• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM Issues HiPER And Security Patches For V5R4

    September 21, 2015 Timothy Prickett Morgan

    Here is a weird one. Last week, IBM released PTF patches for OS/400 V5R4, also known as i5/OS 5.4, the venerable release of OS/400 that came out in February 2006 and that was withdrawn from marketing in May 2011 and had its standard Software Maintenance ended in September 2013. Extended maintenance is still running for those customers who pay for it, and will continue to do so until September 30, 2016.

    While this Program Support Extension (PSE) support does offer tech support for the V5R4 stack on Power Systems and earlier machines, it has always been my understanding that Big Blue does not generate new bug fixes outside of the normal Software Maintenance (SWMA) window. IBM does not do new feature development under extended support, but it does provide usage support, meaning helping you out when something goes wrong as you try to do stuff.

    Doug Bidwell, our intrepid PTF hunter, spotted the updates for V5R4 and has downloaded then and applied them to some customer machines that are still running V5R4 and they appear to work. The PTFs were put into the HIPER and Security PTF groups, HIPER being short for “High Impact” and “Pervasive” patches to the OS/400 and IBM i platform, and security being what you expect. As far as Bidwell can tell, the patches are exactly the same in both groups, and IBM has not issued a new cumulative release (CUME, in IBMspeak) of V5R4.

    Here are the PTF numbers so you can go hunting for them if you are still on V5R4:

    Here are the links to the two PTF groups:

    • IBM i Support: PSP: 540 Group HIPER
    • IBM i Support: PSP: 540 Group Security

    When you click through to those links, you will see that IBM actually did the updates on September 11 this year, and it updated the HIPER PTF group last on December 17, 2013 and the Security PTF group on January 29, 2013. The description of the issue is as follows from these documents: “ISC released an CVE-2015-5477, BIND did not handle TKEY queries correctly, and may cause BIND to exit. ISC released an CVE-2015-4620, over DNSSEC validation, which will affect V7R1~V7R2 release and can cause a security problem.”

    If you understand that, you need to spend more time outside. But seriously, ISC is short for the Internet Systems Consortium, and BIND is a popular open source implementation of the Domain Name Server (DNS) and is short for the Berkeley Internet Name Domain. The DNS is was converts the text names of a web address to an IP address with its four sets of three digit numbers. (We all thought it might have something to do with the binding of program elements during program compilations, but nothing that exciting.) Anyway, the bug fix for BIND, which is in the OS/400 V5R4 stack, relates to this security issue identified by CVE, allowing for denial of service attacks to be launched by remote hackers. This vulnerability was identified on July 10 of this year, and has been fixed in the Canonical Ubuntu Server, SUSE Linux Enterprise Server, Red Hat Enterprise Linux, and Debian variants of Linux.

    One warning from the patch: “After update to BIND 9, the V5R4 IBM i Navigator will not be compatible with the new version BIND server. The high version i Navigator (V6R1 or above) can be partially compatible with the BIND 9 on V5R4, it can be used to configure the existing instances, but when creating new instances, the generated configuration files will be still in BIND 8 format, and cannot work correctly with BIND 9.”

    The same fixes are in their equivalent groups for IBM i 6.1, 7.1, and 7.2.

    That sounds like a pain in the neck, but maybe not enough to just upgrade to IBM i 7.2. Which is probably a good idea, people.

    RELATED STORIES

    Big Blue Provides Extended Support For IBM i 6.1

    IBM Clarifies IBM i 6.1.1 And Support Withdrawal

    IBM i Marketplace Survey Fills In The Blanks

    Big Blue To Sunset IBM i 6.1 A Year From Now

    IBM i Upgrades Not All On The Same Path

    All Your IBM i Base Are Belong To Us

    IBM i Installed Base Dominated By Vintage Iron

    Big Blue Backs Off On IBM i Maintenance Price Hike

    Big Blue Jacks Software Maintenance Prices For IBM i

    IBM Sunsets i5/OS V5R4 Again–For Real This Time

    IBM i Technology Refreshes and PTFs: Be Careful

    The Carrot: i5/OS V5R4 Gets Execution Stay Until May

    The Stick: IBM Jacks Up i5/OS V5R4 Prices

    Reader Feedback on The Carrot: i5/OS V5R4 Gets Execution Stay Until May

    The i 7.1s Have It; i5/OS V5R4 Extended

    IBM Sunsets i5/OS V5R4, Kills Older 595 Iron

    Features Galore Inside i5/OS V5R4

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    UCG Technologies

    CYBER-ATTACKS ON THE RISE. PROTECT WITH THE TRIPLE PLAY.

    COVID-19 has not only caused a global pandemic, but has sparked a “cyber pandemic” as well.

    “Cybersecurity experts predict that in 2021, there will be a cyber-attack incident every 11 seconds. This is nearly twice what it was in 2019 (every 19 seconds), and four times the rate five years ago (every 40 seconds in 2016). It is expected that cybercrime will cost the global economy $6.1 trillion annually, making it the third-largest economy in the world, right behind those of the United States and China.”1

    Protecting an organization’s data is not a single-faceted approach, and companies need to do everything they can to both proactively prevent an attempted attack and reactively respond to a successful attack.

    UCG Technologies’ VAULT400 subscription defends IBM i and Intel systems against cyber-attacks through comprehensive protection with the Triple Play Protection – Cloud Backup, DRaaS, & Enterprise Cybersecurity Training.

    Cyber-attacks become more sophisticated every day. The dramatic rise of the remote workforce has accelerated this trend as cyber criminals aggressively target company employees with online social engineering attacks. It is crucial that employees have proper training on what NOT to click on. Cyber threats and social engineering are constantly evolving and UCG’s Enterprise Cybersecurity Training (powered by KnowBe4) is designed to educate employees on the current cutting-edge cyber-attacks and how to reduce and eliminate them.

    A company is only as strong as its weakest link and prevention is just part of the story. Organizations need to have a quick response and actionable plan to implement should their data become compromised. This is the role of cloud backup and disaster-recovery-as-a-service (DRaaS).

    Data is a company’s most valuable asset. UCG’s VAULT400 Cloud Backup provides 256-bit encrypted backups to two (2) remote locations for safe retrieval should a cyber-attack occur. This is a necessary component of any protection strategy. Whether a single click on a malicious link brings down the Windows environment or an infected SQL server feeds the IBM i, once the data is compromised, there is no going back unless you have your data readily available.

    Recovery is not a trivial task, especially when you factor in the time sensitive nature of restoring from an active attack. This leads to the third play of the Triple Play Protection – DRaaS.  Companies have myriad concerns once an attack is realized and a managed service disaster recovery allows employees to keep focus on running the business in a crisis state.

    The combination of training employees with secure backup and disaster recovery offers companies the best chance at avoiding financial disruption in an age of stronger, more frequent cyber-attacks.

    Reach out to UCG Technologies to discuss your company’s security needs and develop a data protection plan that fits you best.

    ucgtechnologies.com/triple-play

     800.211.8798 | info@ucgtechnologies.com

     

    1. https://theconversation.com/cyberattacks-are-on-the-rise-amid-work-from-home-how-to-protect-your-business-151268

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    BCD:  Modernizing IBM i Spool File Design and Distribution with New Formtastic 10. Webinar - Sept 24
    Four Hundred Monitor Calendar:  Latest info on national conferences, local events, & Webinars.
    System i Developer:  Session Grid Posted: RPG & DB2 Summit - Chicago, October 20-22

    EXTOL Helps IBM i Shop with Web Services . . . m-Power Delivers In-Memory Analytics . . . VAULT400 Racks Up Another Win Unifying Mobile and Web Development on IBM i

    Leave a Reply Cancel reply

Volume 25, Number 46 -- September 21, 2015
THIS ISSUE SPONSORED BY:

Profound Logic Software
Quadrant Software
HiT Software
Computer Keyes
LaserVault

Table of Contents

  • What Does IBM’s Embrace Of Apache Spark Mean To IBM i?
  • IBM Gearing Up For October Power Announcements
  • New RDi Ready For IBM i Developers
  • Mad Dog 21/21: Land, Hope, And Glory
  • IBM Issues HiPER And Security Patches For V5R4

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Why Open Source Is Critical for Digital Transformation
  • mrc Refreshes IBM i Low-Code Dev Tool
  • Unit Testing Automation Hits Shift Left Instead of Ctrl-Alt-Delete Cash
  • Four Hundred Monitor, March 3
  • IBM i PTF Guide, Volume 23, Number 9
  • Doing The Texas Two Step From Power9 To Power10
  • PHP’s Legacy Problem
  • Guru: For IBM i Newcomers, An Access Client Solutions Primer
  • IBM i 7.1 Extended Out To 2024 And Up To The IBM Cloud
  • Some Practical Advice On That HMC-Power9 Impedance Mismatch

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2021 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.