• OpenSSL Flaw No ‘Heartbleed,’ But Other New Vulns Detected

  November 2, 2022 Alex Woodie

  The cybersecurity world has been sitting on pins and needles for the past 48 hours, ever since news of a potentially devastating new flaw in OpenSSL started to leak out early Monday morning. That flaw turned out to be not as bad as initially feared, but that shouldn’t stop IBM i shops from patching other recent flaws, including some pretty serious ones in WebSphere Liberty, Java, the CCA, and Zlib.

  News started to emerge earlier this week of a critical OpenSSL flaw that required the utmost attention. The flaw could be a concern for just about everybody, including IBM, …

  Read more

• IBM i PTF Guide, Volume 24, Number 33

  August 15, 2022 Doug Bidwell

  First up, IBM has tweaked its temporary additional use policy for Power Systems software for migrations to Power E1080, Power E1050, and Power S1024 servers. You can read about it here.

  Here is the significance of this. When you do an upgrade, you get 70 days from install to use the systems software for free. That can be extended once for 40 days, and then that can be extended again, once, for 3 days. After that, you have to beg for more if you need more time to do the upgrade. IBM doesn’t care about partitions, it’s the host …

  Read more

• Multiple Security Vulnerabilities Patched on IBM i

  June 22, 2022 Alex Woodie

  In recent weeks, IBM has disclosed a handful of vulnerabilities in its IBM i operating system and related IBM i products, including Db2 Mirror, WebSphere, Navigator for i, the Java development and runtime tools, and OmniFind Text Search Server. IBM has shipped PTFs for the security problems, which range in severity from medium to high.

  IBM warned of security holes in the HTTP Server (the one powered by Apache) in a June 13 security bulletin. The flaws, identified as CVE-2022-22720 and CVE-2022-22721, carry the risk of a HTTP request smuggling that could poison the Web cache, bypass firewalls, and …

  Read more

• IBM i PTF Guide, Volume 24, Number 8

  February 23, 2022 Doug Bidwell

  Wake up! There is a new security vulnerability in the Java stack within IBM i. See Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-234, which you can read at this link. The IBM i Group PTF numbers containing the fix for the CVE follows. Future Group PTFs for Java will also contain the fix for this CVE:

  • Release 7.4: SF99665 level 13
  • Release 7.3: SF99725 level 24
  • Release 7.2: SF99716 level 34

  To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the …

  Read more

• IBM i PTF Guide, Volume 23, Number 43

  October 27, 2021 Doug Bidwell

  It’s time for another security alert. Check out Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2369 and CVE-2021-2432, which you can see at this link. Here are the patches by release:

  • Release 7.4 – SF99665 level 12
  • Release 7.3 – SF99725 level 23
  • Release 7.2 – SF99716 level 33
  • Release 7.1 – SF99572 level 47

  Here is the rundown of PTF Groups by IBM i release level:

  PTF Groups 7.4:

  • HIPERs (High Impact/Pervasive)
  • Backup Recovery Solutions

  PTF Groups 7.3:

  • Backup Recovery Solutions

  PTF Groups 7.2:

  • Backup Recovery Solutions

  PTF Groups 7.1: …

  Read more

Next Articles