IBM i PTF Guide, Volume 20, Number 8
February 28, 2018 Doug Bidwell
Breaking News! (This is beginning to feel a little bit like the CNN news scroll.) There are more PTFs for the Spectre and Meltdown (SM) speculative execution security vulnerabilities. As you well know by now, the Spectre and Meltdown vulnerabilities have been classified by IBM’s Product Security Incident Response Team (PSIRT) as having a “High Severity” level.
The news this week is that there is a new security bulletin for all to read. Here is the link, and we have tried to convey the details in the worksheet in the IBM i PTF Guide.
The gist of it is that the latest PTFs (meaning those released on February 22) have the as-yet-unavailable Tech Refresh PTFs as prerequisites for applying. The TRs in the case of V7R2 and V7R3 are not due to be released until mid-March (see the TR tab in the IBM i PTF Guide). Additionally, they have included most of the PTFs except those dependent on the TR updates in the latest HIPER group for each release. So the question is: How do we protect our systems today?
We recommend reading the security bulletin and ordering the HIPER for your release, the appropriate firmware for your systems, and the additional PTFs that IBM has announced in the security bulletin. Or, wait. Eventually, they will all be included in the latest HIPER, and then you can apply them all in one fell swoop! We hope, anyway.
Now, a side note: This is the last planned release of ACS to support Java 6 and Java 7 as a minimal level. Future releases of Access Client Solutions will require a minimal level of Java 8. The stuff announced with the TRs due out in mid-March will be the last release that works with Java 6 or 7.
I would also like to take a moment to say “Thank You” to those people out there who have contributed news, editing assistance, links, tips, and techniques to the IBM i PTF Guide. Thanks for giving back!
Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order: