IBM i PTF Guide, Volume 24, Number 14

April 6, 2022 Doug Bidwell

Get your PTF patching fingers ready to roll across the keyboard because there are some new security vulnerabilities in the IBM i platform. First up, Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493), which you can learn about here.

Release 2.2.0 can be fixed by upgrading to release 2.2.1 or 2.3.0, depending on your IBM i release level:

• IBM i 7.4: Upgrade to Db2 Web Query for i 2.3.0
• IBM i 7.3: Upgrade to Db2 Web Query for i 2.3.0
• IBM i 7.2: Upgrade to Db2 Web Query for i 2.2.1
• IBM i 7.1: Upgrade to Db2 Web Query for i 2.2.1

And then there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is affected by arbitrary code execution and other attacks due to multiple vulnerabilities. Read all about it at this link.

• CVEID: CVE-2022-22310
• CVEID: CVE-2021-23450
• CVEID: CVE-2021-39038
• CVEID: CVE-2021-39031

The IBM i PTF numbers containing the fix for the CVEs:

Release                  5770-SS1 PTF      PTF Download Link

7.4                          SI78971                https://www.ibm.com/support/pages/ptf/SI78971

7.3                          SI78972                https://www.ibm.com/support/pages/ptf/SI78972

7.2                          SI78973                https://www.ibm.com/support/pages/ptf/SI78973

Important: Heritage Navigator Enable and Disable Instructions, found here. The heritage Navigator is no longer started by default. The heritage Navigator is stabilized and will be removed from support completely by the end of 2022. If you have a requirement to access the heritage Navigator, follow the instructions on this page. Note: Heritage Navigator is used at your own risk.  Only start for a limited time.

IBM Navigator for i, see this link. Note important updates and changes to IBM Navigator: Function Usage ID QIBM_NAV_ALL_FUNCTION changed to default of *DENIED. With today’s increased focus on security, user profiles that previously were allowed to access IBM Navigator for i function may now be restricted. To allow users access,  Refer to the Function Usage ID table at IBM Navigator for i – Function Usage IDs

The Heritage Navigator running in ADMIN2 is no longer started by default. If you have a requirement to access the heritage Navigator, follow the instructions found at https://www.ibm.com/support/pages/node/6556828.

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.4:

• IBM MQ for IBM i – V7.1.0/V8.0.0/V9.0.0/V9.1.0
• Java
• QMGTools
• Db2 Web Query for i V2.3.0
• DB2 Web Query for i V2.2.1

PTF Groups 7.3:

• IBM MQ for IBM i – V7.1.0/V8.0.0/V9.0.0/V9.1.0
• Java
• QMGTools
• IBM i Support_Recommended Fixes – SMTP
• Db2 Web Query for i V2.3.0
• DB2 Web Query for i V2.2.1

PTF Groups 7.2:

• Java
• QMGTools
• DB2 Web Query for i V2.2.1

PTF Groups 7.1:

• DB2 Web Query for i V2.2.1

To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the IBM i PTF Guide that has the latest information on what you need to worry about and do about it when it comes to this vulnerability. You can download the Log4j spreadsheet at this link. And by the way, it is the same sheet as last week because there were no changes this week, at least of publication date.

New (or Updated) links added to the ‘Links’ tab in the guide this week:

• RTVSYSVAL: Retrieve System Value (RTVSYSVAL) N/A
• WAS: How to download WebSphere Application Server – Express V8.5.5 from Passport Advantage Online 603469

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

Tips/Definitions: A reminder that there are no-cost versions of Java, and here are a few examples:

• https://adoptopenjdk.net/
• https://aws.amazon.com/corretto/
• https://developer.ibm.com/languages/java/semeru-runtimes/downloads
• https://adoptium.net/

The Guide at a glance: There are no new defectives this week (04/02/22). Here is the defective PTF rundown, which is the last defective for each release:

	Defect		Defective	APAR	Fixing
	Date		PTF			PTF
	--------	--------	-------	-------
7.4	2/16/22		MF69373		MA49558	MF69650	(Read the link in the guide!)
			MF69241
7.3	2/16/22		SI78508		SE77164	SI78674	(Read the link in the guide!)
7.2	12/08/21	SI77634		SE73420	SI78039	(Read the link in the guide!)
7.1	07/29/19	SI69653		SE71807	SI70603 (5733SC1, OpenSSH, available!) 

Be sure to access the link in the Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

April 2, 2022: Volume 24, Number 14

March 26, 2022: Volume 24, Number 13

March 19, 2022: Volume 24, Number 12

March 12, 2022: Volume 24, Number 11

March 5, 2022: Volume 24, Number 10

February 26, 2022: Volume 24, Number 9

February 19, 2022: Volume 24, Number 8

February 12, 2022: Volume 24, Number 7

February 5, 2022: Volume 24, Number 6

January 29, 2022: Volume 24, Number 5

January 22, 2022: Volume 24, Number 4

January 15, 2022: Volume 24, Number 3

January 8, 2022: Volume 24, Number 2

January 1, 2022: Volume 24, Number 1

December 6, 2021: Volume 23, Number 48

November 20, 2021: Volume 23, Number 47

November 13, 2021: Volume 23, Number 46

November 6, 2021: Volume 23, Number 45

October 30, 2021: Volume 23, Number 44

October 23, 2021: Volume 23, Number 43

October 16, 2021: Volume 23, Number 42

October 9, 2021: Volume 23, Number 41

October 2, 2021: Volume 23, Number 40

September 25, 2021: Volume 23, Number 39

September 18, 2021: Volume 23, Number 38

September 11, 2021: Volume 23, Number 37

September 4, 2021: Volume 23, Number 36

August 28, 2021: Volume 23, Number 35

August 21, 2021: Volume 23, Number 34

August 14, 2021: Volume 23, Number 33

August 7, 2021: Volume 23, Number 32

July 31, 2021: Volume 23, Number 31

July 24, 2021: Volume 23, Number 30

July 17, 2021: Volume 23, Number 29

July 10, 2021: Volume 23, Number 28

July 3, 2021: Volume 23, Number 27

June 26, 2021: Volume 23, Number 26

June 19, 2021: Volume 23, Number 25

June 12, 2021: Volume 23, Number 24

June 5, 2021: Volume 23, Number 23

June 5, 2021: Volume 23, Number 22

May 22, 2021: Volume 23, Number 21

May 15, 2021: Volume 23, Number 20

May 8, 2021: Volume 23, Number 19

May 1, 2021: Volume 23, Number 18

April 24, 2021: Volume 23, Number 17

April 17, 2021: Volume 23, Number 16

April 10, 2021: Volume 23, Number 15

April 3, 2021: Volume 23, Number 14

March 27, 2021: Volume 23, Number 13

March 20, 2021: Volume 23, Number 12

March 13, 2021: Volume 23, Number 11

March 6, 2021: Volume 23, Number 10

February 27, 2021: Volume 23, Number 9

February 20, 2021: Volume 23, Number 8

February 13, 2021: Volume 23, Number 7

February 6, 2021: Volume 23, Number 6

January 31, 2021: Volume 23, Number 5

January 23, 2021: Volume 23, Number 4

January 16, 2021: Volume 23, Number 3

January 9, 2021: Volume 23, Number 2

January 2, 2021: Volume 23, Number 1

December 26, 2020: Volume 22, Number 52

December 19, 2020: Volume 22, Number 51

December 12, 2020: Volume 22, Number 50

December 5, 2020: Volume 22, Number 49

November 28, 2020: Volume 22, Number 48

November 20, 2020: Volume 22, Number 47

November 14, 2020: Volume 22, Number 46

November 7, 2020: Volume 22, Number 45

October 31, 2020: Volume 22, Number 44

October 24, 2020: Volume 22, Number 43

October 17, 2020: Volume 22, Number 42

October 10, 2020: Volume 22, Number 41

October 3, 2020: Volume 22, Number 40

September 26, 2020: Volume 22, Number 39

September 19, 2020: Volume 22, Number 38

September 12, 2020: Volume 22, Number 37

September 5, 2020: Volume 22, Number 36

August 29, 2020: Volume 22, Number 35

August 22, 2020: Volume 22, Number 34

August 15, 2020: Volume 22, Number 33

August 9, 2020: Volume 22, Number 32

August 1, 2020: Volume 22, Number 31

July 25, 2020: Volume 22, Number 30

July 18, 2020: Volume 22, Number 29

July 11, 2020: Volume 22, Number 28

July 4, 2020: Volume 22, Number 27

June 27, 2020: Volume 22, Number 26

June 20, 2020: Volume 22, Number 25

June 13, 2020: Volume 22, Number 24

June 6, 2020: Volume 22, Number 23

May 30, 2020: Volume 22, Number 22

May 23, 2020: Volume 22, Number 21

May 16, 2020: Volume 22, Number 20

May 9, 2020: Volume 22, Number 19

May 2, 2020: Volume 22, Number 18

April 25, 2020: Volume 22, Number 17

April 18, 2020: Volume 22, Number 16

April 11, 2020: Volume 22, Number 15

April 4, 2020: Volume 22, Number 14

March 30, 2020: Volume 22, Number 13

March 23, 2020: Volume 22, Number 12

March 14, 2020: Volume 22, Number 11

March 7, 2020: Volume 22, Number 10