of those Group PTF orders from prior weeks, then the workaround we described last week is the best course of action.

Be careful here. When you order SF99740, you will receive several .bin files. …
Read more
IBM i PTF Guide, Volume 26, Number 3

January 22, 2024 Doug Bidwell

Earlier last week, we reported on HIPER and security patches for the relatively ancient IBM i 7.2, which has long since been off standard and now extended maintenance. Now there is another patch for IBM i 7.2, which we found out about this past weekend.

To review, in Number 2 of the IBM i PTF Guide for 2024, there was an IBM i 7.2 Group HIPER, level 240, which is SF99719 and which you can find out more about here, and an IBM i 7.2 Group Security, level 128, which is SF99718 and which you can find out more …
Read more
IBM i PTF Guide, Volume 26, Number 2

January 17, 2024 Doug Bidwell

As odd as it may seem, this week there are HIPER and security patches available for IBM i 7.2, which has long since been off standard and now extended maintenance.

First, there is a defective PTF for IBM i 7.2, which was noted on January 10.
- LICENSED PROGRAM = 5798FAX
- APAR NUMBER: SE81023
- RECOMMENDATION: Apply fixing PTF xxxxxxx when it becomes available, or remove PTF SI85576, or use the SNDFAX command instead of the SBMFAX command.
There is also an IBM i 7.2 Group HIPER, level 240, which is SF99719 and which you can find out more about here, …
Read more
IBM i PTF Guide, Volume 25, Number 47

November 27, 2023 Doug Bidwell

Happy Belated Thanksgiving, welcome back to work, and pass the turkey and cranberry sauce leftovers if you don’t mind.

Speaking of leftovers, there are some new patches for IBM i 7.2, which were updated on November 14. You can check out SF99719 720 Group HIPER – level 237 at this link and SF99718 720 Group Security – level 126 at that link.

There is also a security vulnerability you need to be aware of, specifically Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2023 …
Read more
IBM i PTF Guide, Volume 25, Number 35

September 11, 2023 Doug Bidwell

We have been on hiatus for a few weeks, and there is a lot of stuff to catch up on. There are a slew of security vulnerabilities and a whole bunch of PTFs for the current releases of IBM i that you need to deal with. Let’s start with the security issues.

First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts due to multiple vulnerabilities, which you can find out more about at this link. Here are the PTFs for this vulnerability: …
Read more
IBM i PTF Guide, Volume 25, Number 34

August 21, 2023 Doug Bidwell

It is still summer, and the big news again this week in PTF Land is a security vulnerability. This time the hole is in the WebSphere Liberty middleware from Big Blue. See Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-38737), which you can find out more about at this link. IBM WebSphere Application Server Liberty versions 22.0.0.13 through 23.0.0.7 are affected.

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Security
- Java
- IBM HTTP Server for i
- SAP support
…
Read more
IBM i PTF Guide, Volume 25, Number 30

July 24, 2023 Doug Bidwell

The security vulnerabilities in the IBM i software stack are coming in waves. This week, there are three more to report, two of which we detail separately in this issue.

First, we have Security Bulletin: IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988), which you can find out more about here. The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 installed with 5798-FAX version V5R8M0 will be fixed. IBM i Release, 5798-FAX,V5R8M0 PTF Number SI83583 for 7.5, 7.4, 7.3, 7.2 – read the cover …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search