• IBM i PTF Guide, Volume 24, Number 5

  February 2, 2022 Doug Bidwell

  Another week, another security vulnerability. This time, there is one in the Db2 stack for IBM i. Specifically, we present to you Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225, which you can read in full at this link. As the Db2 Mirror database clustering technology is only available on IBM i 7.4, this is the only IBM i release that is affected.

  The IBM i Group PTF number containing the fix for this vulnerability follows: Release 7.4 – SF99668 level 17.

  Just a reminder that there is a new …

  Read more

• IBM i PTF Guide, Volume 24, Number 4

  January 26, 2022 Doug Bidwell

  A new Oracle JCE Code Signing CA was recently implemented in the IBM JDK to resolve APAR IJ26310. Specifically, this is related to IBM JDK 8.0 SR6 FP25, JDK 7.1 SR4 FP75, and JDK 7.0 SR10 FP75, whereby Java applications running on the IBM i operating system might encounter the error messages “JCE is not installed properly” or “JCE cannot authenticate the provider XX” or “xyz.jar is not signed by a trusted signer” after upgrading to the following IBM i Java Group PTF level or newer.

  The following IBM i Java Group PTF levels install 8.0 SR6 FP25.

  • Release 7.1:

  …

  Read more

• Some Good Advice About Log4j Mitigation Gotchas

  January 24, 2022 Timothy Prickett Morgan

  The Apache Log4j logging utility written in Java and available since the end of the Dot Com Boom in early 2001, has been installed far and wide into many systems and systems software packages in the more than two decades it has been available. And that is why the zero-day security vulnerability discovered by Chinese computing giant Alibaba on November 24 last year and revealed on December 9 has caused so much concern.

  Log4j is everywhere and that means the Log4Shell vulnerability that Alibaba described makes it particularly scary. But before we get into some of the mitigation advice that …

  Read more

• IBM i PTF Guide, Volume 24, Number 3

  January 19, 2022 Doug Bidwell

  Another new security bulletin in this week’s edition of the IBM i PTF Guide. The IBM i Extended Dynamic Remote SQL server (EDRSQL) is affected by CVE-2021-39056, which could allow a remote authenticated user to send a specially crafted request and cause a denial of service. Learn more details and find out how to resolve at this link.

  The IBM i PTF numbers containing the fix for the CVE are:

  • Release 7.4 – SI77996
  • Release 7.3 – SI77995
  • Release 7.2 – SI78002
  • Release 7.1 – SI78040

  Here is the rundown of PTF Groups by IBM i release level:

  PTF …

  Read more

• IBM i PTF Guide, Volume 24, Number 2

  January 12, 2022 Doug Bidwell

  The Log4j and Log4Shell saga continues here in the second edition of the IBM i PTF Guide in 2022, which is a fast follower to the one we published just two days ago. IBM has issued a new Security Bulletin, explaining that IBM i components are affected by CVE-2021-4104 (Log4j version 1.X), and the full details about the security exposure and mitigation techniques can be found at this link.

  Here are the affected products and their versions:

  • IBM Navigator for i (heritage version only): IBM i 7.4, 7.3, and 7.2 – the heritage version
  • Integrated Web Services Server (IWS):

  …

  Read more

• IBM i PTF Guide, Volume 24, Number 1

  January 10, 2022 Doug Bidwell

  While we were away on holiday, the Log4J and Log4Shell vulnerabilities hit the enterprise systems of the world, including the IBM i platform. So right off the bat here with the first edition of The IBM i PTF Guide in 2022, we want to point you to Big Blue’s Log4j/Log4Shell on IBM i update, which will help you figure out if you are vulnerable. See more at this link.

  Here are the Security Bulletins for this:

  Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V9

  Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V8

  Security …

  Read more

• Thoroughly Modern: Time To Develop Your IBM i HA/DR Plan For 2022

  December 6, 2021 Josh Osborne

  Disasters and unplanned downtime can hit any company at any time – regardless of where its applications or data sits. Establishing a high availability and disaster recovery (HA/DR) plan is paramount to getting your mission critical IBM i applications and your business back up and running – fast!

  2021 saw its fair share of challenges. Everything from bush fires to earthquakes to flash floods, and the continuation of the pandemic. And, those are just the ones mother nature sent our way. The manmade risks in the form of cyberattacks and ransomware also grew exponentially in 2021. With over 30,000 security …

  Read more

• IBM i PTF Guide, Volume 23, Number 48

  December 6, 2021 Doug Bidwell

  It is a fairly light week for PTF patches for the IBM i platform, so we are going to go off the board a little bit here in the IBM i PTF Guide this week. Winter is coming and while plenty of us love this season, or all four of them, some of us are not happy when the snow flies.

  Well, after watching this video here, which you should do when you actually have 18 minutes and 49 seconds to really pay attention, you will never look at snowflakes quite the same way again. An amazing hobby from …

  Read more

• IBM i PTF Guide, Volume 23, Number 47

  December 1, 2021 Doug Bidwell

  We hope you enjoyed a few days off over the Thanksgiving holiday if you’re here in the U.S., but we never sleep here in IBM i PTF Land and it’s time to get back to business. If you haven’t been keeping up on your PTFs, now is a good time to get caught up. Don’t let it lapse into the New Year, we promise you’ll feel better when it is done. This week, there is not too much to worry about, just a few HIPERs you should review. Read on to get the latest, and be sure to utilize the …

  Read more

• IBM i PTF Guide, Volume 23, Number 46

  November 17, 2021 Doug Bidwell

  If you are on older releases of IBM i 7, you are getting a breather this week when it comes to PTF patches for your systems. There just ain’t a lot going on, and in the operating system and security world, you take that as a win. Those of you on the IBM i 7.4 release, you have a few things to think about but it is fairly straightforward and related to the Db2 for i database and for those of you who have it, the Db2 Mirror for i database clustering software.

  Here is the rundown of PTF Groups …

  Read more

Previous Articles Next Articles